Newbie Question; Cisco 837

Newbie Question; Cisco 837

Post by Andrew Neillan » Mon, 17 Apr 2006 22:27:53



Hi all,

I have a Cisco 837 that I'm having trouble getting Port Mapping working
as expected.  My config is:

!version 12.3
no service pad
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service compress-config
!
hostname c830
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 Blah
!
username ajn privilege 15 secret 5 Blah
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00
no aaa new-model
ip subnet-zero
ip domain name internal.neillans.co.uk
ip name-server 217.169.20.20
ip name-server 217.169.20.21
ip dhcp excluded-address 10.0.0.101 10.0.0.254
ip dhcp excluded-address 10.0.0.1
!
ip dhcp pool LAN
   network 10.0.0.0 255.255.255.0
   default-router 10.0.0.1
   dns-server 217.169.20.20 217.169.20.21
!
!
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 smtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip inspect name DEFAULT100 icmp
ip audit notify log
ip audit po max-events 100
ip ssh version 2
no ftp-server write-enable
!
!
!
no crypto isakmp enable
!
!
!
!
interface Ethernet0
 description $ETH-LAN$$FW_INSIDE$Local Network
 ip address 10.0.0.1 255.255.255.0
 ip access-group 100 in
 ip nat inside
 no cdp enable
 hold-queue 100 out
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 10
 !
 dsl operating-mode auto
!
interface Dialer0
 description $FW_OUTSIDE$Point-to-Point to AAISP Customer Aggregation
 ip address negotiated
 ip access-group 101 in
 ip nat outside
 ip inspect DEFAULT100 out
 encapsulation ppp
 dialer pool 10
 ppp authentication chap callin
 ppp chap hostname blah
 ppp chap password 7 blah
!
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static udp 10.0.0.108 9991 interface Dialer0 9991
ip nat inside source static tcp 10.0.0.107 22 interface Dialer0 9922
ip nat inside source static tcp 10.0.0.108 9991 interface Dialer0 9991
ip nat inside source static 10.0.0.101 1.1.1.1 extendable
ip nat inside source static 10.0.0.102 2.2.2.2 extendable
ip nat inside source static 10.0.0.103 3.3.3.3 extendable
ip nat inside source static 10.0.0.104 4.4.4.4 extendable
ip nat inside source static 10.0.0.105 5.5.5.5 extendable
ip nat inside source static 10.0.0.106 6.6.6.6 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
ip http authentication local
ip http secure-server
!
!
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 remark BitTorrent
access-list 101 permit udp any host 200.200.200.200 eq 9991
access-list 101 permit tcp any host 200.200.200.200 eq 9991
access-list 101 remark SSH to Dev
access-list 101 permit tcp any host 200.200.200.200 eq 9922 log
access-list 101 remark SSH to Router
access-list 101 permit tcp any any eq 22 log
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any log
snmp-server community public RO
snmp-server enable traps tty
no cdp run
!
control-plane
!
!
line con 0
 logging synchronous
 login local
 no modem enable
 transport preferred all
 transport output all
line aux 0
 transport preferred all
 transport output all
line vty 0 4
 exec-timeout 15 0
 login local
 transport preferred all
 transport input ssh
 transport output all
!
scheduler max-task-time 5000
!
end

I am assigned a number of static IP's by my isp (1.1.1.1 to 6.6.6.6 in
the above), along side my standard static ADSL ip (200.200.200.200 in
the above). I have the additional static IP's mapped to internal IP's
via static NAT.
Also in the above, you can see that I have tried to map a number of
other ports - 9991 and 9922 to other IP's on my network, however, these
are to be bound to the same public IP address as my ADSL connection.

But the above does not work - and I can't see why....  9922 and 9991
remain closed.

Anyone care to give me a pointer?

Regards,

Andy Neillans

 
 
 

1. Newbie Question - Cisco 837

We've been advised to get one of the Cisco 837 ADSL Routers to replace
a Netgear DG814 which we are using just as a router.

What we want to do... and have:

2 servers (1 web only, 1 web & mail) (must be visible externally)
LAN secured via Symantec hardware firewall - delivering DHCP for LAN

Fixed IPs exist for the router, servers, and LAN (1 IP for LAN via NAT
on
Symantec box) Total 6 IP addresses including routing to/from ISP

Can this be done on the Cisco 837 (or how could we reorganise our
setup to
do it) and what would our basic config be?

At the moment the DG814 is only creating routing, with the servers
pretty much unprotected behind it and the LAN protected by the
Symantec box.

Uregnt help appreciated as we need to do this quickly - the DG814 has
become quite unreliable!

TIA.
Simon

2. Command not found in /etc/rc.d/init.d/pppd

3. VPN between Cisco 837 and cisco 837 with IP static and ip dinamic

4. .ps -> .eps?

5. Cisco 837 to Cisco 837 VPN, ping OK, NetBios / VNC DROPPING!

6. Earthing thinnet

7. Cisco 837-837 VPN

8. cisco 837 (adsl router) password reset question

9. Cisco 837 PAT http question

10. Working: 837 Wake On Lan over internet using NAT (837)

11. Remote access fun with Cisco 837 and locally auth'd Cisco VPN client

12. Cisco vpn client to Cisco 837 problem