12-01-2011 10:43 AM
Hi all,
I am very new in network administration ! so please be kind with me.
We have bought a CISCO 892 to replace to ADSL modem Router ( netgear ).
Both of the modems where connected to our network and where doing different Port forwarding on our servers ( FTP , SSH , HTTPS .... ).
I try to configure the 892 to get the same result and it become a nightmare !! mainly because of my lak of knowledge .
FastEthernet8 connection has an ADSL modem with DHCP auto configuration , GigabitEthernet0 has also an ADSL modem with DHCP
Vlan1 is connected on our network and got IP 192.168.1.0 to 192.168.1.255 connected to it.
A CISCO dealer told me that the best to configure is CISCO Configuration Professional software but when i look on forum everything is explained in console mode !
After a quick configuration i have been able to configure Internet on both interfaces but when i tried to configure NAT the Headake start .
I need to configure
FastEthernet to translate ports from internet 8081 to 443 , 22 to 22 , 3306 to 3306 , 8082 to 8080 on IP 192.168.1.30
GigaEthernet to translate ports from internet 80 to 80 , 8080 to 8080 on IP 192.168.1.13
So far i have been able to configure only one each time (sometimes it works sometimes) but never both !! .
Can someone give a clue of what i have to do ? Is this configuration possible ?
Thank very much
12-01-2011 02:25 PM
Hi,
can you post your config.
Regards.
Alain
12-02-2011 12:13 AM
Hi Alain,
Here is my config
Best regards
Building configuration...
Current configuration : 6032 bytes
!
! Last configuration change at 09:01:51 PCTime Fri Dec 2 2011 by devlyx
!
version 15.0
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname devlyxcisco
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$4xD7$y5V.j9ini0/KXnvLkXmVS.
!
no aaa new-model
!
!
!
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-2908942045
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2908942045
revocation-check none
rsakeypair TP-self-signed-2908942045
!
!
crypto pki certificate chain TP-self-signed-2908942045
certificate self-signed 01
30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32393038 39343230 3435301E 170D3131 31323031 30393236
32395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39303839
34323034 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B053 30A0B6DA 343B8340 33CC237F 86054A27 94C4C394 61096614 7286FDB9
2BD745CB 59781B02 45A10740 E784711F ED1923B2 DA1B91A3 5DDD5777 576B7A8E
BAF25564 3FD96B9E 95666B25 E83451AD 28FE031D 628AE7D9 AF4D3C69 9104333A
CC25A912 396E3A2A CC35C09A 49BE11A8 AF8395AB ED646D9D 3A342883 5C2F05F3
94910203 010001A3 7A307830 0F060355 1D130101 FF040530 030101FF 30250603
551D1104 1E301C82 1A646576 6C797863 6973636F 2E796F75 72646F6D 61696E2E
636F6D30 1F060355 1D230418 30168014 6AFAD528 8DE5B6CD 9F09D7D8 02A635CA
2E3D319A 301D0603 551D0E04 1604146A FAD5288D E5B6CD9F 09D7D802 A635CA2E
3D319A30 0D06092A 864886F7 0D010104 05000381 8100AF71 1D900608 BDBAA4F3
C80545FF 94F7BB0E 37FA41A1 E55B7B30 65FA7B92 9D1B5FC9 4B3A9973 0702AA8D
BD059D16 FE3BFFD6 6D67B6AB 2B51D822 E190CDF8 30E5363F 3F377337 C2E5F0B3
D5DD425B C136CE5A 2FAA7B1C 03FA2EC4 ED63CD0B 71701545 7654CAD6 ABBD12F8
5645039B FC29428A 9F699ED6 D13286CF 589A511E CF45
quit
ip source-route
!
!
ip dhcp excluded-address 192.168.1.7
!
ip dhcp pool ccp-pool1
import all
network 192.168.1.0 255.255.255.0
dns-server 81.253.149.9 80.10.246.132
default-router 192.168.1.7
!
!
ip cef
ip domain name yourdomain.com
ip name-server 81.253.149.9
ip name-server 80.10.246.132
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO892-K9 sn FCZ154692X6
!
!
username devlyx privilege 15 secret 5 $1$Eics$R4eU/Bqzc.I753e6kUcvX1
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
!
!
!
!
interface BRI0
no ip address
ip flow ingress
encapsulation hdlc
shutdown
isdn termination multidrop
!
!
interface FastEthernet0
!
!
interface FastEthernet1
!
!
interface FastEthernet2
!
!
interface FastEthernet3
!
!
interface FastEthernet4
!
!
interface FastEthernet5
!
!
interface FastEthernet6
!
!
interface FastEthernet7
!
!
interface FastEthernet8
description $ES_WAN$$FW_OUTSIDE$
ip address dhcp client-id FastEthernet8
ip flow ingress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
!
interface GigabitEthernet0
description $ETH-WAN$
ip address dhcp client-id GigabitEthernet0
ip flow ingress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$$ES_LAN$$FW_INSIDE$
ip address 192.168.1.250 255.255.255.0
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source static tcp 192.168.1.13 8080 interface GigabitEthernet0 8080
ip nat inside source static tcp 192.168.1.13 80 interface GigabitEthernet0 80
ip nat inside source list 4 interface FastEthernet8 overload
!
ip access-list extended NAS_Support
remark CCP_ACL Category=2
permit ip host 80.14.126.154 host 192.168.1.13
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark CCP_ACL Category=2
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 3 remark CCP_ACL Category=2
access-list 3 permit 192.168.1.0 0.0.0.255
access-list 4 remark CCP_ACL Category=2
access-list 4 permit 192.168.1.0 0.0.0.255
no cdp run
!
!
!
!
!
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username
Replace
use.
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
12-02-2011 10:56 AM
The nat statements for gigabit port are already there. Please add the following for Fa8:
ip nat inside source static tcp 192.168.1.30 443 interface FastEthernet8 8081
ip nat inside source static tcp 192.168.1.30 22 interface FastEthernet8 22
ip nat inside source static tcp 192.168.1.30 3306 interface FastEthernet8 3306
ip nat inside source static tcp 192.168.1.30 8080 interface FastEthernet8 8082
I hope I got all directions right, for example port 443 is to be at the server-side yes?
Otherwise you should flip the numbers.
regards,
Leo
12-02-2011 11:46 AM
Hi tanks
I haven't configure the fastethernet because the gigabit was not working !
I have done several other test , once i activate both interface internet access doesn't work anymore !
Sent from Cisco Technical Support iPad App
12-03-2011 06:23 AM
Claude ESQUIROL wrote:
Hi tanks
I haven't configure the fastethernet because the gigabit was not working !
I have done several other test , once i activate both interface internet access doesn't work anymore !
Sent from Cisco Technical Support iPad App
You have not set a default route. That's the most likely explanation.
For this setup, you will need policy routing (look this up at Cisco)
Host 192.168.1.30 should be routed to fa8, the other one to the gig port.
If there are more hosts, they will need the default route or you may use policy routing to divide them between the two links.
regards,
Leo
12-05-2011 11:16 PM
Hi,
Thank you all it is now working well.
Next step will be the VPN !
Sent from Cisco Technical Support iPad App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide