Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Public IP address behind router

Hi there,

I'm really bad on networking so I have a question about NAT.

I got two public IP addresses from my ISP: 92.x.x.252 - 92.x.x.254.

92.x.x.254 is configured as secondary on external interface and clients will use it two connect (vpn) it from outside through cisco 1841 to zywall p1 with wan ip address 92.x.x.253. Is this configuration (look at picture) allowed? How can I route traffic from 92.x.x.254 to zywall p1, if posible?

Thanks in advance!

http://i41.tinypic.com/24e2r2r.png

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Public IP address behind router

For my opinion you have to make static mapping:

ip nat inside source static IP( zywall p1) 92.x.x.254

Also you need:

Interface to modem# ip nat outside

Interface to switch# ip nat inside

You will get: that all traffic wich destined for 92.x.x.254

will go to zywall p1

---

Posted by WebUser Aleksandr Yanovskiy

10 REPLIES
Silver

Public IP address behind router

For my opinion you have to make static mapping:

ip nat inside source static IP( zywall p1) 92.x.x.254

Also you need:

Interface to modem# ip nat outside

Interface to switch# ip nat inside

You will get: that all traffic wich destined for 92.x.x.254

will go to zywall p1

---

Posted by WebUser Aleksandr Yanovskiy

New Member

Public IP address behind router

Thanks for help... anyway still can't ping zywall on 92.x.x.253 address. More info:

cisco#sh arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.0.1.10                  7   0010.b5d8.f828  ARPA   FastEthernet0/0

Internet  10.0.1.1                    -   001c.5849.9024  ARPA   FastEthernet0/0

Internet  80.x.x.1                  16   0030.8550.58af  ARPA   FastEthernet0/1

Internet  92.x.x.254                -   001c.5849.9025  ARPA   FastEthernet0/1

Internet  92.x.x.253                0   Incomplete      ARPA

Internet  80.65.83.48             -   001c.5849.3025  ARPA   FastEthernet0/1

and this:

007071: *Mar  9 23:32:30.578 CST: IP ARP req filtered src 92.x.x.253 0013.491e.77cb, dst 92.x.x.254 0000.0000.0000 wrong cable, interface FastEthernet0/0

007072: *Mar  9 23:32:30.754 CST: IP ARP: sent req src 92.x.x.254 001c.5889.9025,

                 dst 92.x.x.253 0000.0000.0000 FastEthernet0/1

007073: *Mar  9 23:32:30.754 CST: IP ARP: sent req src 92.36.231.254 0,

                 dst 92.x.x.253 0 FastEthernet0/1

Silver

Public IP address behind router

What is the gateway for zywall p1? Can it ping devices outside you office? Gateway must be set to 92.x.x.254. Try this

---

Posted by WebUser Aleksandr Yanovskiy

New Member

Public IP address behind router

Sorry but I'm not following you. 92.x.x.254 is wan interface on cisco (secondary ip address) and 92.x.x.253 is wan interface on zywall p1 (image in first post).

New Member

Public IP address behind router

Uh oh... it was late night here sorry... you said gateway for zywall p1 and i refered to external interface ip address. I'll check this out. thnks!

New Member

Public IP address behind router

Gateway on p1 is set to 92.x.x.254... i can't even ping this py from outside.

Here's my config:

Current configuration : 3518 bytes

!

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname cisco

!

boot-start-marker

boot-end-marker

!

security authentication failure rate 3 log

security passwords min-length 6

!

no aaa new-model

!

resource policy

!

clock timezone CST -1

clock summer-time CDT recurring

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

no ip source-route

ip cef

!

!

ip tcp synwait-time 10

no ip dhcp use vrf connected

!

!

no ip bootp server

ip domain name mikroaldi.org

ip name-server 195.x.x.10

ip name-server 195.x.x.20

!

!

!

!

interface FastEthernet0/0

description LAN

ip address 10.0.1.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip route-cache flow

duplex auto

speed auto

no mop enabled

!

interface FastEthernet0/1

description WAN

ip address 92.x.x.254 255.255.255.252 secondary

ip address 80.x.x.48 255.255.255.192

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip route-cache flow

duplex auto

speed auto

no mop enabled

!

interface Serial0/0/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

shutdown

!

ip classless

ip route 0.0.0.0 0.0.0.0 80.x.x.1

!

no ip http server

ip nat inside source list 101 interface FastEthernet0/1 overload

ip nat inside source static tcp 10.0.1.10 80 80.x.x.48 80 extendable

ip nat inside source static 92.x.x.253 92.x.x.254

!

logging trap debugging

access-list 101 permit ip any any

no cdp run

!

control-plane

!

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

line aux 0

line vty 0 4

!

scheduler allocate 4000 1000

end

Any clue?

Silver

Public IP address behind router

Did your provider give you such IP addr:

ip address 92.x.x.254 255.255.255.252 secondary

ip address 80.x.x.48 255.255.255.192

They are quite diffren.

Anyway, It seems that we are talking on different areas)

As I understand you want to make zywal accessible from internet with address 92.x.x.253. So you should assign this addr to wan interface of you router, and then set a static nat.

Am i right?

---

Posted by WebUser Aleksandr Yanovskiy

New Member

Public IP address behind router

My primary IP address is 80.x.x.48 and after a while i needed 2 more addresses so they gave me these 92.x.x.252 / 30.

And yes.. I want to make zywall accessible from internet by using one of these 92.x.x.252. In this case 92.x.x.253.

Silver

Public IP address behind router

In this case you can try 2 scenrios:

1) Static nat. In this case you have to assign addr *.253 to your router with WAN interface. And then you can use static NAT

2) Oter decision is to assign *.253 to you zywall p1. In this case you have to assign internal adress to interface on the picture, where you have now *.253 and *.253 addr assign to loopback addr. or subinterface. And then add route on you router

ip route *253 255.255.255.255 $Internal IP.

Choose one of variants and then let's continue) You can write directly to my facebook, it would be quicker Aleksandr Yanovskiy

---

Posted by WebUser Aleksandr Yanovskiy

Silver

Public IP address behind router

Lets say I want to use first scenario... i can set 92.x.x.253 as a secondary ip address on wan interface of 1841, but what about wan interface of zywall? it will use same ip address as my wan interface on router? As of second option i'm not sure i can configure that. And one more thing this zywall is another agency device. Its not of our company.

---

Posted by WebUser Mursel Musabasic

6148
Views
0
Helpful
10
Replies
CreatePlease login to create content