Cisco NAT Config for DSLCisco - NAT causes nslookup to return local IPSetup Cisco IOS Static NATASA 5505 w/ Verizon DSLforward same port but for two different IPs (cisco)Cisco NAT failing on 3700 seriesHow could I add NAT with private subnet to this Cisco 2500 config?Cisco 1841 router: NAT overload appears to not be working - config problem or host network problem?Cisco ip nat overload algorithmAllowing incoming VPN connections through a Cisco 2921 to a DD-WRT DeviceCisco static NAT not working on LAN side
What is the "ls" directory in my home directory?
Second 100 amp breaker inside existing 200 amp residential panel for new detached garage
Are there any individual aliens that have gained superpowers in the Marvel universe?
Methodology: Writing unit tests for another developer
Find All Possible Unique Combinations of Letters in a Word
Why does independence imply zero correlation?
Covering index used despite missing column
Justifying Affordable Bespoke Spaceships
Extending prime numbers digit by digit while retaining primality
What triggered jesuits' ban on infinitesimals in 1632?
How many people are necessary to maintain modern civilisation?
What are the pros and cons for the two possible "gear directions" when parking the car on a hill?
Explicit song lyrics checker
In the US, can a former president run again?
Dmesg full of I/O errors, smart ok, four disks affected
Is declining an undergraduate award which causes me discomfort appropriate?
Is there a term for the belief that "if it's legal, it's moral"?
Can the pre-order traversal of two different trees be the same even though they are different?
Very tricky nonogram - where to go next?
Drawing a second weapon as part of an attack?
Prisoner on alien planet escapes by making up a story about ghost companions and wins the war
Rejecting an offer after accepting it just 10 days from date of joining
Non-misogynistic way to say “asshole”?
Warnings using NDSolve on wave PDE. "Using maximum number of grid points" , "Warning: scaled local spatial error estimate"
Cisco NAT Config for DSL
Cisco - NAT causes nslookup to return local IPSetup Cisco IOS Static NATASA 5505 w/ Verizon DSLforward same port but for two different IPs (cisco)Cisco NAT failing on 3700 seriesHow could I add NAT with private subnet to this Cisco 2500 config?Cisco 1841 router: NAT overload appears to not be working - config problem or host network problem?Cisco ip nat overload algorithmAllowing incoming VPN connections through a Cisco 2921 to a DD-WRT DeviceCisco static NAT not working on LAN side
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
So, we've had the two weeks from hell with a Verizon DSL install -- but after four man days of our time spent, they finally have that working. But, now I'm struggling with our LAN config.
In short, I have a Verizon DSL connection with 5 static IPs. I want to NAT most of our machines through 1 static IP, and then the balance of static IPs would be used for public facing devices.
The design is:
Verizon DSL Modem -> Cisco 2600 E1/0 ...
Cisco 2600 E0/0 -> 24 port managed switch
The 2600's public interface is at 69.24.8.18.
Below is the config that I currently have tried.
10.20.60.0-255 is the private addresses for the LAN (e0/0). I would like the Cisco to give these out via DHCP. The dns-server 68.94.156.1 68.94.157.1 are good DNS servers. This all looks to be working fine.
69.24.8.18-22 are our static IPs with Verizon. 69.24.8.1 is the default route through Verizon. Subnet mask is 255.255.255.0
69.24.8.18 is the 2600 address as I said. 69.24.8.19 is the NAT pool address for 10.20.60.xxx addresses to share -- but I would love to conserve the IPs and make this pool use the same as the router address (69.24.8.18). I think that's possible, right?
192.168.1.1 is the address of the Verizon DSL Router. 192.168.1.10 is the address of the Cisco on that segment for convenience sake.
The switch is where I'd like to plug in all VoIP phones, and computers into ... whether they have a 10.20.60.xxx or have a public address (e.g., 69.24.8.20-22). Is that doable?
This can't be that hard -- but I'm thinking I'm pretty lame. Any advice?
Cisco-2600#wr
Building configuration...
[OK]
Cisco-2600#sho run
Building configuration...
Current configuration : 2126 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname Cisco-2600
!
logging buffered 4096 debugging
no logging console
enable secret 5 $1$bNtd$Zc9axgSjxOr4nrts9kJVb/
enable password 7 010109114F0E0B0A
!
!
!
!
!
memory-size iomem 15
clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
no ip source-route
ip dhcp excluded-address 10.20.60.1 10.20.60.99
ip dhcp excluded-address 10.20.60.200 10.20.60.254
!
ip dhcp pool dhcp-MainLAN
network 10.20.60.0 255.255.255.0
domain-name something.com
default-router 10.20.60.1
dns-server 68.94.156.1 68.94.157.1
lease 0 2
!
no ip bootp server
!
!
!
interface Loopback1
no ip address
!
interface Ethernet0/0
description Lakefield Private LAN
ip address 10.20.60.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
no ip mroute-cache
half-duplex
no cdp enable
!
interface Ethernet0/1
no ip address
no ip redirects
no ip mroute-cache
shutdown
half-duplex
no cdp enable
!
interface Ethernet1/0
description Verizon-DSL
ip address 69.24.8.18 255.255.255.0
ip nat outside
no ip mroute-cache
half-duplex
no cdp enable
!
router rip
network 10.0.0.0
network 69.0.0.0
!
ip nat pool NAT-Pool 69.24.8.19 69.24.8.19 netmask 255.255.255.0
ip nat inside source list 1 pool NAT-Pool overload
ip classless
ip route 0.0.0.0 0.0.0.0 69.24.8.1
no ip http server
!
logging trap debugging
logging facility local0
access-list 1 permit 10.20.60.0 0.0.0.255
no cdp run
snmp-server engineID local 000000090200003080F34140
snmp-server community RO RO
snmp-server community Cisco-2600 RO
snmp-server community public RO
banner login ^CC
********************************************
* This is a private network. No *
* unauthorized usage without *
* permission. Thank you. *
********************************************
^C
!
line con 0
exec-timeout 60 0
login
line aux 0
line vty 0 4
exec-timeout 1440 0
password 7 0519091A3549430C
login
!
ntp clock-period 17179828
ntp server 192.6.38.127
end
Cisco-2600#
cisco nat
edited Jun 3 at 10:33
serverAdmin123
207115
add a comment |
So, we've had the two weeks from hell with a Verizon DSL install -- but after four man days of our time spent, they finally have that working. But, now I'm struggling with our LAN config.
In short, I have a Verizon DSL connection with 5 static IPs. I want to NAT most of our machines through 1 static IP, and then the balance of static IPs would be used for public facing devices.
The design is:
Verizon DSL Modem -> Cisco 2600 E1/0 ...
Cisco 2600 E0/0 -> 24 port managed switch
The 2600's public interface is at 69.24.8.18.
Below is the config that I currently have tried.
10.20.60.0-255 is the private addresses for the LAN (e0/0). I would like the Cisco to give these out via DHCP. The dns-server 68.94.156.1 68.94.157.1 are good DNS servers. This all looks to be working fine.
69.24.8.18-22 are our static IPs with Verizon. 69.24.8.1 is the default route through Verizon. Subnet mask is 255.255.255.0
69.24.8.18 is the 2600 address as I said. 69.24.8.19 is the NAT pool address for 10.20.60.xxx addresses to share -- but I would love to conserve the IPs and make this pool use the same as the router address (69.24.8.18). I think that's possible, right?
192.168.1.1 is the address of the Verizon DSL Router. 192.168.1.10 is the address of the Cisco on that segment for convenience sake.
The switch is where I'd like to plug in all VoIP phones, and computers into ... whether they have a 10.20.60.xxx or have a public address (e.g., 69.24.8.20-22). Is that doable?
This can't be that hard -- but I'm thinking I'm pretty lame. Any advice?
Cisco-2600#wr
Building configuration...
[OK]
Cisco-2600#sho run
Building configuration...
Current configuration : 2126 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname Cisco-2600
!
logging buffered 4096 debugging
no logging console
enable secret 5 $1$bNtd$Zc9axgSjxOr4nrts9kJVb/
enable password 7 010109114F0E0B0A
!
!
!
!
!
memory-size iomem 15
clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
no ip source-route
ip dhcp excluded-address 10.20.60.1 10.20.60.99
ip dhcp excluded-address 10.20.60.200 10.20.60.254
!
ip dhcp pool dhcp-MainLAN
network 10.20.60.0 255.255.255.0
domain-name something.com
default-router 10.20.60.1
dns-server 68.94.156.1 68.94.157.1
lease 0 2
!
no ip bootp server
!
!
!
interface Loopback1
no ip address
!
interface Ethernet0/0
description Lakefield Private LAN
ip address 10.20.60.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
no ip mroute-cache
half-duplex
no cdp enable
!
interface Ethernet0/1
no ip address
no ip redirects
no ip mroute-cache
shutdown
half-duplex
no cdp enable
!
interface Ethernet1/0
description Verizon-DSL
ip address 69.24.8.18 255.255.255.0
ip nat outside
no ip mroute-cache
half-duplex
no cdp enable
!
router rip
network 10.0.0.0
network 69.0.0.0
!
ip nat pool NAT-Pool 69.24.8.19 69.24.8.19 netmask 255.255.255.0
ip nat inside source list 1 pool NAT-Pool overload
ip classless
ip route 0.0.0.0 0.0.0.0 69.24.8.1
no ip http server
!
