Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Help me with ACL, PAT, DHCP on router

Hi. I'm configuring Access-lists, PAT, and DHCP to my router.

First please look at the attached image

(do not care about the VM.. they are bridged to individual nics and connected to SW1)

https://supportforums.cisco.com/servlet/JiveServlet/download/3579504-123917/topology.jpg

and the brief requirements for the topology:

1. hostsrv1 and hostsrv2 are seperated with vlan, done with dot1q trunking

2. use DHCP service on outside network. easy..

3. apply PAT on inside network

4. permit some ports on hostsrv1,2 and deny else.

trunking worked, DHCP worked, so I applied PAT, and something got wrong.

hostsrv can ping to GW(FE0/0), Client can ping to GW(FE0/0), but GW(FE0/0) cannot ping to Client eventhough client got ip from dhcp successfully.

access-list 101 was applied to FE0/0 but I disabled because of connection problem.

Is there anything that I have to do with FE0/1? I think all problems are based on dot1q trunking.....

my configuration is below :

__________

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname GW

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

!

!

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 143.25.1.1 143.25.1.99

!

ip dhcp pool 143.25.1.0

   network 143.25.1.0 255.255.255.0

   default-router 143.25.1.1

!

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

!

voice-card 0

no dspfarm

!

!

!

interface FastEthernet0/0

ip address 143.25.1.1 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1.10

encapsulation dot1Q 10

ip address 172.16.1.1 255.255.255.240

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/1.20

encapsulation dot1Q 20

ip address 172.16.1.33 255.255.255.240

!

interface FastEthernet0/1.30

encapsulation dot1Q 30

ip address 172.16.1.65 255.255.255.224

!

interface FastEthernet0/1.100

encapsulation dot1Q 100

ip address 172.16.1.129 255.255.255.128

!

ip forward-protocol nd

!

!

ip nat inside source list 1 interface FastEthernet0/0 overload

!

access-list 1 permit 172.16.1.0 0.0.0.255

access-list 101 permit tcp any host 172.16.1.2 eq 443

access-list 101 permit tcp any host 172.16.1.2 eq 3389

access-list 101 permit tcp any host 172.16.1.2 eq domain

access-list 101 permit tcp any host 172.16.1.34 eq www

access-list 101 permit tcp any host 172.16.1.34 eq 1723

!

!

!

control-plane

!

!

!

!

____________

I'll wait for any suggestions from you.

Thanks in advance!

Everyone's tags (3)
615
Views
0
Helpful
0
Replies
CreatePlease to create content