Question:
I am
in the process of WS-C3750V2-24PS-S trying to create a DMZ using two routers and a switch and
would like some assistance regarding NAT'ing the external IP to an Internal
one. All internal devices can communicate
with each other. We are using a router
to act as a DMZ. This router directly
connects to a switch on our LAN which is directly connected to its router. There is no physical connection between the
DMZ router and the Internal router.
Currently, the main issue is that the
external IP is not recognised from an external location i.e. from Home i cannot
navigate to our external IP address through IE however, i can ping the IP
successfully from an external location.
The below config is our DMZ router.
Is there another command that i am
missing? Our DNS records are still being
generated but accessing via IP should still be working, right?
Your help is appreciated
Regards,
!
!
!
interface Ethernet0/0 ## External IP
##
ip address 10.10.10 .10
255.255.255.252
ip nat outside
ip virtual-reassembly
half-duplex
!
interface FastEthernet0/0 ##
Internal IP ##
ip address 192.168.20.200 255.255.255.0
ip nat inside
ip virtual-reassembly
speed auto
!
interface FastEthernet0/0.1 ##
Sub-Int created to talk to 11.0.0 .0 nw ##
encapsulation dot1Q 11
ip address 11.0.0 .1
255.255.255.0
ip nat inside
ip virtual-reassembly
no snmp trap link-status
!
interface FastEthernet0/0.2 ##
Sub-Int created for Isolation VLAN
##
encapsulation dot1Q 10
ip address 192.168.1.254 255.255.255.0
no snmp trap link-status
!
interface Serial1/0
no ip address
shutdown
no fair-queue
!
ip route 0.0.0 .0
0.0.0.0 10.10.10.1
ip route 11.0.0 .0
255.255.255.0 192.168.20.254
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface
Ethernet0/0 overload
ip nat inside source list Allelse interface
Ethernet0/0 overload (i am unable to
remove this rule. get a 'dynamic mapping
error')
!
!
access-list 1 permit 11.0.0 .0
0.0.0.255
access-list 1 permit 192.168.20.0 0.0.0 .255
access-list 1 remark ## Control NAT Service ##
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
exec-timeout 5 0
privilege level 15
logging synchronous
login local
transport input telnet
transport output telnet
!
end
Answer:
You need to configure static NAT if you
would like to have access from internet to internal servers
I assume the IP you have put on the outside
interface E0/0 is not the actual IP. You need to have public IP on your
External WS-C3750V2-48PS-S Price interface
没有评论:
发表评论