[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: cisco router config scenario
Of course, tracing to your public IPs will only stop you at the ISP2s
router, at which point their one-to-one NAT'ing comes into effect.
I suggest you work with them to resolve the problem. I would suggest letting
them allow you try the setup with your assigned public IPs. Either way, they
have some homework to finish up.
Regards,
Mark Tinka
Network Engineer
Africa Online Uganda
5th Floor, Commercial Plaza
7 Kampala Rd,
Tel: +256-41-258143
Fax: +256-41-258144
E-mail: mtinka at africaonline.co.ug
Web: www.africaonline.co.ug
-----Original Message-----
From: owner-afnog at afnog.org [mailto:owner-afnog at afnog.org]On Behalf Of
Gregory M Begumisa
Sent: Saturday, November 30, 2002 4:22 PM
To: Mark Tinka
Cc: afnog at afnog.org
Subject: RE: cisco router config scenario
On Sat, 30 Nov 2002, Mark Tinka wrote:
> If I understand your requirement correctly, you want to provide mail and
web
> services to the public, whilst using private IPs. This is simple, it
entails
> you creating a redirect rule on your Cisco router, so packets with a
> destination port of 25 and 80, are redirected by your router to a server
> residing inside of your LAN.
>
> You can use this command to redirect TCP traffic into your LAN server:
>
> ip nat inside source static tcp 192.168.1.x 25 172.16.133.x 25 extendable
> ip nat inside source static tcp 192.168.1.x 80 172.16.133.x 80 extendable
For some weird reason the above doesn't seem to work. When I do a
traceroute from a server external to either of ISP1 and ISP2, i get to
through to the external ip of the router - not the ip address above
that I am using for static nat. I thought that this traceroute would stop
at the ip address above. Does this offer any clues to what the problem
might be?
All the sources I have checked suggest that the above commands should work
for my situation. Is this the confirmatory test that something is wrong
with the config of ISP 2's NAT router?
> Your ISP2, however, will have to ensure that the one-to-one mapping of
your
> two public IPs to your 172.16.133.x private IPs is done properly, and
works
> transparently. I would recommend, that since one-to-one mapping is meant
to
> create the effect of a real public IP situation, why not have them route
the
> public IPs directly to your service?
>
Good question.
> Regards,
>
> Mark Tinka
> Network Engineer
> Africa Online Uganda
> 5th Floor, Commercial Plaza
> 7 Kampala Rd,
> Tel: +256-41-258143
> Fax: +256-41-258144
> E-mail: mtinka at africaonline.co.ug
> Web: www.africaonline.co.ug
>
>
>
> -----Original Message-----
> From: owner-afnog at afnog.org [mailto:owner-afnog at afnog.org]On Behalf Of
> Gregory M Begumisa
> Sent: Friday, November 29, 2002 7:43 PM
> To: afnog at afnog.org
> Subject: cisco router config scenario
>
>
> Hi all,
>
> On my network (see sketch below), I've got a cisco 2500 series router (IOS
> version 12.0(10)) through which M$ client machines are able to access
> the internet via the satellite link to ISP2. ISP2 assigned me two public
> ips. However, the public ips that were assigned were "statically mapped"
> onto IPs on the private network 172.16.133.0
>
> _________________________________________________________________________
> Problem Statement
> -----------------
> My dilema here is that I wish to statically map one of these public ips
> (assigned by isp 2) onto the private ip of my mail/webserver, which also
> acts as a gateway to the internet via ISP 1. What I would expect
> is that packets destined for one specific public ip (one of those
> assigned by ISP2) address are directed to the mail/webserver
> ------------------------------------------------------------------------
>
> The the info on NAT at the cisco advised the entry of the following in the
> cisco 2500 series router config:
>
> "ip nat inside source static 192.168.1.x 172.16.133.x"
>
> where 192.168.1.x is the ip address of my mail/web server and 172.16.133.x
> is the corresponding private ip address which ISP 2 statically maps onto a
> public ip address.
>
> However, this has not helped. On using the Cisco configMaker v2.6 tool
> i discovered that the above entry was being rejected simply because the
> "172.16.133.x" address that I was using was a private ip address and yet
> i must use it like that since my satellite radio also has an ip on the
> 172.16.133.x network and does not "know" public ips.
>
> Any suggestions on how i may go about this?
>
> ------------------------------------------------------------------------
>
> the following is a sketch of my network:
> |----->
> |----->LAN (192.168.1.x)
> |----->
> |
> | |----------------|
> | | |
> |-| mail/web server|----> ISP 1
> | | |
> | |----------------|
> |
> | |--------------| |------------------| |----------|
> |-|Cisco 2500 |---> |Satellite radio |-->| ISP 2 NAT|
> | |series router | |unit with ip on | | router |
> | |--------------| |the "172.16.133.0"| |----------|
> |network |
> |------------------|
>
> ------------------------------------------------------------------------
>
>
> thanks,
> ----
> Greg,
> CFI (U)
>
>
>
> -----
> This is the afnog mailing list, managed by Majordomo 1.94.5
>
> To send a message to this list, e-mail afnog at afnog.org
> To send a request to majordomo, e-mail majordomo at afnog.org and put
> your request in the body of the message (i.e use "help" for help)
>
> This list is maintained by owner-afnog at afnog.org
>
>
-----
This is the afnog mailing list, managed by Majordomo 1.94.5
To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)
This list is maintained by owner-afnog at afnog.org
-----
This is the afnog mailing list, managed by Majordomo 1.94.5
To send a message to this list, e-mail afnog at afnog.org
To send a request to majordomo, e-mail majordomo at afnog.org and put
your request in the body of the message (i.e use "help" for help)
This list is maintained by owner-afnog at afnog.org