Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IP NAT Static & PAT

Hi

I would like to make static nat extend for port 1723 (VPN) on

cisco2500.

This router also make nat overload for internet connection also.

my configuration is

-------------------------------------------------------------------------------------------------------

!

version 12.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

service udp-small-servers

service tcp-small-servers

!

hostname CMIOFFICE

!

enable secret xxxx

!

!

!

!

!

ip subnet-zero

no ip domain-lookup

ip name-server 203.x.x.242

ip name-server 203.x.x.192.168.1.1

ip dhcp excluded-address 192.168.1.5

!

ip dhcp pool office

network 192.168.1.0 255.255.255.0

dns-server 203.x.x.71

default-router 192.168.1.5

!

!

!

!

interface Ethernet0

ip address 192.168.1.5 255.255.255.0

ip nat inside

no ip mroute-cache

!

interface Serial0

bandwidth 128

ip address 161.87.xx.188 255.255.255.252

ip access-group 101 in

ip access-group 101 out

ip nat outside

encapsulation ppp

no ip mroute-cache

!

router eigrp 1

network 10.0.0.0

network 192.168.1.0

auto-summary

no eigrp log-neighbor-changes

!

router rip

network 161.87.137.0

network 192.168.1.0

!

ip nat inside source list 1 interface Serial0 overload

ip nat inside source static tcp 192.168.1.10 1723 161.87.XX.188 1723

extendable

ip nat inside source static tcp 192.168.1.10 80 161.87.XX.188 80

extendable

ip classless

ip route 0.0.0.0 0.0.0.0 161.87.XX.187

no ip http server

!

!

access-list 1 permit any

!

end

-----------------------------------------------------------------------------------------------------------------------

But it not work.

I would like to tracert problem. But I don't know how?

Do you have any recommend configuration?

My Nat translation is

-----------------------------------------------------------------------------------------------------------------------

#sh ip nat trans

Pro Inside global Inside local Outside local

Outside global

tcp 161.87.XX.188:1723 192.168.1.10:1723 ---

---

tcp 161.87.XX.188:80 192.168.1.10:80 ---

---

-----------------------------------------------------------------------------------------------------------------------

Thanks in advance..

:>

1 REPLY
New Member

Re: IP NAT Static & PAT

Hi,

If I remember correct, there was a problem to configure PPTP pass-through on IOS (at least I had problems to do the same task on one of my 1712). I tryed to make configuration similar to that described in

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00800949c0.shtml

but never succeeded. The problem was solved only when I took PIX 506 instead of 1712.

It could be that this will work in newer versions of IOS on 17XX (or on another platform - 36XX for example)...

//Mikhail Galiulin

134
Views
0
Helpful
1
Replies