Question

Locked

Cisco 857 Config - Static IPs?!?!

By jason.sutcliffe ·
Hi all,

Im having trouble getting my five static ips to work with my router. Basically i want to keep each pc with a local ip (either dhcp'd or statically assigned) and then be able to create a rule in the router that will point the outside IP to the local host.

I want incoming and outcoming traffic of these hosts to still appear to travel in/out of the puplicly mapped ip. Im trying to have host several different services on my home netowrk so i can teach myself cisco. I.ve spent a long time trying to find a similar problem.

Is this possible? Should i assign the puplic addresses directly to the hosts within windows?

I've had a play around with my current config but am not getting anywwhere.

Does any body fancy having a play around? ;-)

If so i will need rdp to each pc. If someone could create some rules to show me how that would be awesome!

At present it is working fine for normal use.
Current config -

no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service sequence-numbers
!
hostname adsl-router
!
logging buffered 10240 debugging
logging console critical
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login userlist local
aaa authentication ppp default local
aaa authorization network grouplist local
ip subnet-zero
no ip source-route
ip domain-name ****.com
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.254
!
ip dhcp pool dhcppool
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
update arp
exit
!
!
archive
path flash:config
write-memory
!
ip tcp selective-ack
ip tcp timestamp
no ip bootp server
no ip domain lookup
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall cuseeme
ip inspect name firewall h323
ip inspect name firewall rcmd
ip inspect name firewall realaudio
ip inspect name firewall streamworks
ip inspect name firewall vdolive
ip inspect name firewall sqlnet
ip inspect name firewall tftp
ip inspect name firewall ftp
ip inspect name firewall icmp
ip inspect name firewall sip
ip inspect name firewall esmtp max-data 52428800
ip inspect name firewall fragment maximum 256 timeout 1
ip inspect name firewall netshow
ip inspect name firewall rtsp
ip inspect name firewall pptp
ip inspect name firewall rtsp
ip inspect name firewall skinny
file verify auto
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group remote1
key ***
domain *****.com
pool vpnclients
acl 106
!
crypto ipsec transform-set tr-null-sha esp-null esp-sha-hmac
crypto ipsec transform-set tr-des-md5 esp-des esp-md5-hmac
crypto ipsec transform-set tr-3des-md5 esp-3des esp-md5-hmac
crypto ipsec transform-set tr-3des-sha esp-3des esp-sha-hmac
crypto ipsec transform-set tr-aes-sha esp-aes esp-sha-hmac
!
crypto dynamic-map vpnusers 1
description Client to Site VPN Users
set transform-set tr-aes-sha
!
!
crypto map cm-cryptomap client authentication list userlist
crypto map cm-cryptomap isakmp authorization list grouplist
crypto map cm-cryptomap client configuration address respond
crypto map cm-cryptomap 65000 ipsec-isakmp dynamic vpnusers
!
!
interface vlan1
ip address 192.168.1.254 255.255.255.0
ip access-group 102 in
ip nat inside
no ip directed-broadcast
exit
!
interface ATM0
ip address *.*.*.54 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
exit
!
interface Dialer0
ip address negotiated
ip inspect firewall out
ip access-group 101 in
no ip redirects
no ip proxy-arp
no ip unreachables
ip nat outside
encapsulation ppp
no ip route-cache
no ip mroute-cache
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname ***@***.com
ppp chap password 0 *****
ppp pap sent-username ***@****.com password 0 ***
ppp ipcp dns request
ppp ipcp mask request
ppp ipcp route default
ppp ipcp address accept
crypto map cm-cryptomap
no cdp enable
exit
!
ip local pool vpnclients 192.168.2.1 192.168.2.254
ip nat inside source list 105 interface Dialer0 overload
ip classless
no ip http server
!
!
line vty 0 4
access-class 2 in
exit
!
access-list 1 remark The local LAN.
access-list 1 permit 192.168.1.0 0.0.0.255
!
access-list 2 remark Where management can be done from.
access-list 2 permit 192.168.1.0 0.0.0.255
!
access-list 3 remark Traffic not to check for intrustion detection.
access-list 3 deny 192.168.2.0 0.0.0.255
access-list 3 permit any
!
access-list 101 remark Traffic allowed to enter the router from the Internet
access-list 101 permit ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 101 deny ip 0.0.0.0 0.255.255.255 any
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip 169.254.0.0 0.0.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.0.2.0 0.0.0.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 198.18.0.0 0.1.255.255 any
access-list 101 deny ip 224.0.0.0 0.15.255.255 any
access-list 101 deny ip any host 255.255.255.255
access-list 101 permit udp any any eq 4500
access-list 101 permit udp any any eq isakmp
access-list 101 permit esp any any
access-list 101 permit tcp any any eq 1723
access-list 101 permit gre any any
access-list 101 deny icmp any any echo
access-list 101 deny ip any any log
!
access-list 102 remark Traffic allowed to enter the router from the Ethernet
access-list 102 permit ip any host 192.168.1.254
access-list 102 deny ip any host 192.168.1.255
access-list 102 deny udp any any eq tftp log
access-list 102 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 102 deny ip any 0.0.0.0 0.255.255.255 log
access-list 102 deny ip any 10.0.0.0 0.255.255.255 log
access-list 102 deny ip any 127.0.0.0 0.255.255.255 log
access-list 102 deny ip any 169.254.0.0 0.0.255.255 log
access-list 102 deny ip any 172.16.0.0 0.15.255.255 log
access-list 102 deny ip any 192.0.2.0 0.0.0.255 log
access-list 102 deny ip any 192.168.0.0 0.0.255.255 log
access-list 102 deny ip any 198.18.0.0 0.1.255.255 log
access-list 102 deny udp any any eq 135 log
access-list 102 deny tcp any any eq 135 log
access-list 102 deny udp any any eq 137 log
access-list 102 deny udp any any eq 138 log
access-list 102 deny tcp any any eq 445 log
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip any host 255.255.255.255
access-list 102 deny ip any any log
!
access-list 105 remark Traffic to NAT
access-list 105 deny ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 105 permit ip 192.168.1.0 0.0.0.255 any
!
access-list 106 remark User to Site VPN Clients
access-list 106 permit ip 192.168.1.0 0.0.0.255 any
!
dialer-list 1 protocol ip permit
banner motd |
You require authorisation to connect to this device.
|
!
interface FastEthernet0
no shutdown
exit
interface FastEthernet1
no shutdown
exit
interface FastEthernet2
no shutdown
exit
interface FastEthernet3
no shutdown
exit
interface vlan1
no shutdown
exit
interface ATM0
no shutdown
exit
crypto key generate rsa general-keys modulus 2048

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Back to Networks Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums