[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: cisco router config scenario

To: Mark Tinka <mtinka at africaonline.co.ug>
Subject: RE: cisco router config scenario
From: Gregory M Begumisa <greg at cfi.co.ug>
Date: Sat, 30 Nov 2002 16:22:19 +0300 (EAT)
Cc: <afnog at afnog.org>
Content-Type: TEXT/PLAIN; charset=US-ASCII
Delivered-To: afnog-archive at lists.eahd.or.ug
Delivered-To: afnog-outgoing at afnog.org
Delivered-To: afnog at afnog.org
In-Reply-To: <JGEDIFNCIJKMEAAEJLFKKEGHCJAA.mtinka at africaonline.co.ug>
Sender: owner-afnog at afnog.org


On Sat, 30 Nov 2002, Mark Tinka wrote:

> If I understand your requirement correctly, you want to provide mail and web
> services to the public, whilst using private IPs. This is simple, it entails
> you creating a redirect rule on your Cisco router, so packets with a
> destination port of 25 and 80, are redirected by your router to a server
> residing inside of your LAN.
>
> You can use this command to redirect TCP traffic into your LAN server:
>
> ip nat inside source static tcp 192.168.1.x 25 172.16.133.x 25 extendable
> ip nat inside source static tcp 192.168.1.x 80 172.16.133.x 80 extendable

For some weird reason the above doesn't seem to work.  When I do a
traceroute from a server external to either of ISP1 and ISP2, i get to
through to the external ip of the router - not the ip address above
that I am using for static nat. I thought that this traceroute would stop
at the ip address above.  Does this offer any clues to what the problem
might be?

All the sources I have checked suggest that the above commands should work
for my situation.  Is this the confirmatory test that something is wrong
with the config of ISP 2's NAT router?

> Your ISP2, however, will have to ensure that the one-to-one mapping of your
> two public IPs to your 172.16.133.x private IPs is done properly, and works
> transparently. I would recommend, that since one-to-one mapping is meant to
> create the effect of a real public IP situation, why not have them route the
> public IPs directly to your service?
>
Good question.


> Regards,
>
> Mark Tinka
> Network Engineer
> Africa Online Uganda
> 5th Floor, Commercial Plaza
> 7 Kampala Rd,
> Tel:   +256-41-258143
> Fax:   +256-41-258144
> E-mail: mtinka at africaonline.co.ug
> Web:     www.africaonline.co.ug
>
>
>
> -----Original Message-----
> From: owner-afnog at afnog.org [mailto:owner-afnog at afnog.org]On Behalf Of
> Gregory M Begumisa
> Sent: Friday, November 29, 2002 7:43 PM
> To: afnog at afnog.org
> Subject: cisco router config scenario
>
>
> Hi all,
>
> On my network (see sketch below), I've got a cisco 2500 series router (IOS
> version 12.0(10)) through which M$ client machines are able to access
> the internet via the satellite link to ISP2.  ISP2 assigned me two public
> ips.  However, the public ips that were assigned were "statically mapped"
> onto IPs on the private network 172.16.133.0
>
> _________________________________________________________________________
> Problem Statement
> -----------------
> My dilema here is that I wish to statically map one of these public ips
> (assigned by isp 2) onto the private ip of my mail/webserver, which also
> acts as a gateway to the internet via ISP 1.  What I would expect
> is that packets destined for one specific public ip (one of those
> assigned by ISP2) address are directed to the mail/webserver
> ------------------------------------------------------------------------
>
> The the info on NAT at the cisco advised the entry of the following in the
> cisco 2500 series router config:
>
> "ip nat inside source static 192.168.1.x 172.16.133.x"
>
> where 192.168.1.x is the ip address of my mail/web server and 172.16.133.x
> is the corresponding private ip address which ISP 2 statically maps onto a
> public ip address.
>
> However, this has not helped.  On using the Cisco configMaker v2.6 tool
> i discovered that the above entry was being rejected simply because the
> "172.16.133.x" address that I was using was a private ip address and yet
> i must use it like that since my satellite radio also has an ip on the
> 172.16.133.x network and does not "know" public ips.
>
> Any suggestions on how i may go about this?
>
> ------------------------------------------------------------------------
>
> the following is a sketch of my network:
>  |----->
>  |----->LAN (192.168.1.x)
>  |----->
>  |
>  | |----------------|
>  | |                |
>  |-| mail/web server|----> ISP 1
>  | |                |
>  | |----------------|
>  |
>  | |--------------|     |------------------|   |----------|
>  |-|Cisco 2500    |---> |Satellite radio   |-->| ISP 2 NAT|
>  | |series router |     |unit with ip on   |   | router   |
>  | |--------------|     |the "172.16.133.0"|   |----------|
>                         |network           |
>                         |------------------|
>
> ------------------------------------------------------------------------
>
>
> thanks,
> ----
> Greg,
> CFI (U)
>
>
>
> -----
> This is the afnog mailing list, managed by Majordomo 1.94.5
>
> To send a message to this list, e-mail afnog at afnog.org
> To send a request to majordomo, e-mail majordomo at afnog.org and put
> your request in the body of the message (i.e use "help" for help)
>
> This list is maintained by owner-afnog at afnog.org
>
>




-----
This is the afnog mailing list, managed by Majordomo 1.94.5

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org

Follow-Ups:
- RE: cisco router config scenario
  - From: "Mark Tinka" <mtinka at africaonline.co.ug>

References:
- RE: cisco router config scenario
  - From: "Mark Tinka" <mtinka at africaonline.co.ug>

Prev by Date: RE: cisco router config scenario
Next by Date: RE: cisco router config scenario
Prev by thread: RE: cisco router config scenario
Next by thread: RE: cisco router config scenario
Index(es):
- Date
- Thread