Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Hiding NAT Information on a 1721 Router

I have a customer that has a 1721 router configured with Dynamic NAT (192.168.1.x). I am able to see all of their workstations on the Public Network. How do I configure NAT to hide this information on the Public network and still allow them access outside?

LT.

4 REPLIES
Silver

Re: Hiding NAT Information on a 1721 Router

Nat is a very vast field where you try for many types of configuration. The present configuration is a simple configuration using the the overload key with nat , which is also called PAT (Port Address translation).Have look at the following link which explains about NAT.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml

You can have a very good idea about NAT from this link.

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094831.shtml

New Member

Re: Hiding NAT Information on a 1721 Router

Yes, I have looked at both of these docs and have Dynamic NAT configured and it should be working, however when I use my IP Browser Utility to scan my customer's public subnet, I can see the workstation names. I also had their ISP take a look at the configuration of the router and they can't see anything wrong with the statements. Can you give me a sample of what the config should look like. This is what is in te router currently.

interface FastEthernet0

description TO LOCAL LAN

ip address 192.168.1.1 255.255.255.0

ip nat inside

speed auto

!

interface FastEthernet0.1

!

interface Serial0

description PB CKT 44HCGS001631-001 | PBI 1-800-463-8724

ip address 67.124.55.26 255.255.255.252

ip nat outside

encapsulation ppp

fair-queue

service-module t1 clock source internal

service-module t1 timeslots 1-24

!

ip nat pool DHCP1 209.78.47.20 209.78.47.100 prefix-length 25

ip nat inside source list 25 pool DHCP1

ip classless

ip route 0.0.0.0 0.0.0.0 67.124.55.25

no ip http server

!

!

access-list 25 permit 192.168.1.0 0.0.0.255

access-list 25 deny any

!

New Member

Re: Hiding NAT Information on a 1721 Router

You should have overload running on your nat pool, it will either default to using your s0 IP unless you have 1 IP defined in your pool.

Second, you should have some access-lists blocking many ports, some of which would be 135, 139, 445 plus many many more.

You don't have to run overload, but you do NEED to run some access-lists.

If you need more help on the access-lists, let us know.

New Member

Re: Hiding NAT Information on a 1721 Router

Any pointers or assistance you can provide would be most helpful!

LT.

92
Views
0
Helpful
4
Replies
CreatePlease to create content