|
I have a cisco 1800 series router, currently in a pickle. Here is the outside interface: interface FastEthernet0/1 ip address xx.xx.xx.xx 255.255.255.248 ip access-group 111 in ip inspect myfw out ip nat outside ip virtual-reassembly no ip mroute-cache duplex auto speed auto no cdp enable crypto map SDM_CMAP_1 ! Now I have a pool of outside IP addresses available to me. How do I use them on the router? I need to set them up for a new server with ports 80 and 443 open. I currently have my mail server with ports 80 and 443 using the ip address from the above interface. How do I add two more outside ip addresses, or since I have the masking down it should know? Here is the complete config some info change to protect the innocent. grouter#show config Using 6582 out of 196600 bytes ! version 12.3 no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname grouter ! boot-start-marker boot-end-marker ! no logging buffered ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 aaa new-model ! ! aaa authentication login default local aaa authorization exec default local aaa authorization network sdm_vpn_group_ml_1 local aaa session-id common ip subnet-zero ip cef ! ! ip inspect name mtfw cuseeme timeout 3600 ip inspect name myfw ftp timeout 3600 ip inspect name myfw rcmd timeout 3600 ip inspect name myfw realaudio timeout 3600 ip inspect name myfw smtp timeout 3600 ip inspect name myfw tftp timeout 3600 ip inspect name myfw udp timeout 3600 ip inspect name myfw tcp timeout 3600 ip inspect name myfw h323 timeout 3600 ip dhcp excluded-address 192.168.192.2 ip dhcp excluded-address 192.168.192.50 ip dhcp excluded-address 192.168.192.237 ! ! ip ips po max-events 100 ip domain name somename.com ip name-server xx.xx.xx.xx ip name-server 192.168.192.2 no ftp-server write-enable ! ! ! ! ! ! crypto isakmp policy 1 encr 3des authentication pre-share group 2 ! crypto isakmp policy 3 encr 3des group 2 ! crypto isakmp client configuration group somename key asldkfasljdflasdjflaskjdflaj dns 192.168.192.2 64.65.208.6 pool SDM_POOL_1 ! ! crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac ! crypto dynamic-map SDM_DYNMAP_1 1 set transform-set ESP-3DES-SHA reverse-route ! ! crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1 crypto map SDM_CMAP_1 client configuration address respond crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 ! ! ! interface FastEthernet0/0 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$ ip address 192.168.192.254 255.255.255.0 secondary ip address 10.10.10.1 255.255.255.0 ip access-group 122 out ip nat inside ip virtual-reassembly no ip mroute-cache duplex auto speed auto no cdp enable hold-queue 32 in ! interface FastEthernet0/1 ip address xx.xx.xx.xx 255.255.255.248 ip access-group 111 in ip inspect myfw out ip nat outside ip virtual-reassembly no ip mroute-cache duplex auto speed auto no cdp enable crypto map SDM_CMAP_1 ! ip local pool SDM_POOL_1 192.168.191.100 192.168.191.125 ip classless ip route 0.0.0.0 0.0.0.0 xx.xx.xx.xx ip http server ip http authentication local no ip http secure-server ip nat inside source static tcp 192.168.192.50 443 interface FastEthernet0/1 443 ip nat inside source static tcp 192.168.192.50 22 interface FastEthernet0/1 22 ip nat inside source static tcp 192.168.192.50 80 interface FastEthernet0/1 80 ip nat inside source static tcp 192.168.192.2 25 interface FastEthernet0/1 25 ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/1 overload ! ! access-list 102 remark SDM_ACL Category=16 access-list 102 deny ip any host 192.168.191.100 access-list 102 deny ip any host 192.168.191.101 access-list 102 deny ip any host 192.168.191.102 access-list 102 deny ip any host 192.168.191.103 access-list 102 deny ip any host 192.168.191.104 access-list 102 deny ip any host 192.168.191.105 access-list 102 deny ip any host 192.168.191.106 access-list 102 deny ip any host 192.168.191.107 access-list 102 deny ip any host 192.168.191.108 access-list 102 deny ip any host 192.168.191.109 access-list 102 deny ip any host 192.168.191.110 access-list 102 deny ip any host 192.168.191.111 access-list 102 deny ip any host 192.168.191.112 access-list 102 deny ip any host 192.168.191.113 access-list 102 deny ip any host 192.168.191.114 access-list 102 deny ip any host 192.168.191.115 access-list 102 deny ip any host 192.168.191.116 access-list 102 deny ip any host 192.168.191.117 access-list 102 deny ip any host 192.168.191.118 access-list 102 deny ip any host 192.168.191.119 access-list 102 deny ip any host 192.168.191.120 access-list 102 deny ip any host 192.168.191.121 access-list 102 deny ip any host 192.168.191.122 access-list 102 deny ip any host 192.168.191.123 access-list 102 deny ip any host 192.168.191.124 access-list 102 deny ip any host 192.168.191.125 access-list 102 permit tcp host 192.168.192.50 any eq smtp access-list 102 deny tcp 192.168.192.0 0.0.0.255 any eq smtp access-list 102 permit ip 192.168.192.0 0.0.0.255 any access-list 111 permit tcp any any eq smtp access-list 111 permit tcp any any eq www access-list 111 permit tcp any any eq 22 access-list 111 permit tcp any any eq 443 access-list 111 permit tcp any any eq telnet access-list 111 permit ip any host xx.xx.xx.xx access-list 111 permit icmp any any administratively-prohibited access-list 111 permit icmp any any echo access-list 111 permit icmp any any echo-reply access-list 111 permit icmp any any packet-too-big access-list 111 permit icmp any any time-exceeded access-list 111 permit icmp any any traceroute access-list 111 permit icmp any any unreachable access-list 111 permit udp any eq bootps any eq bootpc access-list 111 permit udp any eq bootps any eq bootps access-list 111 permit udp any eq domain any access-list 111 permit esp any any access-list 111 permit udp any any eq isakmp access-list 111 permit udp any any eq 10000 access-list 111 permit tcp any any eq 1723 access-list 111 permit tcp any any eq 139 access-list 111 permit udp any any eq netbios-ns access-list 111 permit udp any any eq netbios-dgm access-list 111 permit gre any any access-list 111 deny ip any any access-list 122 deny tcp any any eq telnet access-list 122 permit ip any any no cdp run route-map SDM_RMAP_1 permit 1 match ip address 102 ! ! ! control-plane ! ! line con 0 exec-timeout 120 0 line aux 0 line vty 0 4 transport input telnet ssh line vty 5 15 transport input telnet ssh ! end
|
# ¿ Apr 17, 2007 18:37 |
|
|
# ¿ Apr 25, 2024 12:22 |