Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

i need some help doing an initial configuration of my cisco 2621XM router

my router needs to forward our ext. ip 63.77.xxx.xxx port 21 to our ftp server 192.168.0.240 can anyone put that into a coded line for me? the tutorils page was anything but helpful... i also figured out how to SET dns entries, but i cant figure out how to set the default one, or remove the entries that i don't need.

Everyone's tags (1)
3 ACCEPTED SOLUTIONS

Accepted Solutions

Re: i need some help doing an initial configuration of my cisco

Hi,

ip nat inside source static tcp 192.168.0.240 21 63.77.xxx.xxx 21

The above command will make the router to forward TCP traffic received on IP 63.77.xxx.xxx on port 21 to IP 192.168.0.240 on port 21.

Is this what you need?

Federico.

Re: i need some help doing an initial configuration of my cisco

Alex,

You said that you placed a NAT entry on the router that mess things up.

If you're not sure about the line you enter, do this:

sh run | i ip nat

The output will show the related NAT statements on the router.

You should be able to see the rule you entered that caused the problem and remove it by entering the same line with the word ''no'' in front.

Federico.

Re: i need some help doing an initial configuration of my cisco

The router is not going to tell the clients which DNS to use.
This happens only if the router itself is the DHCP server for the clients.
If the router is not a DHCP server, then the clients are obtaining their DNS from somewhere else (another server or manually)


Check the ipconfig on the machines.
Do they get a DNS statically or automatically?

What is the role of the router on this?

Federico.

19 REPLIES

Re: i need some help doing an initial configuration of my cisco

Hi,

ip nat inside source static tcp 192.168.0.240 21 63.77.xxx.xxx 21

The above command will make the router to forward TCP traffic received on IP 63.77.xxx.xxx on port 21 to IP 192.168.0.240 on port 21.

Is this what you need?

Federico.

Community Member

Re: i need some help doing an initial configuration of my cisco

ok, so i have a few questions here, heres my configuration:

Latitude#sh run

Building configuration...

Current configuration : 1313 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Latitude

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$jm7D$2033ztdVu9JCQJHmqXa18/

enable password lattitude

!

no aaa new-model

clock timezone MST -7

clock summer-time MDT recurring

no network-clock-participate slot 1

no network-clock-participate wic 0

ip cef

!

ip name-server 67.50.43.18

ip name-server 208.67.222.222

ip name-server 192.168.0.240

!

interface FastEthernet0/0

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

speed auto

full-duplex

!

interface FastEthernet0/1

ip address 63.77.110.171 255.255.255.0

ip nat outside

ip virtual-reassembly

speed auto

full-duplex

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 63.77.110.1

!

!

ip http server

no ip http secure-server

ip nat pool overload 63.77.110.172 63.77.110.172 prefix-length 24

ip nat inside source list 1 pool overload overload

ip nat inside source static tcp 63.77.110.172 21 192.168.0.240 21 extendable

!

access-list 1 permit 192.168.0.0 0.0.0.255

!

!

!

control-plane

!

line con 0

line aux 0

line vty 0 4

password lattitude

login

!

ntp clock-period 17208029

ntp server 67.50.43.18

!

end

1 its up and working,however i attempted to map my ftp server through the router, and now i cant see the server on the network : ( (i probably need to just remove the entry but dont know how)

2 i need to remove some of the entries in my DNS field.

3 i need to map some ports through the NAT to allow an FTP server, web server, and remote desktop connections.

Message was edited by: Alex Bartz

Re: i need some help doing an initial configuration of my cisco

Alex,

If the command you inserted caused any problem, just remove it with the ''no'' keyword before the command:

no ip nat inside source static tcp 192.168.0.240 21 63.77.xxx.xxx 21

If everything is back to the way it was, please specify clearly what you need to accomplish.

Also, you just post a part of the config and not the entire ''sh run''

Federico.

Community Member

Re: i need some help doing an initial configuration of my cisco

my apologies, this is literally the first time ive messed with a cisco product, or any telnet interface for that matter, however im under some pressure to get this thing going so your patience and understanding is worth a million thanks

i placed a NAT entry in my router trying to forward some ports with an internet article, and right after i did the cntrl+z thing i couldnt access the server i was trying to get mapped. can you help me find, and delete the entry i made?

Re: i need some help doing an initial configuration of my cisco

What was the entry you made?

Federico.

Community Member

Re: i need some help doing an initial configuration of my cisco

how would i figure that out? lol im so sorry i bet this is a huge pain. i have the manual for configuring cisco devices that ill be reading here soon but i have to have everything setup like 2 hours ago...

Re: i need some help doing an initial configuration of my cisco

Alex,

You said that you placed a NAT entry on the router that mess things up.

If you're not sure about the line you enter, do this:

sh run | i ip nat

The output will show the related NAT statements on the router.

You should be able to see the rule you entered that caused the problem and remove it by entering the same line with the word ''no'' in front.

Federico.

Community Member

Re: i need some help doing an initial configuration of my cisco

ok, i think i got it, man cisco make a freakin GUI for us non L33Ts!

