Please Help : Very Urgent : Configuring NAT on a CISCO Router

Hi Recently we took an Internet Leased line in our company. We were provided with the HTU Modem, and we already had a router 805 series. All the physical connection was done.

Then we got the following list of IP addresses

Router Gateway : 84.155.62.180 Serial address : 84.155.62.179 255.255.255.248

Network Address: 84.155.62.155 255.255.255.252 List of Hosts

84.155.62.156 84.155.62.157 84.155.62.158 84.155.62.159 84.155.62.160 84.155.62.161 84.155.62.162

DNS Server

212.72.1.186 212.72.23.4

And I was asked to configure my router as follows

conf t ! interface Ethernet0 ip address 84.155.62.155 255.255.255.252 no cdp enable no bridge-group 1 ! interface serial0 ip address 84.155.62.155 179.255.255.248 no shutdown ! ip route 0.0.0.0 0.0.0.0 84.155.62.180

My Internal;network ID is 192.168.2.x

Now I would like to share teh internet connection within my network, how do i do that

Please help me very urgent

Reply to
Mohamed
Loading thread data ...

You need to go back to your ISP and get the correct address and mask information.

The details that you have given do not make sense.

Reply to
Bod43

what kind of information i need to get from the ISP

after that what i need to do

k> Mohamed wrote:

Reply to
Mohamed

OK,

Here is what it probably should look like, but I am guessing.

Router Gateway : x.y.62.180 Serial address : x.y.62.179 255.255.255.252 ! < -- changed

Network Address: x.y.62.152 255.255.255.248 ! < -- changed List of Hosts x.y.62.153 ! < -- host range changed x.y.62.154 x.y.62.155 x.y.62.156 x.y.62.167 x.y.62.168

DNS Server

212.72.1.186 212.72.23.4

If you are not using a seperate firewall inside the router do this:-

conf t ! interface Ethernet0 ip address 192.168.2.1 255.255.255.0 no bridge-group 1 ip nat inside no shutdown ! interface serial0 ip address x.y.62.179 255.255.255.252 ip nat outside no shutdown ! ip route 0.0.0.0 0.0.0.0 x.y.62.180

ip nat inside source list ACL.nat interface Serial0 overload

ip access-l extended ACL.nat permit 192.168.2.0 0.0.0.255 any

You will see that your host range has not been used. This is OK and leaves you plenty of addresses to sue for servers later.

This does NOT give you a proper firewall but the reality seems to be that a lot of poeple rely on Dynamic NAT for their security. I am not recommending that as a course of action.

If you have a firewll feature set (post sh ver, sh run) you can configure that without affecting the existing config.

Reply to
Bod43

Mohamed,

You should never list your routable ip addresses in a public forum! There are people out there who will use these to your detrement. I advise you to button down the hatches. Get a good firewall/secutity appliance.

Be Paranoid. We already know you are in Muscat, Oman :-)

Check further down for some advice.

Your ISP is assuming you want to use the ip numbers they gave you for your internal hosts. BAD IDEA. use: ip address 192.168.2.1 for E0 and setup a NAT Pool using the ip's given by your isp.

According to what you wrote above, this should be 84.155.62.179

Reply to
Drake

i am agree with last message.

You need to use a 255.255.255.252 mask for your serial interface. Use private address for your LAN, and with public addressess do your NAT in that way. This can give you a little security but maybe you need a firewall and some other stuffs.

Lets us know if we can help you more...

best regards.

snipped-for-privacy@hotmail.co.uk wrote:

Reply to
Fer Mtz

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.