02-04-2003 02:15 AM - edited 03-02-2019 04:46 AM
Hi there i am running a 2503 connected via ISDN to a local ISP i have a couple of questions.
The isp doesnt support multilink to create a 128k connection. is it possible to make two seperate dailers and the use them as one connection? also i cannot get port forwarding to work i will post my config to show where i have put the trasnlations but they fail when imported into the router at ip nat static source 192.168.0.1 the source part is assuming an ACL rather than an ip address why and how do i get around this as i need to forward in ports for ssh and ftp.
any help much appreciated but go gentle im a bit of n00b with all this :)
!
! Last configuration change at 20:28:00 gmt Mon Jan 6 2003
! NVRAM config last updated at 20:28:58 gmt Mon Jan 6 2003
!
version 11.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Cisco2503
!
enable password 7 xxxxxxxxxxxxxxxxxxxx
!
ip subnet-zero
ip nat inside source list 1 interface Dialer1 overload
ip name-server 192.168.0.2
isdn switch-type basic-net3
clock timezone gmt 0
!
!
interface Ethernet0
description connected to Switch1
ip address 192.168.0.1 255.255.255.0
ip nat inside
!
interface Serial0
no ip address
ip nat inside
no ip mroute-cache
shutdown
!
interface Serial1
no ip address
ip nat inside
shutdown
!
interface BRI0
description connected to Internet
no ip address
ip nat outside
encapsulation ppp
dialer rotary-group 1
no cdp enable
!
interface Dialer1
description connected to Internet
ip address negotiated
ip nat outside
encapsulation ppp
no ip split-horizon
dialer in-band
dialer idle-timeout 300
dialer string 0808xxxxxxxxx
dialer hold-queue 10
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxxxxxxxxxxxx
ppp chap password 7 xxxxxxxxxxxxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxxxxxxx
!
router rip
version 2
passive-interface Dialer1
network 192.168.0.0
no auto-summary
!
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!NAT TESTING
ip nat inside source static tcp 192.168.0.12 22 0.0.0.0 22
!
!
access-list 1 permit 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
snmp-server community public RO
snmp-server community private RW
snmp-server location Server Room
snmp-server contact Paul
!
line con 0
exec-timeout 0 0
password 7 xxxxxxxxxxxxxxxxx
login
line aux 0
line vty 0 4
password 7 xxxxxxxxxxxxxxxxxx
login
!
ntp source Ethernet0
ntp master 2
ntp peer 137.222.102.100 version 2 source Ethernet0
ntp server 137.222.10.60
end
02-04-2003 04:53 AM
With the ip nat inside source static tcp 192.168.0.12 22 0.0.0.0 22 you will need to replace 0.0.0.0 with the negotiated IP adress that you get when dialling in to your provider. This might be an issue if he is kind enough to give you a different IP on each dial-in.
02-04-2003 05:02 AM
Yeah my IP is dynamic but that would not account for being asked for an ACL name rather than ip address. If this is the case can you add the trasnaltion by interface name instead?
02-04-2003 05:24 AM
According to the command reference, the syntax is as follows:
after the keyword STATIC you should enter a local ip and as 2nd parameter a global ip.
The access-list applies to a different use of the command, i.e. to define a range of adresses for NAT.
02-06-2003 06:51 AM
You would have to enter the NAT commands as follows:
ip nat inside source static
You must properly configure IP NAT statements that execute proper translation.
with you access-list you will have to configure the keyword permit ip any any statement to enforce an implicit deny on the ip address configured for the ip address in the access-list but allow all other ip addresses.If you do not configure this all IP addresses will be denied.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide