1. Home
  2. Cisco Systems
  3. Map external IP (PPPoE) to internal IP

Map external IP (PPPoE) to internal IP

I have 5 static IP's from SBC:

76.190.10.1 76.190.10.2 76.190.10.3 76.190.10.4 76.190.10.5

Mask 255.255.255.248 GW: 76.190.10.6

My equipment is:

1) Cisco PIX 501, 2) Sppedstream 4100 (in bridge mode) 3) Win2003 server - ip 192.168.1.100 4) desktop computer - ip 192.168.1.250

Pix connected to Speadstream 4100 and PPOoE is on Pix PPPoE: snipped-for-privacy@static.sbcglobal.net

I'm getting 76.190.10.6 on outside PIX interface. Inside is 192.168.1.1/24

I want to setup network this way:

- 76.190.10.2 mapped to Win2003 server - internal ip 192.168.1.100

- 76.190.10.3 mapped to desktop - internal ip 192.168.1.250

I also need VPN client to be able to make VPN connection from internet to let's say 76.190.10.3 I want ot be able to connect using RDP to my2003 server (after connecting VPN)

How should i setup PIX 501 ?

- NAT enabled ?

- PAT disabled ?

- how map external IPs to local ?

Is there maybe other way to have external IP on server ?

Thanks in advance

Reply to
Adii
Loading thread data ...

Heh.. you have a lot of work to achieve there.

I want to setup network this way:

- 76.190.10.2 mapped to Win2003 server - internal ip 192.168.1.100

- 76.190.10.3 mapped to desktop - internal ip 192.168.1.250

I also need VPN client to be able to make VPN connection from internet to let's say 76.190.10.3 I want ot be able to connect using RDP to my2003 server (after connecting VPN)

How should i setup PIX 501 ?

- NAT enabled ? yes for static NAT

- PAT disabled ? yes for surfing

- how map external IPs to local ? static NAT

Is there maybe other way to have external IP on server ? use static NAT

regards, H.

Reply to
Havoc 25

IP maping works - VPN client can connect. RDP - NOT working

My config :

PIX Version 6.3(5) interface ethernet0 auto interface ethernet1 100full nameif ethernet0 outside security0 nameif ethernet1 inside security100 hostname pixfirewall domain-name ciscopix.com fixup protocol dns maximum-length 512 fixup protocol ftp 21 fixup protocol h323 h225 1720 fixup protocol h323 ras 1718-1719 fixup protocol http 80 fixup protocol rsh 514 fixup protocol rtsp 554 fixup protocol sip 5060 fixup protocol sip udp 5060 fixup protocol skinny 2000 fixup protocol smtp 25 fixup protocol sqlnet 1521 fixup protocol tftp 69 names name 192.168.200.0 soft_range access-list 199 permit ip any host 78.237.54.4 access-list 199 permit ip any host 78.237.54.3 access-list otrt_splitTunnelAcl permit ip soft_range 255.255.255.0 any access-list outside_cryptomap_dyn_20 permit ip any soft_range

255.255.255.0 access-list inside_outbound_nat0_acl remark access-list inside_outbound_nat0_acl permit ip any soft_range 255.255.255.0 pager lines 24 mtu outside 1500 mtu inside 1500 ip address outside pppoe setroute ip address inside 192.168.1.1 255.255.255.0 ip audit info action alarm ip audit attack action alarm ip local pool soft_pool 192.168.200.1-192.168.200.254 pdm location 192.168.1.150 255.255.255.255 inside pdm location soft_range 255.255.255.0 inside pdm location 192.168.1.100 255.255.255.255 inside pdm logging informational 100 pdm history enable arp timeout 14400 global (outside) 1 78.237.54.5 nat (inside) 0 access-list inside_outbound_nat0_acl nat (inside) 1 192.168.1.0 255.255.255.0 0 0 static (inside,outside) 78.237.54.4 192.168.1.150 netmask 255.255.255.255 0 0 static (inside,outside) 78.237.54.3 192.168.1.100 netmask 255.255.255.255 0 0 access-group 199 in interface outside route inside soft_range 255.255.255.0 192.168.1.1 1 timeout xlate 0:05:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00 timeout sip-disconnect 0:02:00 sip-invite 0:03:00 timeout uauth 0:05:00 absolute aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ max-failed-attempts 3 aaa-server TACACS+ deadtime 10 aaa-server RADIUS protocol radius aaa-server RADIUS max-failed-attempts 3 aaa-server RADIUS deadtime 10 aaa-server LOCAL protocol local http server enable http 0.0.0.0 0.0.0.0 outside http 0.0.0.0 0.0.0.0 inside no snmp-server location no snmp-server contact snmp-server community public no snmp-server enable traps floodguard enable sysopt connection permit-ipsec crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto dynamic-map outside_dyn_map 20 match address outside_cryptomap_dyn_20 crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-MD5 crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map client authentication LOCAL crypto map outside_map interface outside isakmp enable outside isakmp nat-traversal 30 isakmp policy 20 authentication pre-share isakmp policy 20 encryption 3des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 86400 vpngroup otrt address-pool soft_pool vpngroup otrt dns-server 68.94.156.1 68.94.157.1 vpngroup otrt split-tunnel otrt_splitTunnelAcl vpngroup otrt idle-time 1800 vpngroup otrt password ******** telnet timeout 5 ssh timeout 5 console timeout 0 vpdn group pppoe_group request dialout pppoe vpdn group pppoe_group localname snipped-for-privacy@static.sbcglobal.net vpdn group pppoe_group ppp authentication pap vpdn username snipped-for-privacy@static.sbcglobal.net password ********* dhcpd address 192.168.1.200-192.168.1.210 inside dhcpd dns 68.94.156.1 68.94.157.1 dhcpd lease 3600 dhcpd ping_timeout 750 dhcpd auto_config outside dhcpd enable inside : end [OK]
Reply to
Adii

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.