Announcement

Collapse
No announcement yet.

Cisco 1710 behind Adit600 from windstream

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco 1710 behind Adit600 from windstream

    hello all, i have limited experience with cisco boxes but i still love to try and use them...anyway, im trying to implement one at a new site and the config i have isn't working...the client has a 5 ip block with windstream.net and were on a firebox and it crapped out so i got a Cisco 1710 router off ebay to replace it...any way, i was hoping i could post my config and get help troubleshooting why it isn't working...i can ping the public ip address but not the gateway....and any help would be appreciated



    Current configuration : 1576 bytes
    !
    version 12.3
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname Router
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret 5 $1$oMEP$C5cBGhSNZxW9VqKGHCqWH0
    enable password cisco
    !
    memory-size iomem 20
    no aaa new-model
    ip subnet-zero
    !
    !
    ip name-server 10.0.0.8
    !
    ip cef
    ip audit po max-events 100
    !
    !
    !
    !
    !
    !
    !
    !
    interface Ethernet0
    description WAN
    ip address *.*.56.67 255.255.255.248 secondary
    ip address *.*.56.68 255.255.255.248 secondary
    ip address *.*.56.69 255.255.255.248 secondary
    ip address *.*.56.70 255.255.255.248 secondary
    ip address *.*.56.66 255.255.255.248
    ip nat outside
    full-duplex
    !
    interface FastEthernet0
    description LAN
    ip address 10.0.0.2 255.255.255.0
    ip nat inside
    speed auto
    full-duplex
    !
    ip nat inside source static tcp 10.0.0.9 25 *.*.56.66 25 extendable
    ip nat inside source static tcp 10.0.0.9 80 *.*.56.66 80 extendable
    ip nat inside source static tcp 10.0.0.9 443 *..56.66 443 extendable
    ip nat inside source static tcp 10.0.0.9 110 *.*.56.66 110 extendable
    ip nat inside source static tcp 10.0.0.3 3389 *.*.56.69 3389 extendable
    ip nat inside source static tcp 10.0.0.8 1723 *.*.56.67 1723 extendable
    ip classless
    ip route 0.0.0.0 0.0.0.0 *.*.56.65
    no ip http server
    no ip http secure-server
    !
    !
    access-list 110 permit tcp host 10.0.0.9 any eq smtp
    access-list 110 deny tcp any any eq smtp
    access-list 110 permit ip 10.0.0.0 0.0.0.255 any
    !
    !
    !
    line con 0
    line aux 0
    line vty 0 4
    password cisco
    login
    !
    end



    thanks again for any help

  • #2
    Re: Cisco 1710 behind Adit600 from windstream

    Being in the UK I don't know what the Windstream hardware is but I am guessing it is some kind of gateway to your internet connection.

    If this is the case then doesn't that device handle the NAT translations and get allocated public IP address from the ISP? All you would then require on the Cisco WAN interface is a single address and default route.
    Infrastructure Architect
    CCNA, CCNA Security, MCSE, JNCIS

    Comment


    • #3
      Re: Cisco 1710 behind Adit600 from windstream

      no it does not handle the nat...the previous device was a watchguard firebox x500 that handled the ip block and even if it did, i need the cisco to hadnle it...i had someone tell me im missing an acl to allow the inside users to nat outside but i thought i had that with this

      access-list 110 permit ip 10.0.0.0 0.0.0.255 any

      but i guess not...thanks for your time

      Comment


      • #4
        Re: Cisco 1710 behind Adit600 from windstream

        What exactly do you want to do? You don't need an ACL if you want to provide static NAT.

        You have 5 public IPs but i take it you have more than 5 private hosts that wish to access the internet so it will be better to config NAT overload.

        Delete your NAT and ACL configuration and use the following:

        You have already got the inside/outside interfaces
        Router(config)# int fastethernet0
        Router(config-if)# ip nat inside
        Router(config)# int Ethernet0
        Router(config-if)# ip nat outside

        Set NAT pool of allocate public addresses
        Router(config)# ip nat pool PUBLIC *.*.56.66 *.*.56.70 prefix-length 28

        Configure ACL to allow LAN hosts (amend as you wish)
        Router(config)# ip access-list 10 permit 10.0.0.0 0.0.0.255

        Tie ACL to NAT pool
        Router(config)# ip nat inside source list 10 pool PUBLIC overload
        Infrastructure Architect
        CCNA, CCNA Security, MCSE, JNCIS

        Comment


        • #5
          Re: Cisco 1710 behind Adit600 from windstream

          Ok, i think i have a good running config...this config works but i just wanted to run it by you guys to see if there are any huge flaws i should fix

          Building configuration...
          Current configuration : 1860 bytes
          !
          version 12.3
          service timestamps debug datetime msec
          service timestamps log datetime msec
          no service password-encryption
          !
          hostname Router
          !
          boot-start-marker
          boot-end-marker
          !
          enable secret 5 $1$oMEP$C5cBGhSNZxW9VqKGHCqWH0
          enable password cisco
          !
          memory-size iomem 20
          no aaa new-model
          ip subnet-zero
          !
          !
          ip name-server 10.0.0.8
          !
          ip cef
          ip audit po max-events 100
          !
          !
          !
          !
          !
          !
          !
          !
          interface Ethernet0
          description WAN
          ip address *.*.56.67 255.255.255.248 secondary
          ip address *.*.56.68 255.255.255.248 secondary
          ip address *.*.56.69 255.255.255.248 secondary
          ip address *.*.56.70 255.255.255.248 secondary
          ip address *.*.56.66 255.255.255.248
          no ip redirects
          no ip unreachables
          no ip proxy-arp
          ip nat outside
          full-duplex
          !
          interface FastEthernet0
          description LAN
          ip address 10.0.0.2 255.255.255.0
          no ip redirects
          no ip unreachables
          no ip proxy-arp
          ip nat inside
          speed auto
          full-duplex
          !
          ip nat inside source list NAT-ACL interface Ethernet0 overload
          ip nat inside source static tcp 10.0.0.9 25 *.*.56.66 25 extendable
          ip nat inside source static tcp 10.0.0.9 80 *.*.56.66 80 extendable
          ip nat inside source static tcp 10.0.0.9 443 *.*.56.66 443 extendable
          ip nat inside source static tcp 10.0.0.9 110 *.*.56.66 110 extendable
          ip nat inside source static tcp 10.0.0.3 3389 *.*.56.69 3389 extendable
          ip nat inside source static tcp 10.0.0.8 1723 *.*.56.67 1723 extendable
          ip nat inside source static tcp 10.0.0.3 3389 *.*.56.66 3389 extendable
          ip nat inside source static tcp 10.0.0.8 1723 *.*.56.66 1723 extendable
          ip classless
          ip route 0.0.0.0 0.0.0.0 *.*.56.65
          no ip http server
          no ip http secure-server
          !
          !
          !
          ip access-list extended NAT-ACL
          permit tcp host 10.0.0.9 any eq smtp
          permit ip 10.0.0.0 0.0.0.255 any
          !
          !
          !
          line con 0
          line aux 0
          line vty 0 4
          password cisco
          login
          !
          end

          thanks for all your guys help
          thanks

          Comment

          Working...
          X