logging trap debugging
logging facility local0
access-list 1 permit 10.20.60.0 0.0.0.255
no cdp run
snmp-server engineID local 000000090200003080F34140
snmp-server community RO RO
snmp-server community Cisco-2600 RO
snmp-server community public RO
banner login ^CC
********************************************
* This is a private network. No *
* unauthorized usage without *
* permission. Thank you. *
********************************************
^C
!
line con 0
exec-timeout 60 0
login
line aux 0
line vty 0 4
exec-timeout 1440 0
password 7 0519091A3549430C
login
!
ntp clock-period 17179828
ntp server 192.6.38.127
end
Cisco-2600#
cisco nat
edited Jun 3 at 10:33
serverAdmin123
207115
This is kind of a 'do my work for me post'. Maybe you should state what isn't working in particular?
– Kyle Brandt
Aug 1 '09 at 13:52
add a comment |
So, we've had the two weeks from hell with a Verizon DSL install -- but after four man days of our time spent, they finally have that working. But, now I'm struggling with our LAN config.
In short, I have a Verizon DSL connection with 5 static IPs. I want to NAT most of our machines through 1 static IP, and then the balance of static IPs would be used for public facing devices.
The design is:
Verizon DSL Modem -> Cisco 2600 E1/0 ...
Cisco 2600 E0/0 -> 24 port managed switch
The 2600's public interface is at 69.24.8.18.
Below is the config that I currently have tried.
10.20.60.0-255 is the private addresses for the LAN (e0/0). I would like the Cisco to give these out via DHCP. The dns-server 68.94.156.1 68.94.157.1 are good DNS servers. This all looks to be working fine.
69.24.8.18-22 are our static IPs with Verizon. 69.24.8.1 is the default route through Verizon. Subnet mask is 255.255.255.0
69.24.8.18 is the 2600 address as I said. 69.24.8.19 is the NAT pool address for 10.20.60.xxx addresses to share -- but I would love to conserve the IPs and make this pool use the same as the router address (69.24.8.18). I think that's possible, right?
192.168.1.1 is the address of the Verizon DSL Router. 192.168.1.10 is the address of the Cisco on that segment for convenience sake.
The switch is where I'd like to plug in all VoIP phones, and computers into ... whether they have a 10.20.60.xxx or have a public address (e.g., 69.24.8.20-22). Is that doable?
This can't be that hard -- but I'm thinking I'm pretty lame. Any advice?
Cisco-2600#wr
Building configuration...
[OK]
Cisco-2600#sho run
Building configuration...
Current configuration : 2126 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname Cisco-2600
!
logging buffered 4096 debugging
no logging console
enable secret 5 $1$bNtd$Zc9axgSjxOr4nrts9kJVb/
enable password 7 010109114F0E0B0A
!
!
!
!
!
memory-size iomem 15
clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
no ip source-route
ip dhcp excluded-address 10.20.60.1 10.20.60.99
ip dhcp excluded-address 10.20.60.200 10.20.60.254
!
ip dhcp pool dhcp-MainLAN
network 10.20.60.0 255.255.255.0
domain-name something.com
default-router 10.20.60.1
dns-server 68.94.156.1 68.94.157.1
lease 0 2
!
no ip bootp server
!
!
!
interface Loopback1
no ip address
!
interface Ethernet0/0
description Lakefield Private LAN
ip address 10.20.60.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
no ip mroute-cache
half-duplex
no cdp enable
!
interface Ethernet0/1
no ip address
no ip redirects
no ip mroute-cache
shutdown
half-duplex
no cdp enable
!
interface Ethernet1/0
description Verizon-DSL
ip address 69.24.8.18 255.255.255.0
ip nat outside
no ip mroute-cache
half-duplex
no cdp enable
!
router rip
network 10.0.0.0
network 69.0.0.0
!
ip nat pool NAT-Pool 69.24.8.19 69.24.8.19 netmask 255.255.255.0
ip nat inside source list 1 pool NAT-Pool overload
ip classless
ip route 0.0.0.0 0.0.0.0 69.24.8.1
no ip http server
!
logging trap debugging
logging facility local0
access-list 1 permit 10.20.60.0 0.0.0.255
no cdp run
snmp-server engineID local 000000090200003080F34140
snmp-server community RO RO
snmp-server community Cisco-2600 RO
snmp-server community public RO
banner login ^CC
********************************************
* This is a private network. No *
* unauthorized usage without *
* permission. Thank you. *
********************************************
^C
!
line con 0
exec-timeout 60 0
login
line aux 0
line vty 0 4
exec-timeout 1440 0
password 7 0519091A3549430C
login
!
ntp clock-period 17179828
ntp server 192.6.38.127
end
Cisco-2600#
cisco nat
edited Jun 3 at 10:33
serverAdmin123
207115
So, we've had the two weeks from hell with a Verizon DSL install -- but after four man days of our time spent, they finally have that working. But, now I'm struggling with our LAN config.
