Re: Cisco: How to configure NAT [Network Address Translation] | Cisco router | Tech-Recipes

femyadesina — Fri, 13 Mar 2009 15:09:41 -0000

Hello fellow, have problems with my vpn + Nat. I can connect to my other side of vpn (site to to site) but my local host cannot get to internet. Anybody can help? see below for my configurations. I ommited some portions of my live IPs for obvious reason please hlp out

-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege le
vel of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.

Here are the Cisco IOS commands.

username <myuser> privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use
.

For more information about SDM please follow the instructions in the QUICK START

GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------

User Access Verification

Username: Tutu
Password:
IKOYI#sh run
Building configuration...

Current configuration : 4717 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname IKO
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$I0iE$8pVL1AcDSoFbiIRp.sgv8/
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
!
!
ip domain name yourdomain.com
ip name-server 196.207.15.42
!
!
!
crypto pki trustpoint TP-self-signed-145630655
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-145630655
revocation-check none
rsakeypair TP-self-signed-145630655
!
!
crypto pki certificate chain TP-self-signed-145630655
certificate self-signed 01
3082024A 308201B3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31343536 33303635 35301E17 0D303930 33303630 32333233
345A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3134 35363330
36353530 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
EE0D2291 66CCB6E7 54CBA7CE 9F40BEE8 29735E6F FFC917BC 7F981F6A 54DECBED
60EB601B 6277B41A 5DF2E424 71FC057D 408BF779 212FC646 D39746C8 D2D57A28
9658AED8 C0351113 A54DA1BF FF2D3A8F D478B751 E298E0E2 5C879BB9 015AED71
AAEB99EA B98777AF 002CD08B ACD91B5B CB0327A5 05847A8B 18EDB7E0 3722AB9D
02030100 01A37430 72300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
11041830 16821449 4B4F5949 2E796F75 72646F6D 61696E2E 636F6D30 1F060355
1D230418 30168014 8A9EFB00 CF24755D 76965DF2 A5AEC3ED 8C72D41C 301D0603
551D0E04 1604148A 9EFB00CF 24755D76 965DF2A5 AEC3ED8C 72D41C30 0D06092A
864886F7 0D010104 05000381 81009EA2 829BBA41 C9CDE377 CDE88735 621BE1F4
DAD6CE7E 58C38786 638B5D2F 6A23A0FB 5C37538D 337EE2C0 9BCD65F1 6D9D24BA
29A73A47 A13D08F2 097F3FB7 46708287 523C1ACE 5C4855B6 612FE99C A6DC6567
6D3ABD6B EE73ED5D C9F1530E 3F55865E 6A7A8578 87EF7DD5 E387FB66 D75BCFD4
EEBD7327 A6F437EE 82A0FFCA 41B8
quit
username administrator privilege 15 secret 5 $1$nEox$0hYI/8hL2wG4BbmWtM55t.
username femi privilege 15 password 0 ok femi
username rama privilege 15 secret 5 $1$N42C$8miusbsth9k.SzizkaE520
!
!
!
crypto isakmp policy 7
encr aes
hash md5
authentication pre-share
!
crypto isakmp policy 70
hash md5
authentication pre-share
group 2
crypto isakmp key kamasutral address 41.219.xx.xx no-xauth
!
!
crypto ipsec transform-set BUKKY esp-aes esp-sha-hmac
!
crypto map VPN-MAP 10 ipsec-isakmp
set peer 41.219.xx.xx
set transform-set BUKKY
match address INT-TRAFFIC
!
!
!
interface FastEthernet0/0
description LAN$ES_LAN$$ETH-LAN$
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description WAN $ETH-WAN$
ip address 41.219.xx.xx 255.255.255.248
ip access-group 100 out
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map VPN-MAP
!
ip classless
ip route 0.0.0.0 0.0.0.0 41.219.xx.xx
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool BUK 41.219.xx.xx 41.219.xx.xx netmask 255.255.255.248
ip nat inside source list 100 interface FastEthernet0/1 overload
!
ip access-list extended INT-TRAFFIC
permit ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
!
access-list 100 deny ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
!
!
control-plane
!
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege le
vel of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.

Here are the Cisco IOS commands.

username <myuser> privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use
.

For more information about SDM please follow the instructions in the QUICK START

GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
password Tutu
login
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password Tutu
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

IKO#

Re: Cisco: How to configure NAT [Network Address Translation] | Cisco router | Tech-Recipes

Wisedec — Fri, 23 Jan 2009 16:19:34 -0000

1) config NAT on router like this http://wisedec.com/configuring-nat-on-cisco-rou...
2) sign up for one free domain name http://www.dyndns.com/
3) Add to your config this commands
no ip nat inside source list 1 interface fastethernet 1 overload
ip nat inside source static 10.10.10.10 interface fastethernet 0

where 10.10.10.10 is address your cpu

Re: Cisco: How to configure NAT [Network Address Translation] | Cisco router | Tech-Recipes

Daniel Yuraitis — Sun, 12 Oct 2008 09:06:20 -0000

sorry i meant http://www.dyndns.com/ if you go to the link i added earlier it will take you somewhere different

Re: Cisco: How to configure NAT [Network Address Translation] | Cisco router | Tech-Recipes

Daniel Yuraitis — Sun, 12 Oct 2008 09:04:05 -0000

if you go to dyn-dns.com you can sign up for one free domain name e.g. yourdomain.homeip.net or yourdomain.homelinux.com. This domain name will be mapped out to your ip address each time it changes through either a software client on your server or through your router (mine is a Speedstream router and it had an option in the gui for dyn-dns where you simply enter your dyn-dns username and password)
each time your ip address changes the dns entry for it will be updated by the client and you will be able to access the ever changing ip adress from the outside by using the domain name.

Re: Cisco: How to configure NAT [Network Address Translation] | Cisco router | Tech-Recipes

wilson — Thu, 02 Oct 2008 18:47:10 -0000

how i can configure the router if the isp tell me a ip that change evry moment that i restart my router, and i want to use the port 7717 with my cpu because i have a softwre client/server.

Tech-Recipes - Latest Comments in Cisco: How to configure NAT [Network Address Translation] | Cisco router | Tech-Recipes

Re: Cisco: How to configure NAT [Network Address Translation] | Cisco router | Tech-Recipes

Re: Cisco: How to configure NAT [Network Address Translation] | Cisco router | Tech-Recipes

Re: Cisco: How to configure NAT [Network Address Translation] | Cisco router | Tech-Recipes

Re: Cisco: How to configure NAT [Network Address Translation] | Cisco router | Tech-Recipes

Re: Cisco: How to configure NAT [Network Address Translation] | Cisco router | Tech-Recipes