Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cisco Short Questions Thread v12.4.9(WTF)
 
  • Post
  • Reply
WalaWala
Jul 2, 2002
 I have a cisco 1800 series router, currently in a pickle.
Here is the outside interface:
interface FastEthernet0/1
ip address xx.xx.xx.xx 255.255.255.248
ip access-group 111 in
ip inspect myfw out
ip nat outside
ip virtual-reassembly
no ip mroute-cache
duplex auto
speed auto
no cdp enable
crypto map SDM_CMAP_1
!

Now I have a pool of outside IP addresses available to me.
How do I use them on the router? I need to set them up for a new server with ports 80 and 443 open. I currently have my mail server with ports 80 and 443 using the ip address from the above interface. How do I add two more outside ip addresses, or since I have the masking down it should know?

Here is the complete config some info change to protect the innocent.

grouter#show config
Using 6582 out of 196600 bytes
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname grouter
!
boot-start-marker
boot-end-marker
!
no logging buffered

!

mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa session-id common
ip subnet-zero
ip cef
!
!
ip inspect name mtfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 3600
ip inspect name myfw udp timeout 3600
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip dhcp excluded-address 192.168.192.2
ip dhcp excluded-address 192.168.192.50
ip dhcp excluded-address 192.168.192.237
!
!
ip ips po max-events 100
ip domain name somename.com
ip name-server xx.xx.xx.xx
ip name-server 192.168.192.2
no ftp-server write-enable
!
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 3
encr 3des
group 2
!
crypto isakmp client configuration group somename
key asldkfasljdflasdjflaskjdflaj
dns 192.168.192.2 64.65.208.6
pool SDM_POOL_1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
reverse-route
!
!
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$
ip address 192.168.192.254 255.255.255.0 secondary
ip address 10.10.10.1 255.255.255.0
ip access-group 122 out
ip nat inside
ip virtual-reassembly
no ip mroute-cache
duplex auto
speed auto
no cdp enable
hold-queue 32 in
!
interface FastEthernet0/1
ip address xx.xx.xx.xx 255.255.255.248
ip access-group 111 in
ip inspect myfw out
ip nat outside
ip virtual-reassembly
no ip mroute-cache
duplex auto
speed auto
no cdp enable
crypto map SDM_CMAP_1
!
ip local pool SDM_POOL_1 192.168.191.100 192.168.191.125
ip classless
ip route 0.0.0.0 0.0.0.0 xx.xx.xx.xx
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source static tcp 192.168.192.50 443 interface FastEthernet0/1 443
ip nat inside source static tcp 192.168.192.50 22 interface FastEthernet0/1 22
ip nat inside source static tcp 192.168.192.50 80 interface FastEthernet0/1 80
ip nat inside source static tcp 192.168.192.2 25 interface FastEthernet0/1 25
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/1 overload
!
!
access-list 102 remark SDM_ACL Category=16
access-list 102 deny ip any host 192.168.191.100
access-list 102 deny ip any host 192.168.191.101
access-list 102 deny ip any host 192.168.191.102
access-list 102 deny ip any host 192.168.191.103
access-list 102 deny ip any host 192.168.191.104
access-list 102 deny ip any host 192.168.191.105
access-list 102 deny ip any host 192.168.191.106
access-list 102 deny ip any host 192.168.191.107
access-list 102 deny ip any host 192.168.191.108
access-list 102 deny ip any host 192.168.191.109
access-list 102 deny ip any host 192.168.191.110
access-list 102 deny ip any host 192.168.191.111
access-list 102 deny ip any host 192.168.191.112
access-list 102 deny ip any host 192.168.191.113
access-list 102 deny ip any host 192.168.191.114
access-list 102 deny ip any host 192.168.191.115
access-list 102 deny ip any host 192.168.191.116
access-list 102 deny ip any host 192.168.191.117
access-list 102 deny ip any host 192.168.191.118
access-list 102 deny ip any host 192.168.191.119
access-list 102 deny ip any host 192.168.191.120
access-list 102 deny ip any host 192.168.191.121
access-list 102 deny ip any host 192.168.191.122
access-list 102 deny ip any host 192.168.191.123
access-list 102 deny ip any host 192.168.191.124
access-list 102 deny ip any host 192.168.191.125
access-list 102 permit tcp host 192.168.192.50 any eq smtp
access-list 102 deny tcp 192.168.192.0 0.0.0.255 any eq smtp
access-list 102 permit ip 192.168.192.0 0.0.0.255 any
access-list 111 permit tcp any any eq smtp
access-list 111 permit tcp any any eq www
access-list 111 permit tcp any any eq 22
access-list 111 permit tcp any any eq 443
access-list 111 permit tcp any any eq telnet
access-list 111 permit ip any host xx.xx.xx.xx
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
access-list 111 deny ip any any
access-list 122 deny tcp any any eq telnet
access-list 122 permit ip any any
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 102
!
!
!
control-plane
!
!
line con 0
exec-timeout 120 0
line aux 0
line vty 0 4
transport input telnet ssh
line vty 5 15
transport input telnet ssh
!
end

* # ¿ Apr 17, 2007 18:37
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ Apr 25, 2024 12:22
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cisco Short Questions Thread v12.4.9(WTF)