In short, I have a Verizon DSL connection with 5 static IPs. I want to NAT most of our machines through 1 static IP, and then the balance of static IPs would be used for public facing devices.
The design is:
Verizon DSL Modem -> Cisco 2600 E1/0 ...
Cisco 2600 E0/0 -> 24 port managed switch
The 2600's public interface is at 69.24.8.18.
Below is the config that I currently have tried.
10.20.60.0-255 is the private addresses for the LAN (e0/0). I would like the Cisco to give these out via DHCP. The dns-server 68.94.156.1 68.94.157.1 are good DNS servers. This all looks to be working fine.
69.24.8.18-22 are our static IPs with Verizon. 69.24.8.1 is the default route through Verizon. Subnet mask is 255.255.255.0
69.24.8.18 is the 2600 address as I said. 69.24.8.19 is the NAT pool address for 10.20.60.xxx addresses to share -- but I would love to conserve the IPs and make this pool use the same as the router address (69.24.8.18). I think that's possible, right?
192.168.1.1 is the address of the Verizon DSL Router. 192.168.1.10 is the address of the Cisco on that segment for convenience sake.
The switch is where I'd like to plug in all VoIP phones, and computers into ... whether they have a 10.20.60.xxx or have a public address (e.g., 69.24.8.20-22). Is that doable?
This can't be that hard -- but I'm thinking I'm pretty lame. Any advice?
Cisco-2600#wr
Building configuration...
[OK]
Cisco-2600#sho run
Building configuration...
Current configuration : 2126 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname Cisco-2600
!
logging buffered 4096 debugging
no logging console
enable secret 5 $1$bNtd$Zc9axgSjxOr4nrts9kJVb/
enable password 7 010109114F0E0B0A
!
!
!
!
!
memory-size iomem 15
clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
no ip source-route
ip dhcp excluded-address 10.20.60.1 10.20.60.99
ip dhcp excluded-address 10.20.60.200 10.20.60.254
!
ip dhcp pool dhcp-MainLAN
network 10.20.60.0 255.255.255.0
domain-name something.com
default-router 10.20.60.1
dns-server 68.94.156.1 68.94.157.1
lease 0 2
!
no ip bootp server
!
!
!
interface Loopback1
no ip address
!
interface Ethernet0/0
description Lakefield Private LAN
ip address 10.20.60.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
no ip mroute-cache
half-duplex
no cdp enable
!
interface Ethernet0/1
no ip address
no ip redirects
no ip mroute-cache
shutdown
half-duplex
no cdp enable
!
interface Ethernet1/0
description Verizon-DSL
ip address 69.24.8.18 255.255.255.0
ip nat outside
no ip mroute-cache
half-duplex
no cdp enable
!
router rip
network 10.0.0.0
network 69.0.0.0
!
ip nat pool NAT-Pool 69.24.8.19 69.24.8.19 netmask 255.255.255.0
ip nat inside source list 1 pool NAT-Pool overload
ip classless
ip route 0.0.0.0 0.0.0.0 69.24.8.1
no ip http server
!
logging trap debugging
logging facility local0
access-list 1 permit 10.20.60.0 0.0.0.255
no cdp run
snmp-server engineID local 000000090200003080F34140
snmp-server community RO RO
snmp-server community Cisco-2600 RO
snmp-server community public RO
banner login ^CC
********************************************
* This is a private network. No *
* unauthorized usage without *
* permission. Thank you. *
********************************************
^C
!
line con 0
exec-timeout 60 0
login
line aux 0
line vty 0 4
exec-timeout 1440 0
password 7 0519091A3549430C
login
!
ntp clock-period 17179828
ntp server 192.6.38.127
end
Cisco-2600#
cisco nat
cisco nat
edited Jun 3 at 10:33
serverAdmin123
207115
edited Jun 3 at 10:33
serverAdmin123
207115
edited Jun 3 at 10:33
serverAdmin123
207115
edited Jun 3 at 10:33
serverAdmin123
207115
edited Jun 3 at 10:33
serverAdmin123
207115
207115
asked Aug 1 '09 at 1:03
Neil Ticktin
This is kind of a 'do my work for me post'. Maybe you should state what isn't working in particular?
– Kyle Brandt
Aug 1 '09 at 13:52
add a comment |
This is kind of a 'do my work for me post'. Maybe you should state what isn't working in particular?
– Kyle Brandt
Aug 1 '09 at 13:52
This is kind of a 'do my work for me post'. Maybe you should state what isn't working in particular?
