Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

DSL: Remote to inside (Gotta be ez)

Small Business, no IT but me.

We have a Cisco 1812 behind an AT&T Netopia 3346N DSL Switch. We are trying to provide outside PCAnywhere access to a PC on the inside. I opened (suggested by the folks at Netopia) a pinhole on the Netopia switch for PCAnywhere, but still cannot get to the 1812 > server > PC.

Right now, we only require one (1) remote user for a short period of time. (I've hired a young IT whiz who will configure the appropriate VPN for our long-term remote requirements, but the start date is next week.) I need to allow our ERP supplier access to our system for an upgrade before Oct 1st. We planned on performing those activities this weekend.

Thanks for any help!

!This is the running config of the router: 192.168.168.200

!----------------------------------------------------------------------------

!version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname STCLAIR1

!

boot-start-marker

boot-end-marker

!

security authentication failure rate 3 log

security passwords min-length 6

logging buffered 51200 debugging

logging console critical

enable secret xxx

!

no aaa new-model

!

resource policy

!

clock timezone PCTime -5

clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00

no ip source-route

!

!

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.168.200

!

ip dhcp pool sdm-pool1

import all

network 192.168.168.0 255.255.255.0

default-router 192.168.168.200

!

ip dhcp pool sdm-pool2

import all

network 10.0.0.0 255.255.255.0

default-router 192.168.168.200

!

!

ip tcp synwait-time 10

no ip bootp server

ip domain name stclairpackaging.com

ip name-server 6X.9X.1XX.1XX

ip name-server 6X.9X.1XX.1XX

ip ssh time-out 60

ip ssh authentication-retries 2

!

!

crypto pki trustpoint TP-self-signed-111111111

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-111111111

revocation-check none

rsakeypair TP-self-signed-111111111

!

!

crypto pki certificate chain TP-self-signed-111111111

certificate self-signed 01

3082024...1A1E06

quit

username admin privilege 15 secret 5 $1$....

!

!

!

!

!

!

interface FastEthernet0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

shutdown

duplex auto

speed auto

!

interface FastEthernet1

description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$

ip address dhcp client-id FastEthernet1

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$

ip address 192.168.168.200 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

ip tcp adjust-mss 1452

!

interface Vlan2

ip address 10.0.0.250 255.255.255.0

!

!

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 1 interface FastEthernet1 overload

ip nat inside source static tcp 10.0.0.250 80 interface FastEthernet1 80

!

ip access-list extended PCAnywhere

remark SDM_ACL Category=1

remark Advanced Software

permit ip host 67.62.XXX.YYY host 10.0.0.111

!

logging trap debugging

access-list 1 remark INSIDE_IF=Vlan1

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.168.0 !

end

(I had to cut some of the length due to the restriction)

2 REPLIES
New Member

Re: DSL: Remote to inside (Gotta be ez)

interface Vlan2

ip nat inside

!

Plus you have the same IP address on vlan2 interface and your actual server.

interface Vlan2

ip address 10.0.0.250 255.255.255.0

ip nat inside source static tcp 10.0.0.250 80 interface FastEthernet1 80

New Member

Re: DSL: Remote to inside (Gotta be ez)

Thanks, but I am not clear on what exactly to do with these values. Do I remove vlan2 and rebuild it with merely the ip nat inside line?

I use the SDM rather than CLI (since it warns me prior to entering that mode that "Expert User" skills are necessary) and I still struggle with just what parameters are set by what fields in SDM. I've got the 1812 offline right now and am considering a restart.

We've got several PCs running static IPs (legacy setup) and several running on DHCP. I'm thinking I should move all to DHCP? Then I only require vlan1, right?

234
Views
0
Helpful
2
Replies
CreatePlease to create content