Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
258
Views
0
Helpful
4
Replies

NAT-ROUTER - Urgent Help

mmtantawi
Level 1
Level 1

‎09-19-2006 10:47 PM - edited ‎03-03-2019 05:07 AM

Dear All,

In my network, I have a Firewall Hardware called Fortigate.

This device working as NAT device, or translator between my inside network ( LAN ) & OUR ISP Cisco Router 2801.

This device has 2 Ports:

Port ( 1 ) :-

===================

1. Description: Connected to MY LAN.

2. IP Address: 192.168.1.100 / 24

NO GW & NO DNS on this Device.

Port ( 2 ) :-

================

1. Description: Connected to OUR ISP CISCO ROUTER 1841, interface F 0/1.

2. IP Address : 213.255.237.116

3. S/M : 255.255.255.248.

4.GW: 213.255.237.113---------------this is the IP Address of ISP Router, INT F 0/1.

5.DNS : 213.255.237.8 / 9

And this Device have a routing role to route every thing to 213.255.237.113 .

And on MY ISP Router, there is the following route

(ip route 0.0.0.0 0.0.0.0 213.255.237.105) .

All of my LAN users ( 200 users up to now ) , in order to access internet through this device, I have to configure them with the IP Address in the same range of the IP Address of PORT 1 .

i.e. IP---? 192.168.1.20 / 24 , GW : 192.168.1.100 , DNS : 213.255.237.8 /9.

Now for some security reasons , I need to shutdown this device and put my Cisco Router which is 1841, and configure this Router with NAT.

My 5 questions is :-

1- In order to do that, what should I do, Static NAT , or Dynamic , or PAT ?? overloading ?? ? can you Please guide me ?

I have 3 Real IP Address from my ISP, and I am using only one until now, and I need only this one IP Address to be used as real IP with those 200 Users , so guide me ?

2- I heard if I enable dynamic NAT, I have to create a one access list for each user IP, and make it Permit to Open internet for Him through my Internet Router which is Configured as NAT Router , is that correct ? if so, how can I wrote it to open only http & SMTP & FTP for only 5 users start from 192.168.1.20 up to 192.168.1.25. ?

3- what about the static route that I need to create on this router, to enable routing between interfaces ?

4- How can I configure the ROUTER with the DNS, in order to make the router configured with this DNS 213.255.237.8 ?

5- Do I need to configure the user again , or only it?s a matter of shutdown the Device, and put my router with the same configurations ?

Please guide me guys .

Labels:
0 Helpful
4 Replies 4

mrmozaffari
Level 1
Level 1

‎09-19-2006 11:13 PM

Hi Mmtantawi

As your network has prefix /29 you can t do Static or Dynamic Nat instead you must use Pat (port address translation) because you don't have enough ip addresses to assign to user dynamicaly.

ok !

Next if you want to use PAT you need an access list to define the source ip address you want to nat like this :

access-list 10 permit 192.168.1.0 0.0.0.255

access-list 10 deny any

then we define the nat

ip nat inside source list 10 interface fast0/1 overload

then assign our nat to interfaces

in interface configuration for fast0/1

///// ip nat outside /////

in interface configuration for fast0/0

//// ip nat inside /////

Thanks.

0 Helpful

sourabhagarwal
Level 4
Level 4

‎09-19-2006 11:13 PM

Hi,

suppose you have two interfaces on 1841 router which will be connected as below:

Fa0/0:-

=======

1. Description: Connected to MY LAN.

2. IP Address: 192.168.1.100 / 24

NO GW & NO DNS on this Device.

Fa0/1:-

=======

1. Description: Connected to OUR ISP CISCO ROUTER 1841, interface F 0/1.

2. IP Address : 213.255.237.116

3. S/M : 255.255.255.248.

4.GW: 213.255.237.113

Now to answer your queries:

1. you have to use PAT as you have only 3 real IPs and you have 200 users.

2. For PAT, you will create access-list to generate interesting traffic which needs to be PATted.

access-list 10 permit

you dont need to create access-list for individual hosts unless you require that certain host don't require access to internet.

3. you can configure a default route on this router like this:

ip route 0.0.0.0 0.0.0.0 213.255.237.113

4. "ip name-server 213.255.237.8" command will configure DNS on your router.

5. You don't need to configure anything at user side because IP address, subnet mask, default gateway configured on client is not going to change.

hope this helps ...

0 Helpful

mmtantawi
Level 1
Level 1
In response to sourabhagarwal

‎09-20-2006 12:01 AM

Thanks for your reply.

as far as i know, i have only 1 IP address, and i want 200 users to access the internet through this Real IP Address.

so , as i understood, i have to use Dynamic, because the Dynamic NAT allow you to have a group of Internal IP address in side your company, to access internet through one real IP address .

so, was i correct or wrong ? please update me as soon as you receive this message .

0 Helpful

mrmozaffari
Level 1
Level 1

‎09-20-2006 12:12 AM

Hi again

as i wrote before it was not a dynamic nat its a overload or pat address translation every user take the address of your fast ethernet ip when they are go to internet.

Remember the configuration is pat and take a look to this line :

ip nat inside source list 10 interface fast0/1 overload

note to "overload" & "fast0/1"

every users go to internet with this ip address 213.255.237.113 which is your fast0/1 ip address.

Thanks.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents