| Author |
need help with cisco router configuration
|
|
| DVirchand 2001-12-15, 11:34 am |
| hi
i need help with my cisco 803 series rout
I got a small network with
1) Windows 2000 DC/AD and Internal DNS Server. 192.168.1.1
2) Webserver 192.168.1.2
3) Exchange Server 192.168.1.3
4) Proxy Server with two NICs. First one is connected to the internal LAN with IP address 192.168.1.254 and Second one is connected to Cisco Router Enternet Port.
PROBLEM 1
What IP should I use on this Interfaces Cisco Ether and Proxy Second Adapter - Public or Private?
What IP address i can use on Cisco 803 BRi interface - Bublic or Private?
I want internet user to access my webserver and exchange server.
PROBLEM_2
If i remore my proxy server and connect cisco router directly to a hub and set up public ip address on bri interface and setup NAT- can this setting work for my network.
Can u tell me how i can setup NAT on Cisco router and do some special pot maping for my web and exchange servers
Thanks for you help.
Dipesh | |
| prabhurraj 2001-12-20, 9:50 am |
| Dear friend,
You were referring to two scenarios. The first scenario
has some features
(i) It provides extra security layout for you, since you are physically segmenting the network with dual-homed host.
Let us come to the drawback
(i) Performance impact caused by the dual-home host interms of
packet forwarding.
(ii) Extra hop at your internal network itself as your public services will have to routed across the dual-homed host.
(iii) Availability considerations of the dual-homed host.
(iv) Managibility aspects of the configuration.
So i suggest the second scenario will be the idle one.
Let us come to the product features of Cisco 803 ROUTER relating to the aspect of NAT & Security services. In order to use the NAT features you will require IOS IP PLUS Feature pack.
Security Service Framework - Cisco 803 Router supports perimeter security that controls the incoming and outgoind traffic such as Intranet/Extranet applications. These security perimeter features include
(a) ACL (Access Control Lists) both standard & extended
(b) Router authentication using AAA standards & Protocols
(c) Network Address Translation
Configuration guidelines
(i) First configure NAT to enable your inside users to access internet with a single global ip address.
(ii) Enable dynamic NAT functionality to allow outside users to access your internal network with requried port information.
Static will be for the inside hosts to access outside networks
Dynamic will be for the outside hosts to access internal hosts for web, mail services.
Iam attaching a file that you can assist in the configuration. | |
| DVirchand 2001-12-20, 2:48 pm |
| Thanks you for all your help | |
| chodan 2001-12-30, 9:58 am |
| How many Public addresses has your ISP allocated for you?
Also I think prabhurraj should have said that the Static NAT mapping are for "outside"
users so they can access internal recourses such as exchange and web.
Dynamics are for internal users to access the external public networks.
And although your multihomed would add an extra hop the proxy service on it will increase performance dramatically for frequently visited sites as well as lightening the load on your already limited bandwidth.
Do you have Cable modem or DSL available in your area?
Both would provide much better performance than a BRI. |
|
|
|