Announcement

Collapse
No announcement yet.

Cisco 3620 NAT/PAT problem

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco 3620 NAT/PAT problem

    Hello,

    I am running a cisco 3620 router connected to a Alcatel speedtouch pro ADSL modem(running in bridging mode), the Cisco is taking care of the internet connection using PPPOE on one of the ethernet interfaces.

    A LAN is running on the second interface and there is a dialer interface for the DSL connection.

    What I am trying to do is work out how to setup a web/mail server on the private LAN with a private address and have this server available for people on the internet.

    I thought I figured it out but when I try and access the web server by either the FQDN or via the actual ip address it doesnt work.

    I would also like to know how to get the router to automatically update Zoneedit when there is an ip address change detected on th dialer interface if this can be done.

    Any help you gurus can give would be greatly appreciated as my head has a huge bruise on it from banging it against the router.

    Config attached

    !
    version 12.3
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname router
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret 5 password
    enable password password
    !
    no aaa new-model
    ip subnet-zero
    !
    !
    ip cef
    ip name-server 192.231.203.132
    no ip dhcp conflict logging
    !
    ip dhcp pool localnet
    network 10.0.0.0 255.0.0.0
    domain-name domain.com
    dns-server 192.231.203.132 192.231.203.3
    default-router 10.0.0.200
    lease 30
    !
    vpdn enable
    !
    vpdn-group 1
    request-dialin
    protocol pppoe
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    interface Serial0/0
    no ip address
    shutdown
    serial restart-delay 0
    !
    interface Serial0/1
    no ip address
    shutdown
    serial restart-delay 0
    no cdp enable
    !
    interface Serial0/2
    no ip address
    shutdown
    serial restart-delay 0
    no cdp enable
    !
    interface Serial0/3
    no ip address
    shutdown
    serial restart-delay 0
    no cdp enable
    !
    interface Ethernet1/0
    description ADSL WAN
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    no ip mroute-cache
    half-duplex
    pppoe enable
    pppoe-client dial-pool-number 1
    no cdp enable
    !
    interface Ethernet1/1
    ip address 10.0.0.200 255.0.0.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    no ip mroute-cache
    half-duplex
    no cdp enable
    !
    interface Ethernet1/2
    no ip address
    half-duplex
    no cdp enable
    !
    interface Ethernet1/3
    no ip address
    half-duplex
    no cdp enable
    !
    interface Dialer1
    description ADSL WAN Dialer
    mtu 1492
    ip address negotiated
    no ip unreachables
    ip nat outside
    encapsulation ppp
    no ip mroute-cache
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication chap callin
    ppp chap hostname [email protected]
    ppp chap password 0 password
    ppp pap sent-username [email protected] password 0 password
    !
    ip nat inside source list 10 interface Dialer1 overload
    ip nat inside source static tcp 10.0.0.110 1143 interface Dialer1 1143
    ip nat inside source static udp 10.0.0.110 53 interface Dialer1 53
    ip nat inside source static tcp 10.0.0.110 993 interface Dialer1 993
    ip nat inside source static tcp 10.0.0.110 995 interface Dialer1 995
    ip nat inside source static tcp 10.0.0.110 143 interface Dialer1 143
    ip nat inside source static tcp 10.0.0.110 110 interface Dialer1 110
    ip nat inside source static tcp 10.0.0.110 32001 interface Dialer1 32001
    ip nat inside source static tcp 10.0.0.110 32000 interface Dialer1 32000
    ip nat inside source static tcp 10.0.0.110 25 interface Dialer1 25
    ip nat inside source static tcp 10.0.0.110 80 interface Dialer1 80
    no ip http server
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer1
    !
    !
    access-list 1 permit 10.0.0.0 0.0.0.255
    access-list 10 permit any
    dialer-list 1 protocol ip permit
    no cdp run
    !
    snmp-server community public RO
    snmp-server enable traps tty
    !
    !
    dial-peer cor custom
    !
    !
    !
    !
    line con 0
    exec-timeout 0 0
    line aux 0
    line vty 0 4
    password password
    login
    !
    !
    end

    thanks
    ikhan42

  • #2
    Re: Cisco 3620 NAT/PAT problem

    sorry just let me clarify I have just found out that the sites are available from on the internet just not for me. Is there any reason why I wouldnt be able to access the the website from my local network using the FQDN?

