[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: cisco router config scenario

To: "Gregory M Begumisa" <greg at cfi.co.ug>, <afnog at afnog.org>
Subject: RE: cisco router config scenario
From: "Mark Tinka" <mtinka at africaonline.co.ug>
Date: Sat, 30 Nov 2002 13:58:42 +0300
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;charset="us-ascii"
Delivered-To: afnog-archive at lists.eahd.or.ug
Delivered-To: afnog-outgoing at afnog.org
Delivered-To: afnog at afnog.org
Importance: Normal
In-Reply-To: <20021129194148.B29105-100000 at nemesis.eahd.or.ug>
Reply-To: <mtinka at africaonline.co.ug>
Sender: owner-afnog at afnog.org

First, I don't think your ISP2 should be giving your NAT'ed private
addresses, whether they are statically mapped or otherwise. But, since
that's the case, let's work your problem:

If I understand your requirement correctly, you want to provide mail and web
services to the public, whilst using private IPs. This is simple, it entails
you creating a redirect rule on your Cisco router, so packets with a
destination port of 25 and 80, are redirected by your router to a server
residing inside of your LAN.

You can use this command to redirect TCP traffic into your LAN server:

ip nat inside source static tcp 192.168.1.x 25 172.16.133.x 25 extendable
ip nat inside source static tcp 192.168.1.x 80 172.16.133.x 80 extendable

These configuration lines will redirect SMTP and WWW traffic destined for
172.16.133.x to your internal 192.168.1.x server, on the corresponding port,
as long as you have SMTP and WWW services running on that server.

Your ISP2, however, will have to ensure that the one-to-one mapping of your
two public IPs to your 172.16.133.x private IPs is done properly, and works
transparently. I would recommend, that since one-to-one mapping is meant to
create the effect of a real public IP situation, why not have them route the
public IPs directly to your service?

Regards,

Mark Tinka
Network Engineer
Africa Online Uganda
5th Floor, Commercial Plaza
7 Kampala Rd,
Tel:   +256-41-258143
Fax:   +256-41-258144
E-mail: mtinka at africaonline.co.ug
Web:     www.africaonline.co.ug



-----Original Message-----
From: owner-afnog at afnog.org [mailto:owner-afnog at afnog.org]On Behalf Of
Gregory M Begumisa
Sent: Friday, November 29, 2002 7:43 PM
To: afnog at afnog.org
Subject: cisco router config scenario


Hi all,

On my network (see sketch below), I've got a cisco 2500 series router (IOS
version 12.0(10)) through which M$ client machines are able to access
the internet via the satellite link to ISP2.  ISP2 assigned me two public
ips.  However, the public ips that were assigned were "statically mapped"
onto IPs on the private network 172.16.133.0

_________________________________________________________________________
Problem Statement
-----------------
My dilema here is that I wish to statically map one of these public ips
(assigned by isp 2) onto the private ip of my mail/webserver, which also
acts as a gateway to the internet via ISP 1.  What I would expect
is that packets destined for one specific public ip (one of those
assigned by ISP2) address are directed to the mail/webserver
------------------------------------------------------------------------

The the info on NAT at the cisco advised the entry of the following in the
cisco 2500 series router config:

"ip nat inside source static 192.168.1.x 172.16.133.x"

where 192.168.1.x is the ip address of my mail/web server and 172.16.133.x
is the corresponding private ip address which ISP 2 statically maps onto a
public ip address.

However, this has not helped.  On using the Cisco configMaker v2.6 tool
i discovered that the above entry was being rejected simply because the
"172.16.133.x" address that I was using was a private ip address and yet
i must use it like that since my satellite radio also has an ip on the
172.16.133.x network and does not "know" public ips.

Any suggestions on how i may go about this?

------------------------------------------------------------------------

the following is a sketch of my network:
 |----->
 |----->LAN (192.168.1.x)
 |----->
 |
 | |----------------|
 | |                |
 |-| mail/web server|----> ISP 1
 | |                |
 | |----------------|
 |
 | |--------------|     |------------------|   |----------|
 |-|Cisco 2500    |---> |Satellite radio   |-->| ISP 2 NAT|
 | |series router |     |unit with ip on   |   | router   |
 | |--------------|     |the "172.16.133.0"|   |----------|
                        |network           |
                        |------------------|

------------------------------------------------------------------------


thanks,
----
Greg,
CFI (U)



-----
This is the afnog mailing list, managed by Majordomo 1.94.5

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org



-----
This is the afnog mailing list, managed by Majordomo 1.94.5

To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)

This list is maintained by owner-afnog at afnog.org

Follow-Ups:
- RE: cisco router config scenario
  - From: Gregory M Begumisa <greg at cfi.co.ug>

References:
- cisco router config scenario
  - From: Gregory M Begumisa <greg at cfi.co.ug>

Prev by Date: Re: Transparent proxy
Next by Date: RE: cisco router config scenario
Prev by thread: cisco router config scenario
Next by thread: RE: cisco router config scenario
Index(es):
- Date
- Thread