Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- BT Business Community
- Archive
- Cisco 857 and multiple IP addresses
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Cisco 857 and multiple IP addresses
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Highlight
- Report Inappropriate Content
Hello all,
At one of our remote offices we have a BT business broadband product, which at the moment is working ok... apart from all traffic from the office comes across a dynamic IP address - we want to use one of the static IP addresses.
The info provided by BT is as follows (obscured, apart from last octet):
Network: 1.2.3.152
Router: 1.2.3.158
Subnet: 255.255.255.248
Giving us usable IP addresses: 1.2.3.153 - 1.2.3.157
At this office we have 2 servers, "server1" on 1.2.3.154 and "server2" on 1.2.3.155 - these are working fine right now and the IP addresses shouldn't be changed.
The configuration from the router is below, if anyone could advise on changes to get all other traffic to/from the office (including the VPN) routed across one of the other addresses rather than a dynamic address that would be great. Internal IP addresses in the office are 192.168.30.*, router IP is 192.168.30.1
Config:
Current configuration : 5862 bytes
!
! No configuration change since last restart
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router-2
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 ******************
enable password ******************
!
no aaa new-model
!
resource policy
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.30.1 192.168.30.29
!
ip dhcp pool LANDHCP
import all
network 192.168.30.0 255.255.255.0
default-router 192.168.30.1
dns-server 8.8.8.8 8.8.4.4
lease 0 2
!
ip dhcp pool server1
host 1.2.3.154 255.255.255.248
hardware-address 001f.c6e2.63e8 ieee802
dns-server 8.8.8.8 8.8.4.4
default-router 1.2.3.153
!
ip dhcp pool server2
host 1.2.3.155 255.255.255.248
hardware-address 0090.e816.41b0 ieee802
dns-server 8.8.8.8 8.8.4.4
default-router 1.2.3.153
!
!
ip cef
!
crypto pki trustpoint TP-self-signed-2892020221
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2892020221
revocation-check none
rsakeypair TP-self-signed-2892020221
!
!
crypto pki certificate chain TP-self-signed-2892020221
certificate self-signed 01
[certinfo]
quit
username admin privilege 15 secret 5 *******************
archive
log config
hidekeys
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
crypto isakmp key ************ address *.*.*.5
!
!
crypto ipsec transform-set sonicwall esp-3des esp-md5-hmac
!
crypto map sonicwallmap 10 ipsec-isakmp
description VPN tunnel 1
set peer *.*.*.5
set security-association lifetime seconds 86400
set transform-set sonicwall
match address 120
!
!
!
interface ATM0
description $ES_WAN$
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description LAN VLAN
ip address 1.2.3.153 255.255.255.248 secondary
ip address 192.168.30.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Dialer1
description Internet connection dialer
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer idle-timeout 0 either
dialer persistent delay initial 5
dialer-group 1
no cdp enable
ppp authentication pap chap callin
ppp chap hostname *******@****.btclick.com
ppp chap password 0 *************
ppp ipcp dns request
crypto map sonicwallmap
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
no ip nat service sip udp port 5060
ip nat inside source route-map SDM_RMAP_2 interface Dialer1 overload
ip nat inside source route-map blocknat interface Vlan1 overload
!
ip access-list extended Internet-inbound-ACL
permit udp host *.*.*.5 any eq isakmp
permit esp host *.*.*.5 any
!
access-list 100 remark SDM_ACL Category=16
access-list 100 deny ip 192.168.30.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 100 permit ip 192.168.30.0 0.0.0.255 any
access-list 101 remark CCP_ACL Category=2
access-list 101 remark SDM_ACL Category=16
access-list 101 deny ip 192.168.30.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 101 permit ip 192.168.30.0 0.0.0.255 any
access-list 120 permit ip 192.168.30.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 135 deny ip 192.168.30.0 0.0.0.255 192.168.0.0 0.0.0.255
access-list 135 permit ip 192.168.30.0 0.0.0.255 any
access-list 140 permit tcp any eq www any
dialer-list 1 protocol ip permit
no cdp run
route-map blocknat permit 10
match ip address 135
!
route-map SDM_RMAP_1 permit 1
match ip address 100
!
route-map SDM_RMAP_2 permit 1
match ip address 101
!
!
control-plane
!
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
password *************
login local
transport input telnet ssh
!
scheduler max-task-time 5000
ntp server 193.62.22.74
end
0
Kudos
0 REPLIES 0
