Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Nat

Hello,

We have a cisco 1721 having one "FastEthernet 0" and one "Eth 0" interfaces; connecting a DSL line to our internal LAN.

FastEthernet 0 interface is connected to the DSL line via ADSL modem (Zyxel) which is configured as bridge mode.

Eth 0 is connected to our LAN.

The router is configured primarily for IPSec and internet access.

We are able to access internet site from our internal network however the incoming traffic from the internet to our internal LAN (say for a web server hosted in our LAN) access fails.

Please find the configuration on our router as shown below.

I would appreciate if you could help us in configuring for incoming traffic.

Thank you

Ramie

My present router sh run details are as follows :--

sh run

Building configuration...

Current configuration : 1942 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

boot-start-marker

boot-end-marker

!

no aaa new-model

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

--More-- ip subnet-zero

!

!

no ip dhcp use vrf connected

!

!

ip cef

no ip ips deny-action ips-interface

!

no ftp-server write-enable

!

!

!

!

!

!

crypto isakmp policy 1

hash md5

authentication pre-share

lifetime 3600

crypto isakmp key b001 address 111.x.x.20

!

--More-- !

crypto ipsec transform-set VF_GPRS esp-des esp-md5-hmac

crypto ipsec df-bit clear

!

crypto map VF_B 10 ipsec-isakmp

set peer 111.x.x.20

set transform-set VF_GPRS

match address b_VF

!

!

!

interface Ethernet0

ip address 172.16.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

half-duplex

!

interface FastEthernet0

ip address 130.x.x..49 255.255.255.0 secondary

ip address 130.x.x..44 255.255.255.0

ip nat outside

ip virtual-reassembly

speed auto

--More-- no cdp enable

crypto map VF_B

!

ip default-gateway 130.x.x..1

ip classless

ip route 0.0.0.0 0.0.0.0 130.x.x..1

no ip http server

no ip http secure-server

!

ip nat inside source list 101 interface FastEthernet0 overload

ip nat inside source static 172.16.0.6 130.x.x..49

!

!

!

ip access-list extended b_VF

permit ip 172.16.0.0 0.0.0.255 192.168.0.0 0.0.0.255

deny ip any any

ip access-list extended telnet

permit ip host 111.x.x.130 any

permit ip 172.16.0.0 0.0.0.255 any

deny ip any any

access-list 101 deny ip 172.16.0.0 0.0.0.255 192.168.0.0 0.0.0.255

--More-- access-list 101 permit ip 172.16.0.0 0.0.0.255 any

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

access-class telnet in

login local

!

end

1 REPLY
Hall of Fame Super Gold

Re: Nat

After posting the question here Ramie also posted it on the WAN Routing and Switching forum where it has received a couple of responses. I suggest that any further discussion be consolidated in the WAN forum.

HTH

Rick

112
Views
0
Helpful
1
Replies
CreatePlease to create content