    Is there a way around this issue aside from adding the host into a host file on the local machine.

    Also still dont know how to fix the ddns issue to get zoneedit to upate automatically.

    thanks
    ikhan42

    Comment


    • #3
      Re: Cisco 3620 NAT/PAT problem

      1. You will need to use satic public IP for NAT rules.

      2. Using router/PIX as firewall is a bad idea.
      Consider to use Netscreen 5GT/25/50 as firewall and drop the Cisco 3620.

      Regards,

      Yuval
      Best Regards,

      Yuval Sinay

      LinkedIn: https://www.linkedin.com/in/yuval14, Blog: http://blogs.microsoft.co.il/blogs/yuval14

      Comment


      • #4
        Re: Cisco 3620 NAT/PAT problem

        Add the following line
        ip nat inside source static tcp 10.0.0.110 53 interface Dialer1 53

        Comment


        • #5
          Re: Cisco 3620 NAT/PAT problem

          Why are you using also an alcatal modem, if the router is doing this?
          Check if you can access the website by using the ip address

          Comment


          • #6
            Re: Cisco 3620 NAT/PAT problem

            Hi ikhan42,

            Thanks for your post on the Cisco forum!

            Unfortunately, the router is never going to update your DDNS provider. It would need some kind of application loaded on it to do that and it just doesn't have that. Now, I have see some Linksys routers that will update certain DDNS providers.

            You should be able to run a PC-based application to have the PC resolve its Internet DNS address (to get its current IP address) and update the DDNS provider.

            Let me look at your config some more and get back to you on the NAT rules.

            David
            David Davis - Petri Forums Moderator & Video Training Author
            Train Signal - The Global Leader in IT Video Training
            TrainSignalTraining.com - Free IT Training Products
            Personal Websites: HappyRouter.com & VMwareVideos.com

            Comment


            • #7
              Re: Cisco 3620 NAT/PAT problem

              there is information on cisco about doing ddns stuff on the routers refer http://www.cisco.com/en/US/partner/p...0804461ba.html

              doesnt this imply the router can do the updates ??? or am I confused?

              I am using the alcatel for the modem function as I dont have an adsl card for the 3620 and dont really want to buy when when have a piece of hardware that I can use as a transparent bridge to connect to the DSL line.

              Thanks for the help guys.

              Ikhan42

              Comment


              • #8
                Re: Cisco 3620 NAT/PAT problem

                ikhan,

                WOW, I should never say never. You are correct. Released in the new Cisco IOS 12.4, they are now offering the capability to do DDNS updates with the Cisco IOS. I had seen it in the lower end routers like NetGear and Linksys but never in the IOS. Very interesting.

                Here is the customer link so that anyone can access the Cisco docs on this:

                http://www.cisco.com/en/US/products/...080359e69.html

                In this doc, it specifically mentions Zoneedit (your DDNS service) and the URL to update them using DDNS-
                ZONEEDIT
                http://USERNAME:[email protected]/auth/dynamic.html?host=<h>&dnsto=<a>

                The DDNS services I had used had been an executable that ran on a Windows or Linux box so this is a very cool feature, in my opinion, to incorporate in the Cisco IOS.

                Thanks,
                David
                David Davis - Petri Forums Moderator & Video Training Author
                Train Signal - The Global Leader in IT Video Training
                TrainSignalTraining.com - Free IT Training Products
                Personal Websites: HappyRouter.com & VMwareVideos.com

                Comment


                • #9
                  Re: Cisco 3620 NAT/PAT problem

                  Does your version of 12.3 have the DDNS features in it? You should be able to tell by typing
                  ip ddns ?
                  And see if you get a list of options.

                  If you get this

                  Router(config)#ip ddns ?
                  % Unrecognized command

                  Then you need to upgrade your IOS to a version that has DDNS built in.

                  Let us know

                  David
                  David Davis - Petri Forums Moderator & Video Training Author
                  Train Signal - The Global Leader in IT Video Training
                  TrainSignalTraining.com - Free IT Training Products
                  Personal Websites: HappyRouter.com & VMwareVideos.com

                  Comment

                  Working...
                  X