Re: i need some help doing an initial configuration of my cisco

Alex,

Which entry do you want to get rid of?

no ip nat pool overload 63.77.110.172 63.77.110.172 prefix-length 24

no ip nat inside source list 1 pool overload overload

no ip nat inside source static tcp 192.168.0.240 21 63.77.110.172 21 extendable

If you're not sure, you might just blow out the entire NAT configuration and start over.

What do you want to do?

Federico.

Community Member

Re: i need some help doing an initial configuration of my cisco

i got that part, now how would i set the first DNS server to 192.168.0.240? i already have it in the list, but its not default

Re: i need some help doing an initial configuration of my cisco

Alex,

You mean the DNS server for the router itself?

If so, you can remove the DNS servers already specified:

no ip name-server 67.50.43.18

no ip name-server 208.67.222.222

no ip name-server 192.168.0.240

And enter the DNS server that you want.

Or, do you want the router to assign a DNS to the LAN?

Federico.

Community Member

Re: i need some help doing an initial configuration of my cisco

im using active directory, so it would need to tell clients to use 192.168.0.240 and it itself should be using 208.67.222.222 (open dns)

the ftp server worked before i switched routers, so its definately an issue im having with the router, why wont the ftp nat entry i put in work? do i need to apply something?

Re: i need some help doing an initial configuration of my cisco

The router is not going to tell the clients which DNS to use.
This happens only if the router itself is the DHCP server for the clients.
If the router is not a DHCP server, then the clients are obtaining their DNS from somewhere else (another server or manually)


Check the ipconfig on the machines.
Do they get a DNS statically or automatically?

What is the role of the router on this?

Federico.

Community Member

Re: i need some help doing an initial configuration of my cisco

oh oh ok heh yes my server is doing all the dhcp functions, so no need there. i just need the first ip address that it looks for to be 192.168.0.240 and the second one for redundancy to be 208.67.222.222 so i know its set right, then i need to troubleshoot why in the world that port map didnt work? any thoughts? heres the configuration:

Latitude#sh run

Building configuration...

Current configuration : 1348 bytes

!

! Last configuration change at 17:24:31 MDT Mon May 17 2010

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Latitude

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$jm7D$2033ztdVu9JCQJHmqXa18/

enable password ********

!

no aaa new-model

clock timezone MST -7

clock summer-time MDT recurring

no network-clock-participate slot 1

no network-clock-participate wic 0

ip cef

!

!

!

!

ip name-server 208.67.222.222

ip name-server 192.168.0.240

!

interface FastEthernet0/0

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

speed auto

full-duplex

!

interface FastEthernet0/1

ip address 63.77.110.171 255.255.255.0

ip nat outside

ip virtual-reassembly

speed auto

full-duplex

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 63.77.110.1

!

!

ip http server

no ip http secure-server

ip nat pool overload 63.77.110.172 63.77.110.172 prefix-length 24

ip nat inside source list 1 pool overload overload

ip nat inside source static tcp 192.168.0.240 21 63.77.110.172 21 extendable

!

access-list 1 permit 192.168.0.0 0.0.0.255

!

!

!

control-plane

line con 0

line aux 0

line vty 0 4

password lattitude

login

!

ntp clock-period 17208029

ntp server 67.50.43.18

!

end

Re: i need some help doing an initial configuration of my cisco

The router does not have anything to do with which DNS the clients look for.

I understand you have a local DNS. Is this working? Is this the DNS the clients look for?

Then we can check the redirection part.

Federico.

Community Member

Re: i need some help doing an initial configuration of my cisco

the local DNS (192.168.0.240) which is also our main production server (active directory, FTP server, File server) just forwards DNS queries to OpenDNS (208.67.222.222) who we use to filter internet usage. on all our clients i set them to use 192.168.0.240, and 208.67.222.222 for the secondary so that each client will use the servers DNS for active directory purposes, and if it cant find that, it'll use open dns directly. if i don't need to configure anything in the router for DNS then its no problem, i mainly need to focus on getting services forwarded from the router to our boxes. i was also told that i have to do something to make all the work i've done stay if the router ever gets restarted.

Re: i need some help doing an initial configuration of my cisco

To allow the internal clients to work with the DNS, nothing has to be done on the router.

To forward traffic to your internal boxes, you do this:

ip nat inside source static tcp x.x.x.x PORT1 y.y.y.y PORT2

I'm going to explain the above command:


Traffic that reaches IP public IP y.y.y.y on PORT2 will be redirected to inside private IP x.x.x.x on PORT1

This means that for example, if you want to redirect port 80 traffic coming on IP 200.1.1.1 to internal IP 10.1.1.1 on port 8080,


what you do is this:

ip nat inside source static tcp 10.1.1.1 8080 200.1.1.1 80

Federico.

Community Member

Re: i need some help doing an initial configuration of my cisco

nice answer that helped alot actually, but i've done this and redone it thinking i had messed up just to find that it still doesn't work... i can ping, and access the ftp site from within the network just fine, and had it all working on our edgewater router but it crapped the bed last week so i switched it out for the cisco router and now even though everything is the same, and the settings on here say it should be working its not : /

Re: i need some help doing an initial configuration of my cisco

We should be able to figure it out...

If you post some specific questions, I'll try to help you with this.

Federico.

1072
Views
0
Helpful
19
Replies
CreatePlease to create content