05-10-2006 11:16 PM - edited 03-03-2019 12:39 PM
Hello,
we have a leased line from the german telekom with an official subnet 217.xxx.xxx.184 255.255.255.248.
The telekom installed a cisco router as their end point in our rack. This telekom cisco router is connected via crossover cable to our cisco router.
The telekom router has the first ip of the official subnet (217.xxx.xxx.185).
I have configured the fa 0/0 interface of our router, which is connected to the telekom router, with the second official ip address out of the subnet. On the fa 0/1 interface of our router, i have configured a local ip address of our LAN behind our cisco router.
We do not have access to the telekom router.
Here an extract out of our config:
int fa 0/0
ip address 217.xxx.xxx.186 255.255.255.248
int fa 0/1
ip address 192.168.xxx.253 255.255.255.0
ip route 0.0.0.0 0.0.0.0 217.xxx.xxx.185
ip route 217.xxx.xxx.187 255.255.255.255 FastEthernet 0/1
ip route 217.xxx.xxx.188 255.255.255.255 FastEthernet 0/1
ip route 217.xxx.xxx.189 255.255.255.255 FastEthernet 0/1
ip route 217.xxx.xxx.190 255.255.255.255 FastEthernet 0/1
ip classless
ip cef
ip subnet zero
There is nat enable and an access-list for incoming traffic. But i unset both for testing.
Traceroute from outside comes up to our cisco router, but not up to our systems behind our router. There is nothing between our router and our systems which could block the requests. Also a telnet to an open tcp port on our systems where a service is listen on, does not work.
I have configured the systems with an official ip address out of the subnet and once the router internal ip as gateway and once the router official ip as gateway. It seems that the systems find the gateway. But the router does not forward packets from outside to the systems.
Then i tried to configure the fa 0/1 interface with an additional official ip address, but cisco does not support such rubbish.
Any ideas how i can get it to work fine?
05-10-2006 11:39 PM
Hi Friend,
How come sombody from outside will be knowing the route to reach your internal subnet till the time you advertise you internal subnet to your remote location.
I may be able to ping or trace your official ip because it is a routable ip but I will not be able to reach your internal ip range as they are not routable on internet.
You need to define a destination NAT so that any one hitting your external ip is translated to your internal ip range.
HTH
Ankur
05-12-2006 12:37 AM
Hi Ankur,
there is a misunderstanding. The server in the internal subnet, have configured ip addresses out of the official subnet as well.
i have tried to assign an official address on int fa 0/1 as secondary as shown below:
ip address 217.xxx.xxx.189 255.255.255.248 secondary
and got this message:
% 217.xxx.xxx.184 is assigned to FastEthernet0/0
So this is not possible.
Your static nat solution is an idea. But i thought that it would be possible to route the requests from extern to the intern servers with the official ips. I could not believe, that this is not possible in this situation...
REQUESTS FROM
INTERNET TO 217.xxx.xxx.187
||
||
\/
81.xxx.xxx.xxx
Telekom Router
217.xxx.xxx.185
||
||
\/
217.xxx.xxx.186
Our Router
192.168.xxx.253
||
||
\/
Cisco Switch
||
||
\/
217.xxx.xxx.187
192.168.xxx.200
Server
(Default Gateway is 217.xxx.xxx.186)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide