cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
565
Views
5
Helpful
11
Replies

adsl ip map to pix

cfajardo1_2
Level 1
Level 1

i have an adsl router connected to my pix firewall. I wanted all incoming VPN traffic in my ADSL unterface to be mapped to the ip address of my firewall which is the outside interface.

how can i acieve this.

iam attaching the adsl router config.

11 Replies 11

spremkumar
Level 9
Level 9

Hi

Do you have any spare public ip available out there using which you can NAT(MAP) with the outside ip of the pix firewall.

This config spec can be carried out in the router configuration which then can forward the packet destined to the firewall outside ip to the firewall via the public ip mapping available in the router config.

regds

the router have a fix adsl ip though the config doesnt show..

the provider always provide that fix ip whenever the specific adsl number dials.

Hi there,

What I think you need is the following

ip nat inside source static udp 192.168.1.1 500 interface Dialer1 500

ip nat inside source static udp 192.168.1.1 4500 interface Dialer1 4500

swap 192.168.1.1 for whatever the outside address of the PIX is behind the NAT router.

This example will redirect all public IPSEC VPN traffic to the private "outside" address of your PIX.

You will also need to enable NAT-Traversal on your PIX so it handles the outgoing traffic correctly.

Hope this helps

Rob

just to make sure the command works, ive done the ff;

install a router in the same subnet as the ethernet of the adsl router.

router ip 192.168.1.2 and execute the below command

ip nat inside source static tcp 192.168.1.2 23 interface dialer 1 23

then i tried telneting the public ip of the adsl router but i got no reply.

if this command is working, then telneting the public ip should result in telnetting the newly installed router with ip address 192,168.1.2

this is the same command we are using before, i just dont know why its not working..

any help will be appreciated.

thanks

just to make sure the command works, ive done the ff;

install a router in the same subnet as the ethernet of the adsl router.

router ip 192.168.1.2 and execute the below command

ip nat inside source static tcp 192.168.1.2 23 interface dialer 1 23

then i tried telneting the public ip of the adsl router but i got no reply.

if this command is working, then telneting the public ip should result in telnetting the newly installed router with ip address 192,168.1.2

this is the same command we are using before, i just dont know why its not working..

any help will be appreciated.

thanks

just to make sure the command works, ive done the ff;

install a router in the same subnet as the ethernet of the adsl router.

router ip 192.168.1.2 and execute the below command

ip nat inside source static tcp 192.168.1.2 23 interface dialer 1 23

then i tried telneting the public ip of the adsl router but i got no reply.

if this command is working, then telneting the public ip should result in telnetting the newly installed router with ip address 192,168.1.2

this is the same command we are using before, i just dont know why its not working..

any help will be appreciated.

thanks

Im a litte confused, the address in the config gives the inside of your router to be 10.1.1.1 255.255.255.0.

The test router or PIX behind the cisco need an outside address in the 10.1.1.0/24 subnet.

You need the following

Dialer1 (Outside IP)

|

Cisco Router with NAT commands

|

FastEthernet 10.1.1.1 255.255.255.0

|

|

Outside PIX or test router interface 10.1.1.2

then add this to router

ip nat inside source static tcp 10.1.1.2 23 interface dialer 1 23

This will allow you to telnet from the outside (dialer1) to the test router on the inside.

If the doesnt work please post back the latest full config.

sorry for the confussion...intentionally changed the ip addresses...

ive done exactly the same syntax...i dont understand also why its not working..

weve also tried usining the same command line but putting the exact dialer 1 fix ip address but still getting same result.

1) Can you connect out to the internet using that router?

2) Are you connecting the outside using telnet froma different network

3) type "sh ip nat translations" before you connect, you should see the static translation but not in use.

Then connect to your outside interface using telnet - run "sh ip nat translations" and see it it's in use.

That will incidate the NAT is ok.

Also what is the default route on the test router behind the NAT router - make sure this is the inside interface of the NAT router.

hello...thx a lot...very simple mistake...nat is working now...i forgot the def gateway of the test router...ill do the vpn tommorow and let u know..

again, many thanks..

glad it's working!

Rob

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: