Setting up static nat for ip addresses

We recently switched to a verizon fios line. Our company has two offices (CA, NC). There are servers in NC that we need to be able to print to printers in CA. 
We have 5 static IP's from Verizon, I set 3 of the remaining IPs as a static nat to the private ips of the printers. I cannot ping these static public ips. I even have the port forwarding from UDP/TCP set to any for both the Source and Destination ports. 
Can anyone help me as to why I cannot ping these IP addresses?
I can ping the private IP's from the private network (CA) that the printers are on.
Solved!
Go to Solution.

No, it does not. But they are working this morning. Maybe the DNS needed to propigate? Not sure but it works now. 

Similar Messages

  • Static NAT for FTP access

    NAT overload has been done successfully as follows:
    1. ip nat inside and ip nat outside configured on the appropriate interfaces i.e.fa0/0 and fa0/1
    2. default route added on the router.
    3.additional configuration is added:
    ip nat inside source list 1 interface fa0/1 overload
    access-list 1 permit 192.168.1.0 0.0.0.255
    Now I am trying to use static NAT for FTP:
    ip nat inside source static tcp 192.168.1.X 21 x.x.x.x 21 extendable
    But this does not work please help. I am trying to access FTP server from LAN by entering public address in the browser. Can access the FTP server with private address but this defeats the purpose of FTP. Please help.

    Router(config)#interface fa0/0
    Router(config-if)#ip address 192.168.1.254 255.255.255.0
    Router(config-if)#no shut
    Router(config-if)#ip nat inside
    Router(config-if)#interface fa0/1
    Router(config-if)#ip address 203.109.120.2 255.255.255.252
    Router(config-if)#no shut
    Router(config-if)#ip nat outside
    Router(config)#ip route 0.0.0.0 0.0.0.0 interface fa0/1
    Router(config)#ip nat inside source list 1 interface fa0/1 overlaod
    Router(config)#access-list 1 permit 192.168.1.0 0.0.0.255

  • DM-VPN with Static NAT for Spoke Router. Require Expert Help

    Dear All,
                This is my first time to write something .
                             i have configure DM-VPN, and it's working fine, now i want to configure static nat.
    some people will think why need static nat if it's working fine.
    let me tell you why i need. what is my plan.
    i have HUB with 3 spoke. some time i go out side of my office and not able to access my spoke computer by Terminal Services. because its by dynamic ip address.  so what i think i'll give one Static NAT on my HUB Router that if any one or Me Hit the Real/Public IP address of my HUB WAN Interface from any other Remote location so redirect this quiry to my Terminal Service computer which located in spoke network.
    will for that i try but fail. 
    will again the suggestion will come. why not to use .. Easy VPN. well sound great. but then i have to keep my notebook with me.
    i'll also do it but now i need that how to do Static NAT. like for normal Router i am doing which is not part of VPN.
    ip nat inside source static tcp 192.168.1.10 3389 interface Dialer1 3389
    but this time  this command is not working, because the ip address which i mention it's related HUB Network not Spoke
    spose spoke Network: 192.168.2.0/24
    and i want on HUB Router:
    ip nat inside source static tcp 192.168.2.10 3389 interface Dialer1 3389
    i am using Cisco -- 887 and 877 ADSL Router.
    but it's not working,   Need experts help. please write your comment's which are very important for me. waiting for your commant's
    fore more details please see the diagram.
    for Contact Me: [email protected]

    hi rvarelac  thank you for reply :
    i allready done that ,  i put a deny statements in nat access-list excluding the vpn traffic , but the problem still there !
    crypto isakmp policy 10
     encr aes
     authentication pre-share
    crypto isakmp key 12344321 address 1.1.1.1
    crypto ipsec transform-set Remote-Site esp-aes esp-sha-hmac
     mode tunnel
    crypto map s2s 100 ipsec-isakmp
     set peer 1.1.1.1
     set transform-set Remote-Site
     match address vpnacl
    interface GigabitEthernet0/0
     crypto map s2s
    Extended IP access list lantointernet
    30 deny icmp 172.17.0.0 0.0.1.255 192.168.1.0 0.0.0.255
    40 deny igmp 172.17.0.0 0.0.1.255 192.168.1.0 0.0.0.255
    50 deny ip 172.17.0.0 0.0.1.255 192.168.1.0 0.0.0.255
    80 permit ip any any

  • How to set and static ip_address for a Suse Linux box

    Hi.
    I've done the following to set an static ip address for my Suse 9 Linux box:
    - Take not of inet address value from ifconfig command. ie: (172.17.2.14)
    - Change this value in /etc/hosts for my linux box.
    Since Suse is configure by default to use DHCP for assigning dinamic ip_addresses i'm not sure whether will lastly be set as a static address. I've rebooted my box and it seems to be OK.
    Thanks in advance ...!

    /etc/hosts is not configuration file for ethernet interfaces.
    Configuration files for ethernet interfaces are stored in /etc/sysconfig/network directory.
    For example if you have eth0 device then configuretion for this device is stored in /etc/sysconfig/network/ifcfg-eth0 file.
    Important directives:
    DEVICE - interface (eth0)
    IPADDR - IP address of interface
    NETMASK - netmask
    BOOTPROTO - "static" for static configuration, dhcp for dynamic configuration via dhcp
    ONBOOT - activating interface during boot (yes/no) (yes - of course :-) )
    GATEWAY - default gateway
    So for example you want setup static IP (192.168.10.1 / 255.255.225.0) for eth0 interface.
    Edit the /etc/sysconfig/network/ifcfg-eth0 file and your configuration should be:
    DEVICE=eth0
    IPADDR=192.168.10.1
    NETMASK=255.255.255.0
    BOOTPROTO=static
    ONBOOT=yesThen you simply restart the nework using:
    /etc/init.d/network restartOR
    /sbin/ifdown eth0
    /sbinf/ifup eth0 OR
    ifconfig eth0 down
    ifconfig eth0 up

  • Static NAT for DMZ hosts

    Hello,
    It has been a while since I last worked on firewall.  Please  take a look at info below.
    INSIDE does not have access to Internet
    Services/Servers in DMZ need to be accessible from Internet
    CONFIG
    names
    interface Ethernet0/0
    nameif outside
    security-level 0
    ip address X.X.X.46 255.255.255.240 standby X.X.X.45
    interface Ethernet0/1
    speed 1000
    duplex full
    nameif inside
    security-level 100
    ip address INSIDE.254 255.255.254.0 standby INSIDE.253
    interface Ethernet0/2
    interface Ethernet0/2.1
    description LAN Failover Interface
    vlan 20
    interface Ethernet0/2.2
    description STATE Failover Interface
    vlan 30
    interface Ethernet0/3
    description DMZ INTERFACE
    speed 100
    duplex full
    nameif dmz
    security-level 100
    ip address DMZ.254 255.255.255.0 standby DMZ.253
    interface Management0/0
    nameif management
    security-level 100
    ip address 192.168.1.1 255.255.255.0
    management-only
    ftp mode passive
    dns server-group DefaultDNS
    domain-name CDGI.com
    same-security-traffic permit inter-interface
    access-list NAT0_INSIDE_DMZ remark NO NAT FROM INSIDE TO DMZ
    access-list NAT0_INSIDE_DMZ extended permit ip INSIDE.0 255.255.254.0 DMZ.0 255.255.255.0
    access-list OUTSIDE_TO_DMZ extended permit ip any host X.X.X.41
    access-list OUTSIDE_TO_DMZ extended permit tcp any host X.X.X.41 eq www
    access-list OUTSIDE_TO_DMZ extended permit icmp any host X.X.X.41 echo
    access-list OUTSIDE_TO_DMZ extended permit icmp any host X.X.X.41 echo-reply
    access-list OUTSIDE_TO_DMZ extended permit ip any host X.X.X.42
    access-list OUTSIDE_TO_DMZ extended permit tcp any host X.X.X.42 eq www
    access-list OUTSIDE_TO_DMZ extended permit icmp any host X.X.X.42 echo
    access-list OUTSIDE_TO_DMZ extended permit icmp any host X.X.X.42 echo-reply
    access-list NO-NAT-INTERNAL extended permit ip INSIDE.0 255.255.254.0 DMZ.0 255.255.255.0
    access-list NO-NAT-INTERNAL extended permit ip INSIDE.0 255.255.254.0 192.168.254.0 255.255.255.0
    access-list NO-NAT-DMZ extended permit ip DMZ.0 255.255.255.0 192.168.254.0 255.255.255.0
    pager lines 24
    logging enable
    logging asdm informational
    mtu outside 1500
    mtu inside 1500
    mtu dmz 1500
    mtu management 1500
    ip local pool SSLCLIENT_IP_POOL 192.168.254.1-192.168.254.25 mask 255.255.255.0
    failover
    failover lan unit primary
    failover lan interface FAILOVER Ethernet0/2.1
    failover link STATEFUL Ethernet0/2.2
    failover interface ip FAILOVER 172.31.254.254 255.255.255.252 standby 172.31.254.253
    failover interface ip STATEFUL 172.31.254.250 255.255.255.252 standby 172.31.254.249
    icmp unreachable rate-limit 1 burst-size 1
    no asdm history enable
    arp timeout 14400
    nat (dmz) 0 access-list NO-NAT-DMZ
    static (dmz,outside) X.X.X.41 DMZ.49 netmask 255.255.255.255
    static (dmz,outside) X.X.X.42 DMZ.28 netmask 255.255.255.255
    access-group OUTSIDE_TO_DMZ in interface outside
    route outside 0.0.0.0 0.0.0.0 X.X.X.33 1
    timeout xlate 3:00:00
    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
    timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
    timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
    timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
    timeout tcp-proxy-reassembly 0:01:00
    dynamic-access-policy-record DfltAccessPolicy
    aaa authentication ssh console LOCAL
    no snmp-server location
    no snmp-server contact
    snmp-server enable traps snmp authentication linkup linkdown coldstart
    service resetoutside
    ssh timeout 5
    ssh version 2
    console timeout 0
    dhcpd address 192.168.1.2-192.168.1.254 management
    dhcpd enable management
    threat-detection basic-threat
    threat-detection statistics port
    threat-detection statistics protocol
    threat-detection statistics access-list
    no threat-detection statistics tcp-intercept
    class-map inspection_default
    match default-inspection-traffic
    policy-map type inspect dns preset_dns_map
    parameters
      message-length maximum 512
    policy-map global_policy
    class inspection_default
      inspect dns preset_dns_map
      inspect ftp
      inspect h323 h225
      inspect h323 ras
      inspect rsh
      inspect rtsp
      inspect esmtp
      inspect sqlnet
      inspect skinny 
      inspect sunrpc
      inspect xdmcp
      inspect sip 
      inspect netbios
      inspect tftp
      inspect icmp
      inspect http
    service-policy global_policy global
    ===========================================================================================
    As you see above, config has ACL that allows traffic from Internet to DMZ and has static NAT.  The hosts in DMZ are still not accessible.
    Please help.
    Thanks,
    Paresh.

    Hi,
    For Inside to internet:
    you have no global( outside) as well as nat(inside) configured.
    nat(inside) 1 0 0
    global(outside) 1 interface
    For second part, I see no problem in the config, is it not working?
    Regards.
    Alain

  • BO Webi: How to populate a variable with the set of static values for Graph

    Hi All,
    I have the data: Order number, Order Date, processing time coming from the SAP Bex query in the below format:
    Order No    Order Date    Processing time (Days)
    1                 Jan-2011      4
    2                 Jan-2011      5
    3                 Feb-2011      6
    In BO webi report, I have to report the number of orders which were processed in <1day, <2days, <3days,...<10days in a graphical view. i.e., X-Axis:  <1day, <2days, <3days,...<10days(10 static buckets for the processing days)
    Y-Axis: Number of Orders.
    The graphical output should be like below:
    X-Axis: <1day, <2days, <3days,<4days,<5days,<6days,<7days,<8days,<9days,<10days
    Y-Axis: 0, 0,0,0,1,2,3,3,3,3  (count(Order No)) (Cumulative count)
    I am able to calculate the number of orders individually for each of the 10 buckets. But the problem i am facing is that I am not able to hold the 10 static bucket values in a variable to use it for the x-axis in the Graph, as these 10 static bucket values are not coming from the backend source.
    I would like to know if there is way to populate a variable(to use it for the X-Axis in the graph) with the set of 10 static values.
    Any help would be highly appreciated.
    Thanks,
    Leela

    Hi ,
    I think we can use the variable as X-axis in chart.. but Variable Qulaification should be Dimension.
    can you try this?.
    Using efasion universe
    1) Select month and Sold at (unit price) , then run the query
    2) create the variable V_Month ==If [Month]=1 Then "Month1" Else "Month2"  (Note = Variable Qulaification should be Dimension)
    3) Create the variable V_Sum= sum (Sold at (unit price))
    4) create another variable V_Cumulative_Sum==[V_Sum]+Previous([V_Sum])
    Now add V_Month and V_Cumulative_Sum in table , then convert to chart.. now you can add the variable V_Month as X-axis of the chart.
    Hope this will help:)
    Thanks
    Ponnarasu K

  • Configure static NAT for range of ports

    Hi,
    I have a 2911 with a 3CX IP PBX behind it that needs to have a static NAT to the 3CX server for TCP/UDP 5060 and UDP 9000-9049. Do I have to create a static NAT entry for every single port in order for this to work, or can a range be defined in the NAT entries?
    As an example, say my 3CX server has an internal IP of 192.168.1.25 and my external IP is 1.2.3.4. Would I have to create an entry for each port?
    ip nat inside source static tcp 192.168.1.25 5060 1.2.3.4 5060
    ip nat inside source static udp 192.168.1.25 5060 1.2.3.4 5060
    ip nat inside source static udp 192.168.1.25 9000 1.2.3.4 9000
    ip nat inside source static udp 192.168.1.25 9001 1.2.3.4 9001
    and so on...
    Is this the correct way to do it, or is there another better way?
    Also, I only have one public IP to work with, and there are multiple other hosts on this network that need to have access to the internet. Right now I have NAT setup with overload so that the other hosts can get to the Internet. Here's my config for that:
    ip nat pool PATPOOL 1.2.3.4 1.2.3.4 netmask 255.255.255.252
    ip nat inside source list NAT_ACL pool PATPOOL overload     
    ip access-list standard NAT_ACL
     remark PAT to outside
     permit 192.168.1.0 0.0.0.255
     exit
    My question with this is will the static NAT work if I already have NAT overload configured as above?
    Thanks for the help in advance.
    Austin
    PS here is 3CX documentation on this subject http://www.3cx.com/blog/voip-howto/cisco-voip-configuration/

    I ended up creating a static NAT entry for each individual port mapping. This worked just as it was supposed to. 
    I have seen examples of people using route maps and ACLs to accomplish forwarding a range ports. I have yet to see official documentation from Cisco on this, and in some cases those examples did not seem to work correctly.
    ASAs with the latest code have the ability to forward a range of ports, but based on my research IOS lacks this feature.
    In my case, forwarding 50 ports wasn't so bad. However, if you have hundreds or thousands of ports to forward you may want to try the route map/ACL approach.
    Hopefully this information useful to others. 

  • Static NAT for Secondary IP addresses

    I am running a Novell SBS 6.0 SP4 server w/Border Manager 3.6 Sp2 with two
    Netcards. My Two public IP address w/different subnets on the same Net
    card will keep running but the secondary IP address fail after a few
    hours, but can be pinged from inside the Network. The following is how my
    config is setup:
    Netcard #1(public):
    IP #1 - 66.170.173.100 Subnet 255.255.255.240
    Static/Dynamic 66.170.173.17 -> 192.xxx.1.22
    66.170.173.18 -> 192.xxx.1.23
    66.170.173.20 -> 192.xxx.2.25
    IP #2 - 66.170.173.17 Subnet 255.255.255.248
    Static/Dynamic - Disabled
    Secondary Ip Address bound -> 66.170.173.18
    -> 66.170.173.20
    Netcard #2 (private)- 192.xxx.1.16
    The modem is connected directly to Netcard #1 with not router between
    them. Is there something wrong with this setup or is there something else
    I have to do? My filters seem to be working fine as far as I know.
    Thank you,
    [email protected]

    > hi Ken,
    >
    > do you have a way to verify that the secondary IP addresses work
    properly if
    > they're associated to another device?
    > What's the agreement you have with your ISP about the two subnet of
    > addresses? Are they aware that they're associated to the same physical
    > device? I'm wondring if there is something wrong in the wireless system
    that
    > prevents ARP from working properly in that configuration.
    >
    > --
    > Caterina Luppi
    > Novell Support Connection Volunteer Sysop
    > <[email protected]> wrote in message
    > news:zj7mc.1918$[email protected]..
    > > > Hi Ken,
    > > >
    > > > > Whos router are we talking about? Is it the modem of the ISP just
    > > before
    > > > > my server or my internal switches for my workstations?
    > > >
    > > > sorry, my bad. I was referring to the modem of the ISP. I suspect
    this
    > is
    > > > not a modem only, right? I mean, you have an ethernet connection
    between
    > > the
    > > > modem and the BM server, correct? In this case the device of your
    ISP is
    > > a
    > > > modem/router, not a modem only.
    > > > Are you using DSL or cable?
    > > > --
    > > > Caterina Luppi
    > > > Novell Support Connection Volunteer Sysop
    > > >
    > > >
    > > Yes, we are running wireless DSL. They called it a modem, but it might
    be
    > > a router.
    > >
    > > [email protected]
    >
    >
    I just received an email back from the ISP and they said they have had
    troubles with that modem and ARP tables. They are going to swap out the
    modem when they get the new type of modems in. I will post back the
    outcome when they swap them out.
    Thank you for the help,
    [email protected]

  • Need help setting up static NAT to internal server

    One of my internal servers requires it to be available to the internet I am having a hard time allowing it to be NATed through my Ciscc 2801 router. It seems as though im missing something small. From what I can gather it seems as though its as issue with ACL, but im not sure. I have ran the following command: ip nat inside source static tcp 192.168.5.1 ***WAN IP Address*** 8443 extendable Then I tried to add it to the ACL
    via this command: access-list 150 permit tcp any host ***WAN IP Address*** eq 8443
    Here is a copy of my config. Please advise. Thanks.
    IP    172.19.3.x
    sub 255.255.255.128
    GW 172.19.3.129
    Ciscso 2801 Router
    Current configuration : 11858 bytes
    version 12.4
    service timestamps debug datetime localtime
    service timestamps log datetime localtime show-timezone
    service password-encryption
    hostname router-2801
    boot-start-marker
    boot-end-marker
    logging message-counter syslog
    logging buffered 4096
    aaa new-model
    aaa authentication login userauthen group radius local
    aaa authorization network groupauthor local
    aaa session-id common
    clock timezone est -5
    clock summer-time zone recurring last Sun Mar 2:00 1 Sun Nov 2:00
    dot11 syslog
    ip source-route
    ip dhcp excluded-address 172.19.3.129 172.19.3.149
    ip dhcp excluded-address 172.19.10.1 172.19.10.253
    ip dhcp excluded-address 172.19.3.140
    ip dhcp ping timeout 900
    ip dhcp pool DHCP
       network 172.19.3.128 255.255.255.128
       default-router 172.19.3.129
       domain-name domain.local
       netbios-name-server 172.19.3.7
       option 66 ascii 172.19.3.225
       dns-server 172.19.3.140 208.67.220.220 208.67.222.222
    ip dhcp pool VoiceDHCP
       network 172.19.10.0 255.255.255.0
       default-router 172.19.10.1
       dns-server 208.67.220.220 8.8.8.8
       option 66 ascii 172.19.10.2
       lease 2
    ip cef
    ip inspect name SDM_LOW cuseeme
    ip inspect name SDM_LOW dns
    ip inspect name SDM_LOW ftp
    ip inspect name SDM_LOW h323
    ip inspect name SDM_LOW https
    ip inspect name SDM_LOW icmp
    ip inspect name SDM_LOW imap
    ip inspect name SDM_LOW pop3
    ip inspect name SDM_LOW netshow
    ip inspect name SDM_LOW rcmd
    ip inspect name SDM_LOW realaudio
    ip inspect name SDM_LOW rtsp
    ip inspect name SDM_LOW esmtp
    ip inspect name SDM_LOW sqlnet
    ip inspect name SDM_LOW streamworks
    ip inspect name SDM_LOW tftp
    ip inspect name SDM_LOW tcp
    ip inspect name SDM_LOW udp
    ip inspect name SDM_LOW vdolive
    no ip domain lookup
    ip domain name domain.local
    multilink bundle-name authenticated
    key chain key1
    key 1
       key-string 7 06040033484B1B484557
    crypto pki trustpoint TP-self-signed-3448656681
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-3448bb6681
    revocation-check none
    rsakeypair TP-self-signed-344bbb56681
    crypto pki certificate chain TP-self-signed-3448656681
    certificate self-signed 01
      3082024F
                quit
    username admin privilege 15 password 7 F55
    archive
    log config
      hidekeys
    crypto isakmp policy 10
    encr 3des
    hash md5
    authentication pre-share
    group 2
    crypto isakmp key XXXXX address 209.118.0.1
    crypto isakmp key xxxxx address SITE B Public IP
    crypto isakmp keepalive 40 5
    crypto isakmp nat keepalive 20
    crypto isakmp client configuration group IISVPN
    key 1nsur3m3
    dns 172.19.3.140
    wins 172.19.3.140
    domain domain.local
    pool VPN_Pool
    acl 198
    crypto isakmp profile IISVPNClient
       description VPN clients profile
       match identity group IISVPN
       client authentication list userauthen
       isakmp authorization list groupauthor
       client configuration address respond
    crypto ipsec transform-set myset esp-3des esp-md5-hmac
    crypto dynamic-map Dynamic 5
    set transform-set myset
    set isakmp-profile IISVPNClient
    qos pre-classify
    crypto map VPN 10 ipsec-isakmp
    set peer 209.118.0.1
    set peer SITE B Public IP
    set transform-set myset
    match address 101
    qos pre-classify
    crypto map VPN 65535 ipsec-isakmp dynamic Dynamic
    track 123 ip sla 1 reachability
    delay down 15 up 10
    class-map match-any VoiceTraffic
    match protocol rtp audio
    match protocol h323
    match protocol rtcp
    match access-group name VOIP
    match protocol sip
    class-map match-any RDP
    match access-group 199
    policy-map QOS
    class VoiceTraffic
        bandwidth 512
    class RDP
        bandwidth 768
    policy-map MainQOS
    class class-default
        shape average 1500000
      service-policy QOS
    interface FastEthernet0/0
    description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$FW_INSIDE$
    ip address 172.19.3.129 255.255.255.128
    ip access-group 100 in
    ip inspect SDM_LOW in
    ip nat inside
    ip virtual-reassembly
    duplex auto
    speed auto
    interface FastEthernet0/0.10
    description $ETH-VoiceVLAN$$
    encapsulation dot1Q 10
    ip address 172.19.10.1 255.255.255.0
    ip inspect SDM_LOW in
    ip nat inside
    ip virtual-reassembly
    interface FastEthernet0/1
    description "Comcast"
    ip address PUB IP 255.255.255.248
    ip access-group 102 in
    ip inspect SDM_LOW out
    ip nat outside
    ip virtual-reassembly
    duplex auto
    speed auto
    crypto map VPN
    interface Serial0/1/0
    description "Verizon LEC Circuit ID: w0w13908 Site ID: U276420-1"
    bandwidth 1536
    no ip address
    encapsulation frame-relay IETF
    frame-relay lmi-type ansi
    interface Serial0/1/0.1 point-to-point
    bandwidth 1536
    ip address 152.000.000.18 255.255.255.252
    ip access-group 102 in
    ip verify unicast reverse-path
    ip inspect SDM_LOW out
    ip nat outside
    ip virtual-reassembly
    frame-relay interface-dlci 500 IETF
    crypto map VPN
    service-policy output MainQOS
    interface Serial0/2/0
    description "PAETEC 46.HCGS.788446.CV (Verizon ID) / 46.HCGS.3 (PAETEC ID)"
    ip address 123.252.123.102 255.255.255.252
    ip access-group 102 in
    ip inspect SDM_LOW out
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    crypto map VPN
    service-policy output MainQOS
    ip local pool VPN_Pool 172.20.3.130 172.20.3.254
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 50.00.000.110 track 123
    ip route 0.0.0.0 0.0.0.0 111.252.237.000 254
    ip route 122.112.197.20 255.255.255.255 209.252.237.101
    ip route 208.67.220.220 255.255.255.255 50.78.233.110
    no ip http server
    no ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip flow-top-talkers
    top 20
    sort-by bytes
    ip nat inside source route-map COMCAST interface FastEthernet0/1 overload
    ip nat inside source route-map PAETEC interface Serial0/2/0 overload
    ip nat inside source route-map VERIZON interface Serial0/1/0.1 overload
    ip nat inside source static tcp 172.19.3.140 21 PUB IP 21 extendable
    ip access-list extended VOIP
    permit ip 172.20.3.0 0.0.0.127 host 172.19.3.190
    permit ip host 172.19.3.190 172.20.3.0 0.0.0.127
    ip radius source-interface FastEthernet0/0
    ip sla 1
    icmp-echo 000.67.220.220 source-interface FastEthernet0/1
    timeout 10000
    frequency 15
    ip sla schedule 1 life forever start-time now
    access-list 23 permit 172.19.3.0 0.0.0.127
    access-list 23 permit 172.19.3.128 0.0.0.127
    access-list 23 permit 173.189.251.192 0.0.0.63
    access-list 23 permit 107.0.197.0 0.0.0.63
    access-list 23 permit 173.163.157.32 0.0.0.15
    access-list 23 permit 72.55.33.0 0.0.0.255
    access-list 23 permit 172.19.5.0 0.0.0.63
    access-list 100 remark "Outgoing Traffic"
    access-list 100 deny   ip 67.128.87.156 0.0.0.3 any
    access-list 100 deny   ip host 255.255.255.255 any
    access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
    access-list 100 permit tcp host 172.19.3.190 any eq smtp
    access-list 100 permit tcp host 172.19.3.137 any eq smtp
    access-list 100 permit tcp any host 66.251.35.131 eq smtp
    access-list 100 permit tcp any host 173.201.193.101 eq smtp
    access-list 100 permit ip any any
    access-list 100 permit tcp any any eq ftp
    access-list 101 remark "Interesting VPN Traffic"
    access-list 101 permit ip 172.19.3.128 0.0.0.127 172.19.3.0 0.0.0.127
    access-list 101 permit ip 172.20.3.128 0.0.0.127 172.19.3.0 0.0.0.127
    access-list 101 permit ip 172.19.3.128 0.0.0.127 host 172.19.250.10
    access-list 101 permit ip 172.19.3.128 0.0.0.127 host 172.19.250.11
    access-list 101 permit tcp any any eq ftp
    access-list 101 permit tcp any any eq ftp-data
    access-list 102 remark "Inbound Access"
    access-list 102 permit udp any host 152.179.53.18 eq non500-isakmp
    access-list 102 permit udp any host 152.179.53.18 eq isakmp
    access-list 102 permit esp any host 152.179.53.18
    access-list 102 permit ahp any host 152.179.53.18
    access-list 102 permit udp any host 209.000.000.102 eq non500-isakmp
    access-list 102 permit udp any host 209.000.000.102 eq isakmp
    access-list 102 permit esp any host 209.000.000.102
    access-list 102 permit ahp any host 209.000.000.102
    access-list 102 permit udp any host PUB IP eq non500-isakmp
    access-list 102 permit udp any host PUB IP eq isakmp
    access-list 102 permit esp any host PUB IP
    access-list 102 permit ahp any host PUB IP
    access-list 102 permit ip 72.55.33.0 0.0.0.255 any
    access-list 102 permit ip 107.0.197.0 0.0.0.63 any
    access-list 102 deny   ip 172.19.3.128 0.0.0.127 any
    access-list 102 permit icmp any any echo-reply
    access-list 102 permit icmp any any time-exceeded
    access-list 102 permit icmp any any unreachable
    access-list 102 permit icmp any any
    access-list 102 deny   ip any any log
    access-list 102 permit tcp any host 172.19.3.140 eq ftp
    access-list 102 permit tcp any host 172.19.3.140 eq ftp-data established
    access-list 102 permit udp any host SITE B Public IP  eq non500-isakmp
    access-list 102 permit udp any host SITE B Public IP  eq isakmp
    access-list 102 permit esp any host SITE B Public IP
    access-list 102 permit ahp any host SITE B Public IP
    access-list    102  permit tcp any host public ip eq 8443
    access-list 110 remark "Outbound NAT Rule"
    access-list 110 remark "Deny VPN Traffic NAT"
    access-list 110 deny   ip 172.19.3.128 0.0.0.127 172.19.3.0 0.0.0.127
    access-list 110 deny   ip 172.19.3.128 0.0.0.127 172.19.10.0 0.0.0.255
    access-list 110 deny   ip 172.19.10.0 0.0.0.255 172.19.3.128 0.0.0.127
    access-list 110 deny   ip 172.20.3.128 0.0.0.127 172.19.3.0 0.0.0.127
    access-list 110 deny   ip 172.19.3.128 0.0.0.127 172.20.3.128 0.0.0.127
    access-list 110 deny   ip 172.19.3.128 0.0.0.127 host 172.19.250.11
    access-list 110 deny   ip 172.19.3.128 0.0.0.127 host 172.19.250.10
    access-list 110 permit ip 172.19.3.128 0.0.0.127 any
    access-list 110 permit ip 172.19.10.0 0.0.0.255 any
    access-list 198 remark "Networks for IISVPN Client"
    access-list 198 permit ip 172.19.3.0 0.0.0.127 172.20.3.128 0.0.0.127
    access-list 198 permit ip 172.19.3.128 0.0.0.127 172.20.3.128 0.0.0.127
    access-list 199 permit tcp any any eq 3389
    route-map PAETEC permit 10
    match ip address 110
    match interface Serial0/2/0
    route-map COMCAST permit 10
    match ip address 110
    match interface FastEthernet0/1
    route-map VERIZON permit 10
    match ip address 110
    match interface Serial0/1/0.1
    snmp-server community 123 RO
    radius-server host 172.19.3.7 auth-port 1645 acct-port 1646 key 7 000000000000000
    control-plane
    line con 0
    line aux 0
    line vty 0 4
    access-class 23 in
    privilege level 15
    transport input telnet ssh
    line vty 5 15
    access-class 23 in
    privilege level 15
    transport input telnet ssh
    scheduler allocate 20000 1000
    ntp server 128.118.25.3
    ntp server 217.150.242.8
    end

    If you are planning to use the fa0/1 interface IP itself then the configuration would be:
    ip nat inside source static tcp 172.19.3.133 8443 interface fa0/1 8443 extendable
    Assuming that you would like to port forward TCP/8443.
    Then the ACL should be written:
    ip access-list extended 102
      2 permit tcp any host eq 8443

  • Help setting up static ip for minecraft server with TC and PC

    Hey guys,
    I have a dell xps laptop and a son that is hooked on minecraft. I have promised him that I would let him set up a server so he and his buddies can play together. I would really appreciate some assistance on doing this on my time capsual. I have been searching for the solution but could only find references to doing this with a Mac, not a PC.
    Could anyone point in the right direction? I afraid I am in a little over my head. Thanks in advance!!
    Zippy

    >Does that mean that the range on the IPV4 local network page should  be modified to exclude the IP address that I want to use for the static  IP....
    e.g. change the range from 1-255 to 1-200 and then use an  IP of XXX.XXX.X.201 for instance
    That's right.
    You want to reserve static IP addresses in a range that does not overlap with the range that is allocated for generic DHCP clients. For example, you can define the DHCP pool to be 50~149, and reserved IP addresses to be 2~49 (for servers).

  • Command to see host and static nat for the same object together

    I have researched this but cannot find an answer.  ASA running version 8.5.
    When you create the config using object NAT you enter the commands as follows
    object network <object name>
       host x.x.x.x
       nat (inside,outside) static y.y.y.y
    When the config is displayed it separates the host and nat commands in two different sections of the config as follows
    object network <object name>
       host x.x.x.x
    object network <object name>
       nat (inside,outside) static y.y.y.y
    Is there a command that will display it all together (like it was typed in)?  Show NAT is something like what I am after but without all of the extra info such as translate_hits, untranslate_hits etc. I need this information but cleaning up the output of a show nat is going to be tough.
    Any suggestions?  
    Thanks.

    Sorry, show nat detail is what I meant in the original post in place of show nat.   Show nat detail still has all of the extra info I was trying to avoid.  Guess I will be editing a text file.
    Thanks for the reply.

  • How to configure Multiple static NATs

    Hi,
    I am trying to configure a Cisco 871 router.
    I have 3 servers on my network that need static public IPs but also still need to communicate on the local network.
    I have given my WAN interface the first IP in the block and set up PAT for the rest of the computers on the network which is working fine. Next I set up static NAT rules for the servers translating 3 of the remaining public IPs to the internal addresses of the servers.
    I can access those servers internally using the public IPs but not from outside the network. A tracroute from outside the network gets dropped when it gets to my ISP.
    I've never configured more than one static ip for a network before and i know i've just missed a step here. Do I also need to set up static routes? Will that update the next hop's routing table?
    Thanks in advance for any help.

    You can execute multiple apply processes ( parallel parameter ). It is pretty much scalable.
    There is one thing why 2 propagate processes can be helpfull: I consulted one client with different reqs for replication delivery for different tables. In this case you can create 2 propagate processes in different schemas (with different db links).
    For maitainence point of view one propagation and one apply is better
    Regards,
    SergeR

  • H323 static Nat doesn't work fine on 3900 series router with IOS 15.2(3) T

    Hi,
    I have a problem with static nat setting on my 3925 router with IOS15.2(3). The scenario is like this:
    I set a static nat between 172.16.1.2 and x.x.x.x(public IP address) using following command:
    ip nat inside source static 172.16.1.2 x.x.x.x
    The intranet IP address is set on a video conference system from Huawei, after setting all these things, ping works fine to this public IP address, but video conference cannot be built. I tried same setting using another 2811 router with IOS12.4 and it worked fine. Which means the problem should be isolated to this 3925 router. Full config is also attached, sorry that I elimated the public IP address and use other characters instead.
    Additionally, I debugged ip natting and I see following information when making video calls:
    router#debug ip nat h323
    IP NAT H323 debugging is on
    router#                
    *Jul 10 09:11:07.343: NAT[0]: H323: received pak, payload_len=0
    *Jul 10 09:11:07.343: [NAT[0]: H323 ACK packet ? FALSE
    *Jul 10 09:16:15.731: NAT[1]: H323: received pak, payload_len=0
    *Jul 10 09:16:15.731: [NAT[1]: H323 ACK packet ? FALSE
    *Jul 10 09:16:57.215: NAT[1]: H323: received pak, payload_len=0
    *Jul 10 09:16:57.215: [NAT[1]: H323 ACK packet ? FALSE
    *Jul 10 09:17:02.731: NAT[1]: H323: received pak, payload_len=0
    *Jul 10 09:17:02.731: [NAT[1]: H323 ACK packet ? FALSE
    *Jul 10 09:17:14.731: NAT[1]: H323: received pak, payload_len=0
    *Jul 10 09:17:14.731: [NAT[1]: H323 ACK packet ? FALSE
    This problem has been bothering me for weeks. Hope that someone could help me out. Many thanks in advance.
    Regards,
    Angran

    Hi,
    i have the same requirement for a customer, not for video but for audio calls, i have a remote office with h.323 phones and they need to get registered to a gk in central office to send and recieve voice calls, did you make it work? can you share the config please?