– Kyle Brandt
Aug 1 '09 at 13:52
This is kind of a 'do my work for me post'. Maybe you should state what isn't working in particular?
– Kyle Brandt
Aug 1 '09 at 13:52
add a comment |
2 Answers
2
active
oldest
votes
This can't be that hard -- but I'm thinking I'm pretty lame. Any advice?
I hate to suggest something non-cisco, but you are running older end of life'd Cisco routers -- so I will. When my PIX 506e burned up, I replaced it with a tinsy system from LogicSupply running Vyatta and have been nothing but impressed.
I just shipped out a production VMWare machine running 6 static IP's, 3 internal networks (10.0.1.0/24, 10.0.2.0/24, 10.0.3.0/24), all natting out of one IP, and all 6 external IP's randomly port forwarding inward with no respect for any one to one mappings.
If you had a spare machine you could replace the 2600 with, or purchase something solid state from LogicSupply -- you would be extremely impressed with Vyatta .. and want to shoot yourself in the foot for using the 2600 for anything but a doorstop.
password 7 0519091A3549430C
It goes without saying -- but you've posted your private IP's, router, router config, and hashed password online. Your going to change that password right?
answered Aug 1 '09 at 2:22
SirStanSirStan
2,2811319
Yep -- changed the password, and the statics were never the ones listed. I ended up using simple NAT on this 2600 to work, and all is well now. It was just a matter of getting it right. Thanks! Neil
– Neil Ticktin
Aug 16 '09 at 22:32
add a comment |
Here's what I ended up with if anyone needs this for the future...
Current configuration : 3119 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname Xplain-2600
!
logging buffered 4096 debugging
no logging console
enable secret [snipped]
enable password [snipped]
!
!
!
!
!
memory-size iomem 15
clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
no ip source-route
ip dhcp excluded-address 192.168.2.1 192.168.2.127
ip dhcp excluded-address 192.168.2.192 192.168.2.254
!
ip dhcp pool dhcp-MainLAN
network 192.168.2.0 255.255.255.0
domain-name xplain.com
default-router 192.168.2.1
dns-server 68.238.96.12 68.238.64.12
lease 0 2
!
no ip bootp server
!
!
!
interface Loopback1
no ip address
!
interface Ethernet0/0
description Lakefield Private LAN
ip address 192.168.2.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
no ip mroute-cache
half-duplex
no cdp enable
!
interface Ethernet0/1
no ip address
no ip redirects
no ip mroute-cache
shutdown
half-duplex
no cdp enable
!
interface Ethernet1/0
description Verizon-DSL
ip address 98.211.4.130 255.255.255.0
ip nat outside
no ip mroute-cache
half-duplex
no cdp enable
!
ip nat inside source list 1 interface Ethernet1/0 overload
ip nat inside source static 192.168.2.10 98.211.4.131 extendable
ip nat inside source static 192.168.2.22 98.211.4.132 extendable
ip nat inside source static tcp 192.168.2.200 407 98.211.4.134 860 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 98.211.4.1
no ip http server
!
logging trap debugging
logging facility local0
access-list 1 permit 192.168.2.128 0.0.0.63
access-list 1 permit 192.168.2.64 0.0.0.63
access-list 1 permit 192.168.2.192 0.0.0.63
access-list 1 permit 192.168.2.0 0.0.0.63
no cdp run
snmp-server engineID local 000000090200003080F34140
snmp-server community RO RO
snmp-server community Xplain-2600 RO
snmp-server community public RO
banner login ^CC
This is a private network. No *
unauthorized usage without *
permission. Thank you. *
^C
!
line con 0
exec-timeout 60 0
login
line aux 0
line vty 0 4
exec-timeout 1440 0
password [snipped]
login
!
ntp clock-period 17179828
ntp server 192.6.38.127
end
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f48741%2fcisco-nat-config-for-dsl%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
This can't be that hard -- but I'm thinking I'm pretty lame. Any advice?
I hate to suggest something non-cisco, but you are running older end of life'd Cisco routers -- so I will. When my PIX 506e burned up, I replaced it with a tinsy system from LogicSupply running Vyatta and have been nothing but impressed.
I just shipped out a production VMWare machine running 6 static IP's, 3 internal networks (10.0.1.0/24, 10.0.2.0/24, 10.0.3.0/24), all natting out of one IP, and all 6 external IP's randomly port forwarding inward with no respect for any one to one mappings.
If you had a spare machine you could replace the 2600 with, or purchase something solid state from LogicSupply -- you would be extremely impressed with Vyatta .. and want to shoot yourself in the foot for using the 2600 for anything but a doorstop.
password 7 0519091A3549430C
It goes without saying -- but you've posted your private IP's, router, router config, and hashed password online. Your going to change that password right?
answered Aug 1 '09 at 2:22
SirStanSirStan
2,2811319
Yep -- changed the password, and the statics were never the ones listed. I ended up using simple NAT on this 2600 to work, and all is well now. It was just a matter of getting it right. Thanks! Neil
– Neil Ticktin
Aug 16 '09 at 22:32
add a comment |
This can't be that hard -- but I'm thinking I'm pretty lame. Any advice?
