Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Configuration of 2621 router -- post edited by ciscomoderator --

--Moderator Note: Due to the confidential nature of router configurations, it is not recommended to post them to this or any public forum. I have edited the following configuration to remove confidential information. Since the post was public for awhile, it is recommended all passwords (including encrypted passwords) be changed. -- end Moderator note --

I am trying to set up a 2621 router on my network. Where can I obtain examples of configurations to make it work. I have one ethernet port attached to my dsl router, and the other attached to my hub for my internal network. As it sets right now I can get outside to the world but the world can not get inside to my web or exchange server. My config is as follows.

-- moderator edit --

User Access Verification

-- moderator edit --

Current configuration:

!

version 12.0

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname -- moderator edit --

!

enable secret 5 -- moderator edit --

!

memory-size iomem 15

ip subnet-zero

ip domain-name -- moderator edit --

ip name-server 10.0.10.10

!

!

!

!

!

interface FastEthernet0/0

description connected to Internet

ip address -- moderator edit --

no ip directed-broadcast

ip nat outside

!

interface FastEthernet0/1

description connected to FastHub424

ip address 10.0.0.1 255.0.0.0

no ip directed-broadcast

ip nat inside

!

router rip

version 2

passive-interface FastEthernet0/0

network 10.0.0.0

no auto-summary

!

ip nat inside source list 1 interface FastEthernet0/0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

no ip http server

!

access-list 1 permit 10.0.0.0 0.255.255.255

snmp-server community -- moderator edit --

snmp-server location -- moderator edit --

snmp-server contact -- moderator edit --

banner motd -- moderator edit --

!

line con 0

exec-timeout 0 0

password 7 -- moderator edit --

login

transport input none

line aux 0

line vty 0 4

password 7 -- moderator edit --

login

!

no scheduler allocate

end

-- moderator edit --

Any suggestions?

  • Other Network Infrastructure Subjects
10 REPLIES
New Member

Re: Configuration of 2621 router -- post edited by ciscomoderato

Your NAT looks good.

Try two things (one at a time).

First, change your default route to:

ip route 0.0.0.0 0.0.0.0 x.x.x.x (where x.x.x.x is your next hop router)

instead of

ip route 0.0.0.0 0.0.0.0 fastethernet0/0

Next, try disabling fast-switching. Sometimes fast switching and NAT don't get along.

Under each interface, try:

no ip route-cache

Mick.

New Member

Re: Configuration of 2621 router -- post edited by ciscomoderato

I contacted my evil ISP and they told me the address of the next hop, so I changed the IP route and it killed all out going traffic from my network. plus the no ip cache didn't help either. still no one can get to my my web server.

New Member

Re: Configuration of 2621 router -- post edited by ciscomoderato

This part is really simple.

If you changed your next hop address in your route statement to what your ISP told you (and removed the old default route) and all traffic stopped, then your ISP probably gave you the wrong address. (edited out bogus ip address... too tired... need coffee...)

I completely missed the question you asked about the web server and exchange server.

You're using PAT (port address translation). Its only good for allowing inside users to get to the internet, not for allowing outside users to access inside servers.

You'll need to get an IP address from your ISP for your web server and your exchange server then use static NAT.

You can also try the following, but I've had mixed results.

ip nat inside source static tcp 80 10.x.x.x 209.211.20.217 80

where 10.x.x.x is your web server.

You'll need to double check the syntax though.

Mick.

New Member

Re: Configuration of 2621 router -- post edited by ciscomoderato

still nothing, how can I cheack to ensure that my ISP is correctly routing to me correctly, ie "A records" and such?

New Member

Re: Configuration of 2621 router -- post edited by ciscomoderato

Do a traceroute from the internet to see where the address dies.

Here's what I have to your router:

C:\>tracert 209.211.20.217

Tracing route to dsl27.scottsburg.com [209.211.20.217]

over a maximum of 30 hops:

1 10 ms 20 ms 10 ms 10.42.224.1

2 21 ms 10 ms 20 ms 24.25.1.147

3 10 ms 10 ms 10 ms 24.25.1.97

4 20 ms 30 ms 10 ms rdu26-33-177.nc.rr.com [66.26.33.177]

5 30 ms 20 ms 20 ms pop2-cha-P2-0.atdn.net [66.185.138.89]

6 20 ms 20 ms 20 ms bb2-cha-P0-1.atdn.net [64.236.4.53]

7 20 ms 40 ms 20 ms bb2-atm-P6-0.atdn.net [66.185.152.61]

8 20 ms 50 ms 20 ms pop1-atm-P1-0.atdn.net [66.185.147.198]

9 31 ms 20 ms 20 ms atl-edge-07.inet.qwest.net [65.112.33.129]

10 30 ms 20 ms 20 ms atl-core-01.inet.qwest.net [205.171.21.81]

11 60 ms 80 ms 60 ms chi-core-02.inet.qwest.net [205.171.8.198]

12 61 ms 70 ms 60 ms chi-edge-19.inet.qwest.net [205.171.20.66]

13 80 ms 71 ms 110 ms 65.113.255.138

14 120 ms 81 ms 100 ms dslgw.scottsburg.com [65.114.71.131]

15 * 120 ms 130 ms dsl27.scottsburg.com [209.211.20.217]

Trace complete.

What IP address are you using for your web site? What's the DNS name?

Mick.

New Member

Re: Configuration of 2621 router -- post edited by ciscomoderato

my domain name is (don't laugh) church-of-bubba.com my ISP gave me the dedicated ip address of 209.211.20.217...do I need more ?

New Member

Re: Configuration of 2621 router -- post edited by ciscomoderato

Got this for a web page for church-of-bubba.com:

WELCOME TO THE CHURCH OF BUBBA

NOBODY'S HOME JES YET!

SO COME BACK LATER WHEN WE R!

---------------------------

Seems to be working.

Mick.

New Member

Re: Configuration of 2621 router -- post edited by ciscomoderato

Just out of curiosity how did you get to my web site? did you enter http://www.church-of-bubba.com or http://church-of-bubba.com ? When I enter the www it does not work. but I now can see my web server and send/recieve mail. now I just need to lock everythig down so I don't get whacked by some body.

New Member

Re: Configuration of 2621 router -- post edited by ciscomoderato

Because you are running NAT, connections initiated from your network out will use the interface address of FA0/0. The NAT table caches the TCP/UDP connection for return TCP/UDP traffic. That works fine outbound.

.

When others(internet users) need to initiate TCP/UDP connections "into" your network, you must specify a static PAT/NAT rule that allows this connection inbound to your 10.x.x.x network.

.

EG: Lets assume your web server is 10.0.0.10. Now looking at your config, you have been given approx 60 addresses to use by your ISP (I think). Anyway, you need to choose a public address from your 209.211.20.x range and tell your DNS hosters that your web site domain name points to that address. Lets say that www.your-web.com = 209.211.20.218. Okay?

.

Now you need to tell the NAT engine on your 2621 that any traffic for 209.211.20.218 is in fact for the web server sat at 10.0.0.10. That way, when ever internet users initiate connections TO your web server, they HTTP to the 209 address, your router NATs it to the 10.0.0.10 address inside your network, and your web server responds. TADA !!! You need to make sure your Web server Default Route is pointing at the 2621 10.0.0.1 address.

Commands for creating this NAT relationship between your 10.0.0.10 address and the public 209.211.20.218 address.

.

IP NAT INSIDE SOURCE STATIC

EG: ip nat inside source static 10.0.0.10 209.211.20.218

Try i, see what happens

143
Views
0
Helpful
10
Replies