Hi
I am setting up a Cisco 1841 with an external ADSL modem and Firewall IOS. Essentially, I want to map SMTP (25) on the Public Interface to an internal server on the same port and port 9833 (custom port) to the same internal server but on port 3389 (MS-RDP).
I have performed the following basic tasks:
1) Set up a Dialer Interface mapped to the FA0/1 interface to which the bridged ADSL modem is connected. This performs and connects fine.2) Configure PAT for internal clients to NAT to the IP Address of the Dialer Interface which works fine.
3) Configured Static NAT to map the required ports mentioned above to the appropriate ports on the internal server.What I am finding is when I apply the commands in step 3 I am getting an error in the Cisco terminal as shown below where the IP address is the same IP used in the static NAT commands:
*Nov 28 10:00:44.507: %IP-4-DUPADDR: Duplicate address 10.XX.XX.XX on FastEthe rnet0/0, sourced by 0020.ed6b.df9aThis router has not yet gone into production so there are many configuration missing such as the inbound ACL but I am hoping someone can help me with this issue as when it occurs the server also detect the conflict and becomes inaccessible. I have included a copy of the config so far below.
Thanks VD
Current configuration : 2208 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname FIREWALL ! boot-start-marker boot-end-marker ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! no ip dhcp use vrf connected ! ip host OUTSIDE 220.XX.XX.XX ip host SERVER 10.XX.XX.XX ip inspect name OUTBOUND http ip inspect name OUTBOUND https ip inspect name OUTBOUND ftp ip inspect name OUTBOUND ftps ip inspect name OUTBOUND smtp ip inspect name OUTBOUND dns ip inspect name OUTBOUND citrix ip inspect name OUTBOUND citriximaclient ip inspect name OUTBOUND ica ip inspect name OUTBOUND icabrowser ip inspect name OUTBOUND icmp ip inspect name OUTBOUND pcanywheredata ip inspect name OUTBOUND pcanywherestat ip inspect name OUTBOUND ssh no ip ips deny-action ips-interface ! interface FastEthernet0/0 ip address 10.XX.XX.XX 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 duplex auto speed auto ! interface FastEthernet0/1 description $ETH-WAN$ no ip address duplex auto speed auto pppoe enable pppoe-client dial-pool-number 1 ! interface FastEthernet0/0/0 ! interface FastEthernet0/0/1 ! interface FastEthernet0/0/2 ! interface FastEthernet0/0/3 ! interface Vlan1 ! interface Dialer0 ip address negotiated ip mtu 1452 ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap callin ppp chap hostname snipped-for-privacy@XXXX.XXXXX ppp chap password 0 XXXXXXXXXX ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 ! ! ip http server no ip http secure-server ip nat inside source list 1 interface Dialer0 overload ip nat outside source static tcp 220.XX.XX.XX 25 10.XX.XX.XX 25 extendable ip nat outside source static tcp 220.XX.XX.XX 9833 10.XX.XX.XX 3389 extendable ! ip access-list extended INBOUND permit tcp any host 220.XX.XX.XX eq smtp ! access-list 1 permit 10.XX.XX.0 0.0.0.255 dialer-list 1 protocol ip permit ! control-plane ! line con 0 line aux 0 line vty 0 4 login ! end