Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Multiple Wan Addresses and routing

Hi all,

I have a cisco 1721 router. It doesn't have the advanced ios security.

I would like to be able to give it multiple wan addresses given by isp and then route these so that I can give a user a static ip address. I would need to be able to forward all ports to this users own firewall and also have all traffic from him showing up as his static address.

Can I do this without the advanced ios security package ?

My config is below

Current configuration : 3362 bytes

!

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname cisco1721

!

boot-start-marker

boot-end-marker

!

security authentication failure rate 3 log

security passwords min-length 6

logging buffered 51200 debugging

logging console critical

enable secret 5 xxxxxxxxxxxxxxxxxxxxx

!

aaa new-model

!

!

aaa authentication login local_authen local

aaa authorization exec local_author local

!

aaa session-id common

!

resource policy

!

clock timezone PCTime 12

clock summer-time PCTime date Mar 16 2003 3:00 Oct 5 2003 2:00

ip subnet-zero

no ip source-route

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.60.1 192.168.60.99

ip dhcp excluded-address 192.168.60.151 192.168.60.254

!

ip dhcp pool sdm-pool1

import all

network 192.168.60.0 255.255.255.0

dns-server 203.97.33.1 203.97.37.1

default-router 192.168.60.254

!

!

ip tcp synwait-time 10

ip cef

ip domain name scorch.co.nz

ip name-server 203.97.33.1

ip name-server 203.97.37.1

no ip bootp server

!

username xxxx privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxx/

!

!

!

interface Null0

no ip unreachables

!

interface Ethernet0

description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$

ip address 192.168.10.222 255.255.255.0

ip verify unicast reverse-path

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

ip route-cache flow

half-duplex

!

interface FastEthernet0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-10/100 Ethernet$$ES_LAN$$FW_INSIDE$

ip address 192.168.60.254 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.14.0.253

ip http server

ip http authentication local

ip http timeout-policy idle 600 life 86400 requests 10000

!

ip nat inside source list 1 interface Ethernet0 overload

!

logging trap debugging

access-list 1 remark INSIDE_IF=FastEthernet0

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.60.0 0.0.0.255

access-list 100 remark VTY Access-class list

access-list 100 remark SDM_ACL Category=1

access-list 100 permit ip 192.168.60.0 0.0.0.255 any

access-list 100 deny ip any any

access-list 101 permit gre any any

access-list 101 deny ip 192.168.50.0 0.0.0.255 any

access-list 101 deny ip 10.0.0.0 0.255.255.255 any

access-list 101 permit esp any any

access-list 101 deny ip 172.16.0.0 0.15.255.255 any

access-list 101 deny ip 192.168.0.0 0.0.255.255 any

access-list 101 deny ip 127.0.0.0 0.255.255.255 any

access-list 101 deny ip host 255.255.255.255 any

no cdp run

!

control-plane

!

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

login authentication local_authen

transport output telnet

line aux 0

login authentication local_authen

transport output telnet

line vty 0 4

access-class 100 in

authorization exec local_author

login authentication local_authen

transport input telnet

line vty 5 15

access-class 100 in

authorization exec local_author

login authentication local_authen

transport input telnet

!

scheduler allocate 4000 1000

scheduler interval 500

end

236
Views
0
Helpful
0
Replies