I hate to suggest something non-cisco, but you are running older end of life'd Cisco routers -- so I will. When my PIX 506e burned up, I replaced it with a tinsy system from LogicSupply running Vyatta and have been nothing but impressed.
I just shipped out a production VMWare machine running 6 static IP's, 3 internal networks (10.0.1.0/24, 10.0.2.0/24, 10.0.3.0/24), all natting out of one IP, and all 6 external IP's randomly port forwarding inward with no respect for any one to one mappings.
If you had a spare machine you could replace the 2600 with, or purchase something solid state from LogicSupply -- you would be extremely impressed with Vyatta .. and want to shoot yourself in the foot for using the 2600 for anything but a doorstop.
password 7 0519091A3549430C
It goes without saying -- but you've posted your private IP's, router, router config, and hashed password online. Your going to change that password right?
answered Aug 1 '09 at 2:22
SirStanSirStan
2,2811319
Yep -- changed the password, and the statics were never the ones listed. I ended up using simple NAT on this 2600 to work, and all is well now. It was just a matter of getting it right. Thanks! Neil
– Neil Ticktin
Aug 16 '09 at 22:32
add a comment |
This can't be that hard -- but I'm thinking I'm pretty lame. Any advice?
I hate to suggest something non-cisco, but you are running older end of life'd Cisco routers -- so I will. When my PIX 506e burned up, I replaced it with a tinsy system from LogicSupply running Vyatta and have been nothing but impressed.
I just shipped out a production VMWare machine running 6 static IP's, 3 internal networks (10.0.1.0/24, 10.0.2.0/24, 10.0.3.0/24), all natting out of one IP, and all 6 external IP's randomly port forwarding inward with no respect for any one to one mappings.
If you had a spare machine you could replace the 2600 with, or purchase something solid state from LogicSupply -- you would be extremely impressed with Vyatta .. and want to shoot yourself in the foot for using the 2600 for anything but a doorstop.
password 7 0519091A3549430C
It goes without saying -- but you've posted your private IP's, router, router config, and hashed password online. Your going to change that password right?
answered Aug 1 '09 at 2:22
SirStanSirStan
2,2811319
This can't be that hard -- but I'm thinking I'm pretty lame. Any advice?
I hate to suggest something non-cisco, but you are running older end of life'd Cisco routers -- so I will. When my PIX 506e burned up, I replaced it with a tinsy system from LogicSupply running Vyatta and have been nothing but impressed.
I just shipped out a production VMWare machine running 6 static IP's, 3 internal networks (10.0.1.0/24, 10.0.2.0/24, 10.0.3.0/24), all natting out of one IP, and all 6 external IP's randomly port forwarding inward with no respect for any one to one mappings.
If you had a spare machine you could replace the 2600 with, or purchase something solid state from LogicSupply -- you would be extremely impressed with Vyatta .. and want to shoot yourself in the foot for using the 2600 for anything but a doorstop.
password 7 0519091A3549430C
It goes without saying -- but you've posted your private IP's, router, router config, and hashed password online. Your going to change that password right?
answered Aug 1 '09 at 2:22
SirStanSirStan
2,2811319
answered Aug 1 '09 at 2:22
SirStanSirStan
2,2811319
answered Aug 1 '09 at 2:22
SirStanSirStan
2,2811319
answered Aug 1 '09 at 2:22
SirStanSirStan
2,2811319
2,2811319
Yep -- changed the password, and the statics were never the ones listed. I ended up using simple NAT on this 2600 to work, and all is well now. It was just a matter of getting it right. Thanks! Neil
– Neil Ticktin
Aug 16 '09 at 22:32
add a comment |
Yep -- changed the password, and the statics were never the ones listed. I ended up using simple NAT on this 2600 to work, and all is well now. It was just a matter of getting it right. Thanks! Neil
– Neil Ticktin
Aug 16 '09 at 22:32
Yep -- changed the password, and the statics were never the ones listed. I ended up using simple NAT on this 2600 to work, and all is well now. It was just a matter of getting it right. Thanks! Neil
– Neil Ticktin
Aug 16 '09 at 22:32
Yep -- changed the password, and the statics were never the ones listed. I ended up using simple NAT on this 2600 to work, and all is well now. It was just a matter of getting it right. Thanks! Neil
– Neil Ticktin
Aug 16 '09 at 22:32
add a comment |
Here's what I ended up with if anyone needs this for the future...
