Cisco 837 - how to set up Inside to Inside NAT for DNS resolution?
- From: Jim Willsher <nospam@xxxxxxxxxx>
- Date: Tue, 23 May 2006 19:00:43 +0100
Hi,
Can anybody help? I need to setup "inside to inside NAT" as described
here:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5413/prod_release_note09186a0080457818.html#wp67645
I'm running 12.4 on a Cisco 837, and I know this feature is supported
on my image. But I can't work out how to actually implement it! The
quoted page gives an example but is looks like it's for VPN. I want it
to work such that inside the LAN I can access a hosted website (hosted
inside the LAN) via its external DNS name (www.....).
This should get round the need for local HOSTS entries. The important
quote from the page for me is this:
"The purpose of this feature is to provide customers of the Cisco 830
and SOHO 90 routers, with the ability to allow the use of a single DNS
name / DNS server external to the LAN to provide name resolution for
internal servers to internal clients even if NAT is applied and the
NAT global address is the known address from a DNS perspective. "
I'm using my ISP's DNS.
Can anyone suggest what changes I need to make to my config (below)?
Many thanks!
Jim
==============================
!
! Last configuration change at 15:08:32 UTC Tue May 23 2006
! NVRAM config last updated at 14:44:33 UTC Tue May 23 2006
!
version 12.4
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
memory-size iomem 5
enable secret 5 XXXXX
!
aaa new-model
!
!
aaa authentication ppp default local
aaa authorization network default if-authenticated
!
aaa session-id common
!
resource policy
!
!
!
no ip dhcp use vrf connected
ip dhcp binding cleanup interval 10
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp excluded-address 192.168.1.101 192.168.1.254
!
ip dhcp pool JIMDESKTOP
host 192.168.1.101 255.255.255.0
client-identifier 0100.e018.fe31.ff
default-router 192.168.1.1
dns-server 212.104.130.9 212.104.130.65
lease 0 12
!
ip dhcp pool CLIENT
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 212.104.130.9 212.104.130.65
lease 0 12
!
!
ip cef
ip domain name home.lan
ip ssh version 2
login block-for 120 attempts 3 within 120
login delay 3
login on-failure log
login on-success log
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
!
!
username jim password 7 XXXXX
!
!
!
!
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
hold-queue 100 out
!
interface Ethernet2
no ip address
hold-queue 100 out
!
interface ATM0
description ADSL Broadband Interface
no ip address
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode auto
pvc 0 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
interface Virtual-Template1
ip unnumbered Ethernet0
ip mroute-cache
peer default ip address pool VPN-CLIENT
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2
!
interface Dialer1
ip address 82.152.XXX.XX 255.255.255.XXX
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXXX@xxxxxxxxxxxxxxxxx
ppp chap password 7 XXXXX
ppp pap sent-username XXXXX@xxxxxxxxxxxxxxxxx password 7 XXXXX
ppp ipcp dns request
ppp ipcp wins request
!
ip local pool VPN-CLIENT 192.168.1.251 192.168.1.254
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
no ip http secure-server
!
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static tcp 192.168.1.150 25 interface Dialer1 25
ip nat inside source static tcp 192.168.1.150 110 interface Dialer1
110
ip nat inside source static tcp 192.168.1.150 21 interface Dialer1 21
ip nat inside source static tcp 192.168.1.150 80 interface Dialer1 80
ip nat inside source static tcp 192.168.1.150 443 interface Dialer1
443
!
!
ip access-list standard SNMP-ALLOWED
permit 192.168.1.101
permit 192.168.1.150
deny any
ip access-list standard SSH-ALLOWED
permit 82.XXX.XXX.XXX
permit 192.168.1.0 0.0.0.255
deny any
!
logging trap debugging
logging 192.168.1.150
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
snmp-server community public RW SNMP-ALLOWED
!
!
control-plane
!
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
line vty 0 4
access-class SSH-ALLOWED in
exec-timeout 120 0
password 7 XXXXX
length 0
transport input ssh
!
scheduler max-task-time 5000
sntp server 212.104.129.221
end
.
- Follow-Ups:
- Prev by Date: Re: cisco advice
- Next by Date: Re: 3550 Interface Stats
- Previous by thread: 3550 Interface Stats
- Next by thread: Re: Cisco 837 - how to set up Inside to Inside NAT for DNS resolution?
- Index(es):
Relevant Pages
|