  • Static NAT - SA540

    Regarding the SA540, Can you can set a statically NAT’d private IP to go outbound on the same Public IP instead of the general one.  Specifically, 184.183.11.224 routes to 192.168.1.5 and 184.183.11.225 routes to 192.168.1.4.  Currently, 192.168.1.5 goes outbound as 184.183.11.224 and 192.168.1.4 goes outbound as 184.183.11.225.  My concern is that the SA-540 isn’t capable of making the latter happen and all outbound communication from 192.168.1.4 and 192.168.1.5 will gout as the Public IP of the router itself (184.183.11.223).
    Can anyone answer this for me?

    Today we have the same problem,basically we have two public addresses one for internal network another one for mail server.the problem was that we could not inbound from ip address of mail server to alias ip address(not address from main wan interface)
    mail server internal ip-------SA540(ip alias address)------internet
    network------sa540(main wan interface address)---internet
    The solution was to reset to factory defaults and doing the firewall rules for mail server first,i guess somehow SA540 remember old settings(no clear xslate) mostly because of iptables rules or....

  • Guide or instruction about build and config NAT for network.

    Hey everybody. I’m having learn CCNA CISCO, I have a problem when I build a network, a network required that: Construct and build a topo network have 4 Router, 6 Switch, 8 PC, auto set and config IP address for communication between equipment in your topo network. Give some suggest : 3->4 IP front, 1 range 4 IP route, 2 range 8 IP route, 1 range 16 IP route. Les’t raise, give method and config NAT for it network with: Static NAT, Dynamic NAT, PAT and NAT co-ordinate.
    Please give some guide or instruction me about that lab, Thank very much

    Hey all here is a topo (model) network I do by myself and I have cofig NAT for it. Please see, check, fix error or guide me to fix error if it have error. Thank very much.
    As a subject I have propose use a IP range is 200.200.5.1/27
    b/Static NAT for IP PC8 192.16.6.1 to become IP 200.200.5.1 with a Network outside.
    Router3(config)#ip nat inside source static 192.168.1.2 200.200.5.1
    Router3(config)#interface fa 1/0
    Router3(config-if)#ip nat inside
    Router3(config-if)#interface s 0/0
    Router3(config-if)#ip nat outside
    a/ Accept PC in LAN 192.168.5.1/24 go out internet, this IP will be nat by IP range 200.200.5.1-> 200.200.5.6 (IP 200.200.5.1 have use for Static NAT but we can reuse).
    Router3(config)#access-list 1 permit 192.168.5.0 0.0.0.255
    Router3(config)#ip nat pool natdong 200.200.5.1 200.200.5.6 netmask 255.255.255.248
    Router3(config)#ip nat inside source list 1 pool natdong
    Router3(config)#interface fa 0/0
    Router3(config-if)#ip nat inside
    Router3(config-if)#interface s 0/0
    Router3(config-if)#ip nat outside
    c/ Accept PC in 2 LAN 192.168.1.0/24 and 192.168.2.0/24 go out internet, this IP range will be NAT by IP range 200.200.5.33-> 200.200.5.48 (16 Ip address)
    Router3(config)#access-list 1 permit 192.168.1.0 0.0.0.255
    Router3(config)#access-list 1 permit 192.168.2.0 0.0.0.255
    Router3(config)#ip nat pool natpat 200.200.5.33 200.200.5.48 netmask 255.255.255.224
    Router3(config)#ip nat inside source list 1 interface serial 0/0 overload
    Router3(config)#ip nat inside source list 1 pool natpat overload
    Router3(config)#interface fa 0/0
    Router3(config-if)#ip nat inside
    Router3(config)#interface fa 1/0
    Router3(config-if)#ip nat inside
    Router3(config-if)#interface s 0/0
    Router3(config-if)#ip nat outside
    [b]Note: My ability of English is not good so please sympathize for spelling mistake[/b]

Maybe you are looking for

  • HP Pocket Playlist mobile application for windows 8 devices

    Hi, does someone know why there is not HP Pocket Playlist mobile application for Windows 8 phones? or when the application will be available in the app store? Any information is very welcome. Regards, Fer

  • Freight Line Item in MIRO

    Dear All, I have done the GR for 2 times, against the same PO which includes Freight Charges also. When i try to post the invoice thro' MIRO, I am getting 3 line items. 2 for the Materials & only 1 line item for the Freight charges which includes cha

  • How can I turn this line and its intersection into a separate object?

    My initial object is #1, then I draw a line on #2. How can I turn the highlighted area into a separate object? (I cheated and filled this area with Photoshop, but I'd like to know how to turn this red area into a separate object so that I can fill it

  • Error when install sap license with 'saplicense -install'

    Dear experts, Error when install sap license with 'saplicense -install': SAPLICENSE (Release 640) ERROR ***     ERROR:   Can not set DbSl trace function     DETAILS: DbSlControl(DBSL_CMD_IMP_FUNS_SET) failed with return code 20     RC-INFO: error loa

  • Correct rom for Geforce 7800 GTX for Mac G5?

    I just got my hands on a Nvidia Geforce 7800 GTX 512 and would like to flash it to work on my Quad G5. I know it is floaing around out there somewhere in our Ether-Space. Would some kind soul please share? Thanks