Current configuration : 3119 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname Xplain-2600
!
logging buffered 4096 debugging
no logging console
enable secret [snipped]
enable password [snipped]
!
!
!
!
!
memory-size iomem 15
clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
no ip source-route
ip dhcp excluded-address 192.168.2.1 192.168.2.127
ip dhcp excluded-address 192.168.2.192 192.168.2.254
!
ip dhcp pool dhcp-MainLAN
network 192.168.2.0 255.255.255.0
domain-name xplain.com
default-router 192.168.2.1
dns-server 68.238.96.12 68.238.64.12
lease 0 2
!
no ip bootp server
!
!
!
interface Loopback1
no ip address
!
interface Ethernet0/0
description Lakefield Private LAN
ip address 192.168.2.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
no ip mroute-cache
half-duplex
no cdp enable
!
interface Ethernet0/1
no ip address
no ip redirects
no ip mroute-cache
shutdown
half-duplex
no cdp enable
!
interface Ethernet1/0
description Verizon-DSL
ip address 98.211.4.130 255.255.255.0
ip nat outside
no ip mroute-cache
half-duplex
no cdp enable
!
ip nat inside source list 1 interface Ethernet1/0 overload
ip nat inside source static 192.168.2.10 98.211.4.131 extendable
ip nat inside source static 192.168.2.22 98.211.4.132 extendable
ip nat inside source static tcp 192.168.2.200 407 98.211.4.134 860 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 98.211.4.1
no ip http server
!
logging trap debugging
logging facility local0
access-list 1 permit 192.168.2.128 0.0.0.63
access-list 1 permit 192.168.2.64 0.0.0.63
access-list 1 permit 192.168.2.192 0.0.0.63
access-list 1 permit 192.168.2.0 0.0.0.63
no cdp run
snmp-server engineID local 000000090200003080F34140
snmp-server community RO RO
snmp-server community Xplain-2600 RO
snmp-server community public RO
banner login ^CC
This is a private network. No *
unauthorized usage without *
permission. Thank you. *
^C
!
line con 0
exec-timeout 60 0
login
line aux 0
line vty 0 4
exec-timeout 1440 0
password [snipped]
login
!
ntp clock-period 17179828
ntp server 192.6.38.127
end
add a comment |
Here's what I ended up with if anyone needs this for the future...
Current configuration : 3119 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname Xplain-2600
!
logging buffered 4096 debugging
no logging console
enable secret [snipped]
enable password [snipped]
!
!
!
!
!
memory-size iomem 15
clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
no ip source-route
ip dhcp excluded-address 192.168.2.1 192.168.2.127
ip dhcp excluded-address 192.168.2.192 192.168.2.254
!
ip dhcp pool dhcp-MainLAN
network 192.168.2.0 255.255.255.0
domain-name xplain.com
default-router 192.168.2.1
dns-server 68.238.96.12 68.238.64.12
lease 0 2
!
no ip bootp server
!
!
!
interface Loopback1
no ip address
!
interface Ethernet0/0
description Lakefield Private LAN
ip address 192.168.2.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
no ip mroute-cache
half-duplex
no cdp enable
!
interface Ethernet0/1
no ip address
no ip redirects
no ip mroute-cache
shutdown
half-duplex
no cdp enable
!
interface Ethernet1/0
description Verizon-DSL
ip address 98.211.4.130 255.255.255.0
ip nat outside
no ip mroute-cache
half-duplex
no cdp enable
!
ip nat inside source list 1 interface Ethernet1/0 overload
ip nat inside source static 192.168.2.10 98.211.4.131 extendable
ip nat inside source static 192.168.2.22 98.211.4.132 extendable
ip nat inside source static tcp 192.168.2.200 407 98.211.4.134 860 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 98.211.4.1
no ip http server
!
logging trap debugging
logging facility local0
access-list 1 permit 192.168.2.128 0.0.0.63
access-list 1 permit 192.168.2.64 0.0.0.63
access-list 1 permit 192.168.2.192 0.0.0.63
access-list 1 permit 192.168.2.0 0.0.0.63
no cdp run
snmp-server engineID local 000000090200003080F34140
snmp-server community RO RO
snmp-server community Xplain-2600 RO
snmp-server community public RO
banner login ^CC
This is a private network. No *
unauthorized usage without *
permission. Thank you. *
^C
!
line con 0
exec-timeout 60 0
login
line aux 0
line vty 0 4
exec-timeout 1440 0
password [snipped]
login
!
ntp clock-period 17179828
ntp server 192.6.38.127
end
add a comment |
Here's what I ended up with if anyone needs this for the future...
Current configuration : 3119 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname Xplain-2600
!
logging buffered 4096 debugging
no logging console
enable secret [snipped]
enable password [snipped]
!
!
!
!
