[c-nsp] nat configuration
shadow floating
nadengine at googlemail.com
Tue Mar 4 02:26:02 EST 2008
Hello,
I've been engaged with a customer who had a really messed up IT
environment, one of the task that was assign to me is to make all
internal clients access the internet and publish the mail server for
them, pretty easy...but i found the configuration in the router
something like this :
interface FastEthernet0/0
ip address X.X.X.1 255.255.255.240 secondary
ip address y.y.y.y 255.255.255.240
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
encapsulation frame-relay IETF
no fair-queue
frame-relay lmi-type q933a
!
interface Serial0/0/0.16 point-to-point
description link to ISP
ip address 172.16.1.2 255.255.255.252
frame-relay interface-dlci 16
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0.16
!
both X.X.X.1 , X.X.X.2 and y.y.y.y are public ip address , and the mx
record for the mail points to X.X.X.2
there used to be and ISA server with the external ip address x.x.x.2
and internal ip 10.0.0.1, now the ISA is just gone and they need to
get back online again quickly
so what is the right arrangement for this configuration to enable
static natting to internal mail 10.0.0.25:25 to X.X.X.2:25 and
overload the rest of clients on X.X.X.2 ?
should it be something like that:
ip access-list 100 deny tcp 10.0.0.25 0.0.0.0 eq 25 any
ip access-list 100 permit ip 10.0.0.0 0.0.0.255 any
!
ip nat pool internet x.x.x.2 x.x.x.2 netmask 255.255.255.0
!
ip nat inside source list 100 pool internet overload
ip nat inside source static tcp 10.0.0.25 25 x.x.x.2 25
!
int f0/0
ip nat inside
int s0/0/0.16
ip nat outside
thanks alot for your help
Regards,
Nad
More information about the cisco-nsp
mailing list