Announcement

Collapse
No announcement yet.

URGENT! Trying to route cisco ip to isa and no joy

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • URGENT! Trying to route cisco ip to isa and no joy

    SBS 2003 SP2 / ISA 2004 SP2 / CISCO 1721

    I just got a new T1 via covad and it only came with one public static, which is I guess my first mistake. My WAN is as follows and the servers and workstations can surf just fine, but I am clueless of how to get mail/RDP routed to the servers the show run is below, I hope the entries are correct, trying to map the public ip to the wan interface on each given port what exactly do I do in ISA to bring this all together I have tried to create a new network item, then I set up pub and access rules to route 192.168.1.2 to the ISA server, 192.168.16.2 but no go I am far from knowing what to do so please pretend I know nothing in your explanation - Thanks

    Ethernet adapter Local Area Connection WAN:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port Server
    pter #2
    Physical Address. . . . . . . . . : 00-04-23-CE-50-01
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.168.1.2
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.1
    DNS Servers . . . . . . . . . . . : 192.168.16.2
    NetBIOS over Tcpip. . . . . . . . : Disabled




    c1721#show run
    Building configuration...

    Current configuration : 1883 bytes
    !
    version 12.3
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname c1721
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret 5 $1$CA.4$oYa592ALHcjnx5e1O9Kuv0
    !
    mmi polling-interval 60
    no mmi auto-configure
    no mmi pvc
    mmi snmp-timeout 180
    no aaa new-model
    ip subnet-zero
    ip cef
    !
    !
    !
    !
    no ftp-server write-enable
    !
    !
    !
    !
    interface FastEthernet0
    ip address 192.168.1.1 255.255.255.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    speed auto
    !
    interface Serial0
    no ip address
    encapsulation frame-relay IETF
    service-module t1 timeslots 1-24
    frame-relay lmi-type ansi
    !
    interface Serial0.1 point-to-point
    frame-relay interface-dlci 16 ppp Virtual-Template1
    !
    interface Virtual-Template1
    ip address negotiated
    ip nat outside
    ppp chap hostname [email protected]
    ppp chap password 7 005316535C0A0A0556
    ppp ipcp dns request
    ppp ipcp route default
    ppp ipcp address accept
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 172.31.255.254
    ip route 0.0.0.0 0.0.0.0 172.31.255.250
    ip route 0.0.0.0 0.0.0.0 172.31.255.246
    ip route 0.0.0.0 0.0.0.0 172.31.255.242
    ip route 0.0.0.0 0.0.0.0 172.22.0.1
    !
    no ip http server
    ip nat inside source list 7 interface Virtual-Template1 overload
    ip nat inside source static tcp 192.168.1.2 25 67.103.247.XXX 25 extendable
    ip nat inside source static udp 192.168.1.2 25 67.103.247.XXX 25 extendable
    ip nat inside source static tcp 192.168.1.2 110 67.103.247.XXX 110 extendable
    ip nat inside source static udp 192.168.1.2 110 67.103.247.XXX 110 extendable
    ip nat inside source static tcp 192.168.1.2 3389 67.103.247.XXX 3389 extendable
    ip nat inside source static udp 192.168.1.2 3389 67.103.247.XXX 3389 extendable
    !
    access-list 7 permit 192.168.1.0 0.0.0.255
    !
    control-plane
    !
    !
    line con 0
    password 7 070C715A6E0D
    line aux 0
    line vty 0 4
    password 7 011056127B0F
    login
    !
    end

    c1721#

  • #2
    Re: URGENT! Trying to route cisco ip to isa and no joy

    Arrrrgh!
    ISA is a firewall - you need 2 NICS!
    The following ports should then be forwarded from the CISCO to ISA as needed:

    25 - SMTP
    80 - WWW
    110 - POP3
    443 - SSL
    444 - COMPANYWEB
    1723 - PPTP
    4125 - RWW
    TIA

    Steven Teiger [SBS-MVP(2003-2009)]
    http://www.wintra.co.il/
    sigpic
    Im honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

    We dont stop playing because we grow old, we grow old because we stop playing.

    Comment


    • #3
      Re: URGENT! Trying to route cisco ip to isa and no joy

      Originally posted by teiger View Post
      Arrrrgh!
      ISA is a firewall - you need 2 NICS!
      The following ports should then be forwarded from the CISCO to ISA as needed:

      25 - SMTP
      80 - WWW
      110 - POP3
      443 - SSL
      444 - COMPANYWEB
      1723 - PPTP
      4125 - RWW
      It is dual homed, no worries I got it working - just had to find the right isa combo

      Comment


      • #4
        Re: URGENT! Trying to route cisco ip to isa and no joy

        Originally posted by Kurt View Post
        - just had to find the right isa combo
        Which was?
        TIA

        Steven Teiger [SBS-MVP(2003-2009)]
        http://www.wintra.co.il/
        sigpic
        Im honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

        We dont stop playing because we grow old, we grow old because we stop playing.

        Comment

        Working...
        X