Answer the question
In order to leave comments, you need to log in
How to forward a white IP inside the network on Cisco2901?
Good day, dear community.
I'm not a cisco, so I'm asking for help.
We have: Cisco 2901\K9 without any additional modules, two white IPs from the provider (xxxx1/20 and xxxx2/20, gw xxx1), basic router config. The task is to forward the second external IP to the internal. device.
Hardware config (removed the extra so as not to clog):
no service password-encryption
hostname cisco2901
!
no aaa new-model
no ipv6 cef
ip source-route
ip cef
!
ip dhcp excluded-address 192.168.1.1 192.168.1.10
ip dhcp pool LAN
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 192.168.1.1
!
ip domain name cisco2901
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip dhcp-server 192.168.1.1
!
interface GigabitEthernet0/0
description WAN
ip address x.x.x.x1 255.255.240.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description LAN
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
no ip http server
no ip http secure-server
!
ip dns server
ip nat inside source list 101 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 x.x.x.1
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
Answer the question
In order to leave comments, you need to log in
You need to do statick NAT, tobish to score a host that is inside the network with a gray IP address, for example 192.168.1.2, a white IP from an external network. Thus, you will ensure that this host will go to the Internet with the white SP that you specified + will be available from outside at the address that you specified. Inside the network, it will be available under a gray ip (in our case, 192.168.1.2)
If
this is what you want, then the config +- is the following
:
network)
(config)# int fa1/0 (WAN interface)
(config-if)# ip nat outside
(config)# ip nat inside source static ***.***.***. 192.168.1.2 (asterisks are your white ip)
Well, here's how you can add everything at the end of the port number (+ a little bit to security), for example, 80 if it's web.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question