cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Cisco 837 Inside to Inside Nat.

seanbranagh
Grafter
Posts: 1,236
Registered: ‎02-08-2007

Cisco 837 Inside to Inside Nat.

‎05-04-2009 2:34 PM

Inside to inside NAT as detailed here: http://www.cisco.com/en/US/docs/ios/12_3/12_3y/release/notes/rn800ys.html#wp68417
Has anyone got this working? I recently changed from a Netgear DG834 to a Cisco 837. It is now running IOS 12.4.
I have everything set up with my webserver all working perfectly but am still unable to reach it through the external address from within my LAN (The Netgear allowed me to do this by default.) This makes it impossible for me to test virtual servers. I have tried setting up a NAT virtual interface as described in the page above but this did not work and ended up with no internet access..
Does anyone have a working config for this?
Message 1 of 2
(2,093 Views)
Reply
0 Thanks
1 REPLY 1
seanbranagh
Grafter
Posts: 1,236
Registered: ‎02-08-2007

Re: Cisco 837 Inside to Inside Nat.

‎06-04-2009 12:18 AM

OK, so this was a tough one and because I had so much difficulty with it I will post the completed config in case anyone else ever needs it. Everything now up and running. Learned a few things along the way like the fact uTorrent will not listen to a different ip address than that used for outgoing connections. I was hoping to have all open ports on my second ip address but this stopped me from doing that. I do have several ports open, webmin, http, ftp, utorrent etc as you will see at the bottom of the config.
Just to recap what it was I was trying to acheive. Trying to get to (for testing) my internal web and ftp servers using the external address on a Cisco 837. This was acheived by using what Cisco call Nat to inside Nat by creating a Nat Virtual Interface. If you are needing to do this it will not work on any IOS older than 12.3(11)YS. I am running 12.4(2)T

cisco#sh run
Building configuration...
Current configuration : 2602 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco
!
boot-start-marker
boot-end-marker
!
enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXX
!
no aaa new-model
!
resource policy
!
ip subnet-zero
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.10.1 192.168.10.40
ip dhcp excluded-address 192.168.10.50 192.168.10.255
!
ip dhcp pool DPA
  network 192.168.10.0 255.255.255.0
  default-router 192.168.10.31
  dns-server 192.168.10.31
!
!
ip cef
ip name-server 212.159.6.9
ip name-server 212.159.6.10
no ip ips deny-action ips-interface
!
!
!
username XXXXXXXXXXXXXXX privilege 15 password 0 XXXXXXXXXXXXXXX
!
!
!
!
!
interface Ethernet0
ip address 192.168.10.31 255.255.255.0
ip nat enable
ip virtual-reassembly
hold-queue 100 out
!
interface Ethernet2
no ip address
shutdown
hold-queue 100 out
!
interface ATM0
no ip address
snmp ifindex persist
no atm ilmi-keepalive
dsl operating-mode auto
hold-queue 224 in
pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
!
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
interface Dialer1
ip address 212.159.24.242 255.255.255.252 secondary
ip address 212.159.24.241 255.255.255.252
ip mtu 1420
ip nat enable
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
snmp ifindex persist
ppp authentication chap callin
ppp chap hostname XXXXXXXXXXXXXXXXX@plusdsl.net
ppp chap password 0 XXXXXXXXXXXXXX
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
ip dns server
!
ip nat pool NAT 212.159.24.241 212.159.24.241 netmask 255.255.255.252
ip nat source list 1 pool NAT overload
ip nat source static tcp 192.168.10.38 20000 212.159.24.241 20000 extendable
ip nat source static tcp 192.168.10.39 20 212.159.24.242 20 extendable
ip nat source static tcp 192.168.10.39 21 212.159.24.242 21 extendable
ip nat source static tcp 192.168.10.38 75 212.159.24.242 75 extendable
ip nat source static tcp 192.168.10.39 80 212.159.24.242 80 extendable
ip nat source static tcp 192.168.10.39 1024 212.159.24.242 1024 extendable
ip nat source static tcp 192.168.10.39 10000 212.159.24.242 10000 extendable
!
access-list 1 permit 192.168.10.0 0.0.0.255
!
control-plane
!
!
line con 0
no modem enable
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
scheduler max-task-time 5000
end
Message 2 of 2
(525 Views)
Reply
0 Thanks