1. Home
  2. Cisco Systems
  3. NAT Question please help

NAT Question please help

I am trying to set a static NAT that will let me remotely log into a controller switch that is setup to a none routable ip. The ip address of the switch is 192.168.15.10. I have a cisco 1721 setup with vpn tunneling to a route site. The config of the the router is below. What do I need to add in the config?

version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname MdR ! boot-start-marker boot-end-marker ! no logging on enable secret 5 $1$5BHe$I7rwUjfYBxXmpuGvTcGMY0 ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! ! password encryption aes ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! class-map match-all look_4_DSCP match dscp cs5 ef class-map match-all Classify_phones match access-group 104 ! ! policy-map test123 class Classify_phones set dscp cs5 policy-map VOIP_POLICY class look_4_DSCP priority 832 class class-default fair-queue ! ! ! crypto isakmp policy 1 authentication pre-share crypto isakmp key 2222222222 address 67.102.22.22 no-xauth ! crypto ipsec security-association lifetime seconds 86400 ! crypto ipsec transform-set MdR ah-sha-hmac ! crypto map static-map 1 ipsec-isakmp set peer 67.102.22.22 set transform-set MdR match address vpntunnel1 qos pre-classify ! ! ! ! interface Ethernet0 ip address 71.116.22.20 255.255.255.0 ip nat outside ip virtual-reassembly half-duplex crypto map static-map service-policy output VOIP_POLICY ! interface FastEthernet0 no ip address speed 100 full-duplex ! interface FastEthernet0.1 description Data VLAN encapsulation dot1Q 1 native ip address 192.168.6.1 255.255.255.0 ip nat inside ip virtual-reassembly no snmp trap link-status traffic-shape rate 384000 9600 9600 1000 ! interface FastEthernet0.2 description Voice VLAN encapsulation dot1Q 2 ip address 192.168.15.1 255.255.255.0 ip nat inside ip virtual-reassembly no snmp trap link-status service-policy input test123 ! ip classless ip route 0.0.0.0 0.0.0.0 71.116.22.22 ! ! no ip http server no ip http secure-server ip nat inside source route-map nonat interface Ethernet0 overload ip nat inside source static tcp 192.168.15.120 443 71.116.22.23 443 extendable ! ip access-list extended bypass_nat deny ip 192.168.15.0 0.0.0.255 192.168.14.0 0.0.0.255 permit ip 192.168.15.0 0.0.0.255 any ip access-list extended vpntunnel1 permit ip 192.168.15.0 0.0.0.255 192.168.14.0 0.0.0.255 ! access-list 104 permit ip 192.168.15.0 0.0.0.255 any ! route-map nonat permit 10 match ip address bypass_nat !

Reply to
XxSuPeRxX
Loading thread data ...

I am trying to set a static NAT that will let me remotely log into a controller switch that is setup to a none routable ip. The ip address of the switch is 192.168.15.10. I have a cisco 1721 setup with vpn tunneling to a route site. The config of the the router is below. What do I need to add in the config?

version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname MdR ! boot-start-marker boot-end-marker ! no logging on enable secret 5 $1$5BHe$I7rwUjfYBxXmpuGvTcGMY0 ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface ! ! password encryption aes ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! class-map match-all look_4_DSCP match dscp cs5 ef class-map match-all Classify_phones match access-group 104 ! ! policy-map test123 class Classify_phones set dscp cs5 policy-map VOIP_POLICY class look_4_DSCP priority 832 class class-default fair-queue ! ! ! crypto isakmp policy 1 authentication pre-share crypto isakmp key 2222222222 address 67.102.22.22 no-xauth ! crypto ipsec security-association lifetime seconds 86400 ! crypto ipsec transform-set MdR ah-sha-hmac ! crypto map static-map 1 ipsec-isakmp set peer 67.102.22.22 set transform-set MdR match address vpntunnel1 qos pre-classify ! ! ! ! interface Ethernet0 ip address 71.116.22.20 255.255.255.0 ip nat outside ip virtual-reassembly half-duplex crypto map static-map service-policy output VOIP_POLICY ! interface FastEthernet0 no ip address speed 100 full-duplex ! interface FastEthernet0.1 description Data VLAN encapsulation dot1Q 1 native ip address 192.168.6.1 255.255.255.0 ip nat inside ip virtual-reassembly no snmp trap link-status traffic-shape rate 384000 9600 9600 1000 ! interface FastEthernet0.2 description Voice VLAN encapsulation dot1Q 2 ip address 192.168.15.1 255.255.255.0 ip nat inside ip virtual-reassembly no snmp trap link-status service-policy input test123 ! ip classless ip route 0.0.0.0 0.0.0.0 71.116.22.22 ! ! no ip http server no ip http secure-server ip nat inside source route-map nonat interface Ethernet0 overload ip nat inside source static tcp 192.168.15.120 443 71.116.22.23 443 extendable ! ip access-list extended bypass_nat deny ip 192.168.15.0 0.0.0.255 192.168.14.0 0.0.0.255 permit ip 192.168.15.0 0.0.0.255 any ip access-list extended vpntunnel1 permit ip 192.168.15.0 0.0.0.255 192.168.14.0 0.0.0.255 ! access-list 104 permit ip 192.168.15.0 0.0.0.255 any ! route-map nonat permit 10 match ip address bypass_nat !

Reply to
XxSuPeRxX

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.