!
memory-size iomem 15
clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
no ip source-route
ip dhcp excluded-address 192.168.2.1 192.168.2.127
ip dhcp excluded-address 192.168.2.192 192.168.2.254
!
ip dhcp pool dhcp-MainLAN
network 192.168.2.0 255.255.255.0
domain-name xplain.com
default-router 192.168.2.1
dns-server 68.238.96.12 68.238.64.12
lease 0 2
!
no ip bootp server
!
!
!
interface Loopback1
no ip address
!
interface Ethernet0/0
description Lakefield Private LAN
ip address 192.168.2.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
no ip mroute-cache
half-duplex
no cdp enable
!
interface Ethernet0/1
no ip address
no ip redirects
no ip mroute-cache
shutdown
half-duplex
no cdp enable
!
interface Ethernet1/0
description Verizon-DSL
ip address 98.211.4.130 255.255.255.0
ip nat outside
no ip mroute-cache
half-duplex
no cdp enable
!
ip nat inside source list 1 interface Ethernet1/0 overload
ip nat inside source static 192.168.2.10 98.211.4.131 extendable
ip nat inside source static 192.168.2.22 98.211.4.132 extendable
ip nat inside source static tcp 192.168.2.200 407 98.211.4.134 860 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 98.211.4.1
no ip http server
!
logging trap debugging
logging facility local0
access-list 1 permit 192.168.2.128 0.0.0.63
access-list 1 permit 192.168.2.64 0.0.0.63
access-list 1 permit 192.168.2.192 0.0.0.63
access-list 1 permit 192.168.2.0 0.0.0.63
no cdp run
snmp-server engineID local 000000090200003080F34140
snmp-server community RO RO
snmp-server community Xplain-2600 RO
snmp-server community public RO
banner login ^CC
This is a private network. No *
unauthorized usage without *
permission. Thank you. *
^C
!
line con 0
exec-timeout 60 0
login
line aux 0
line vty 0 4
exec-timeout 1440 0
password [snipped]
login
!
ntp clock-period 17179828
ntp server 192.6.38.127
end
Here's what I ended up with if anyone needs this for the future...
Current configuration : 3119 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug datetime
service timestamps log datetime
service password-encryption
!
hostname Xplain-2600
!
logging buffered 4096 debugging
no logging console
enable secret [snipped]
enable password [snipped]
!
!
!
!
!
memory-size iomem 15
clock timezone PST -8
clock summer-time PDT recurring
ip subnet-zero
no ip source-route
ip dhcp excluded-address 192.168.2.1 192.168.2.127
ip dhcp excluded-address 192.168.2.192 192.168.2.254
!
ip dhcp pool dhcp-MainLAN
network 192.168.2.0 255.255.255.0
domain-name xplain.com
default-router 192.168.2.1
dns-server 68.238.96.12 68.238.64.12
lease 0 2
!
no ip bootp server
!
!
!
interface Loopback1
no ip address
!
interface Ethernet0/0
description Lakefield Private LAN
ip address 192.168.2.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
no ip mroute-cache
half-duplex
no cdp enable
!
interface Ethernet0/1
no ip address
no ip redirects
no ip mroute-cache
shutdown
half-duplex
no cdp enable
!
interface Ethernet1/0
description Verizon-DSL
ip address 98.211.4.130 255.255.255.0
ip nat outside
no ip mroute-cache
half-duplex
no cdp enable
!
ip nat inside source list 1 interface Ethernet1/0 overload
ip nat inside source static 192.168.2.10 98.211.4.131 extendable
ip nat inside source static 192.168.2.22 98.211.4.132 extendable
ip nat inside source static tcp 192.168.2.200 407 98.211.4.134 860 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 98.211.4.1
no ip http server
!
logging trap debugging
logging facility local0
access-list 1 permit 192.168.2.128 0.0.0.63
access-list 1 permit 192.168.2.64 0.0.0.63
access-list 1 permit 192.168.2.192 0.0.0.63
access-list 1 permit 192.168.2.0 0.0.0.63
no cdp run
snmp-server engineID local 000000090200003080F34140
snmp-server community RO RO
snmp-server community Xplain-2600 RO
snmp-server community public RO
banner login ^CC
This is a private network. No *
unauthorized usage without *
permission. Thank you. *
^C
!
line con 0
exec-timeout 60 0
login
line aux 0
line vty 0 4
exec-timeout 1440 0
password [snipped]
login
!
ntp clock-period 17179828
ntp server 192.6.38.127
end
answered Aug 16 '09 at 22:37
community wiki
Neil Ticktin
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f48741%2fcisco-nat-config-for-dsl%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
This is kind of a 'do my work for me post'. Maybe you should state what isn't working in particular?
– Kyle Brandt
Aug 1 '09 at 13:52