2503 ISDN Dial Up Qustions

paul_cisco · ‎02-04-2003

Hi there i am running a 2503 connected via ISDN to a local ISP i have a couple of questions.

The isp doesnt support multilink to create a 128k connection. is it possible to make two seperate dailers and the use them as one connection? also i cannot get port forwarding to work i will post my config to show where i have put the trasnlations but they fail when imported into the router at ip nat static source 192.168.0.1 the source part is assuming an ACL rather than an ip address why and how do i get around this as i need to forward in ports for ssh and ftp.

any help much appreciated but go gentle im a bit of n00b with all this :)

!

! Last configuration change at 20:28:00 gmt Mon Jan 6 2003

! NVRAM config last updated at 20:28:58 gmt Mon Jan 6 2003

!

version 11.3

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname Cisco2503

!

enable password 7 xxxxxxxxxxxxxxxxxxxx

!

ip subnet-zero

ip nat inside source list 1 interface Dialer1 overload

ip name-server 192.168.0.2

isdn switch-type basic-net3

clock timezone gmt 0

!

interface Ethernet0

description connected to Switch1

ip address 192.168.0.1 255.255.255.0

ip nat inside

!

interface Serial0

no ip address

ip nat inside

no ip mroute-cache

shutdown

!

interface Serial1

no ip address

ip nat inside

shutdown

!

interface BRI0

description connected to Internet

no ip address

ip nat outside

encapsulation ppp

dialer rotary-group 1

no cdp enable

!

interface Dialer1

description connected to Internet

ip address negotiated

ip nat outside

encapsulation ppp

no ip split-horizon

dialer in-band

dialer idle-timeout 300

dialer string 0808xxxxxxxxx

dialer hold-queue 10

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname xxxxxxxxxxxxxxxxxxxxxxx

ppp chap password 7 xxxxxxxxxxxxxxxxxxxxxxx

ppp pap sent-username xxxxxxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxxxxxxx

!

router rip

version 2

passive-interface Dialer1

network 192.168.0.0

no auto-summary

!

no ip http server

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

!

!NAT TESTING

ip nat inside source static tcp 192.168.0.12 22 0.0.0.0 22

!

access-list 1 permit 192.168.0.0 0.0.0.255

dialer-list 1 protocol ip permit

snmp-server community public RO

snmp-server community private RW

snmp-server location Server Room

snmp-server contact Paul

!

line con 0

exec-timeout 0 0

password 7 xxxxxxxxxxxxxxxxx

login

line aux 0

line vty 0 4

password 7 xxxxxxxxxxxxxxxxxx

login

!

ntp source Ethernet0

ntp master 2

ntp peer 137.222.102.100 version 2 source Ethernet0

ntp server 137.222.10.60

end

lgijssel · ‎02-04-2003

With the ip nat inside source static tcp 192.168.0.12 22 0.0.0.0 22 you will need to replace 0.0.0.0 with the negotiated IP adress that you get when dialling in to your provider. This might be an issue if he is kind enough to give you a different IP on each dial-in.

paul_cisco · ‎02-04-2003

Yeah my IP is dynamic but that would not account for being asked for an ACL name rather than ip address. If this is the case can you add the trasnaltion by interface name instead?

lgijssel · ‎02-04-2003

According to the command reference, the syntax is as follows:

after the keyword STATIC you should enter a local ip and as 2nd parameter a global ip.

The access-list applies to a different use of the command, i.e. to define a range of adresses for NAT.

TREKMAN · ‎02-06-2003

You would have to enter the NAT commands as follows:

ip nat inside source static

You must properly configure IP NAT statements that execute proper translation.

with you access-list you will have to configure the keyword permit ip any any statement to enforce an implicit deny on the ip address configured for the ip address in the access-list but allow all other ip addresses.If you do not configure this all IP addresses will be denied.