Hi Everyone,

I'm hopeing that someone has come up against this issue before as I think that it would be a common problem.  

I got BT business broadband with 5 static IP addresses to find out that the 2 wire router supplied does not do one-to-one NAT, meaning that each public IP address is mapped to a separate private ip address with numerous days taking to BT support on the phone I found out that the router was the problem as it did not provide the functionality to do this.  So I spoke to someone I know and he suggested that I should get a cisco 837 as this would do everything I want and it nearly does.  

I am currently NATing 2 public IP addresses to separate private IP addresses and everything appeared to be working from the outside, however I have recently noticed there is a major flaw in this configuration as one of the servers is a small business server 2008 and it needs to send email to a third party mail filter and I have only just realised that the IP address that is being presented to the outside world is a DHCP assigned IP address that is assigned to the dialer when the router negotiates it's IP address.  I have spent countless hours trying to configure the router to connect differently and trying to force the router to use the static IP address that was supposidly the IP address of the router however this does not work and it seems that I need to use the  ip address negotiated command instead of manually assigning the IP address to this interface.

Now with this configuration all 5 public IP addresses can be acccessed including the routers IP address and the 5 public ip addresses can also all be NAT' but I need to make the traffic appear to come from a single IP address or even one of my public ip addresses as I it will be totally impossible to have a proper mailserver running if the originating IP address that is presented to everyone on connection is the assigned IP address on the DIALER 0 interface which is going to change and insidentally is not the supposid(IP address of the router).

I have tried asking BT to make the address the dialer gets via [ip address negotiated] static unable to get out of the loop of first line support to ITSM back to telephone support.

On the likes of an asa 5580 you can use the global nat command to ensure all your traffic is coming from the ip address of your choosing. Is there anything you can do on a cisco 837 to do this?

I really am shocked to find a company the size of BT who I know for a fact use a lot of cisco equipment far more advanced than a cisco 837 cannot provide the connection information to configure this router.

I am also annoyed at this because BT also sell cisco 837 router to small businesses as they also sell you 5 public IP addresses which are not properly useable with the supplied 2 wire router.

Anyway enough ranting! If you have any ideas who to contact in BT and what to ask for please help me out I have added the configuration of the router in the hope someone can spot something that would do it.

On a plus point this config will work as long as you don't plan on having a working email server 🙂

TIA

Steve 

Current configuration : 4707 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ******-router
!
boot-start-marker
boot-end-marker
!
enable secret 5 itsasecretpassword
!
aaa new-model
!
!
!
aaa session-id common
!
resource policy
!
ip dhcp excluded-address 10.100.0.254
!
!
ip cef
ip name-server 10.100.0.1
!
!
username admin privilege 15 password 0 ********
!
!
!
!
!
interface Ethernet0
 ip address 10.100.0.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 hold-queue 100 out
!
interface Ethernet2
 no ip address
 shutdown
 hold-queue 100 out
!
interface ATM0
 ip address 81.142.ROU.TER 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no atm ilmi-keepalive
 dsl operating-mode auto
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet1
 duplex auto
 speed auto
!
interface FastEthernet2
 duplex auto
 speed auto
!
interface FastEthernet3
 duplex auto
 speed auto
!
interface FastEthernet4
 duplex auto
 speed auto
!
interface Dialer0
 description $FW_OUTSIDE$
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname B*******@hg**.btclick.com
 ppp chap password 0 *******

 ppp pap sent-username B*****@hg**.btclick.com password 0 *******

 ppp ipcp dns request
 ppp ipcp wins accept
 ppp ipcp mask request
 ppp ipcp route default
 ppp ipcp address accept
!
ip route profile
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
ip http secure-server
!
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 10.100.0.1 25 81.142.aaa.aaa 25 extendable
ip nat inside source static tcp 10.100.0.1 80 81.142.aaa.aaa 80 extendable
ip nat inside source static tcp 10.100.0.1 443 81.142.aaa.aaa 443 extendable
ip nat inside source static tcp 10.100.0.1 987 81.142.aaa.aaa 987 extendable
ip nat inside source static tcp 10.100.0.1 1723 81.142.aaa.aaa 1723 extendable
ip nat inside source static tcp 10.100.0.1 3389 81.142.aaa.aaa 3389 extendable
ip nat inside source static tcp 10.100.0.9 22 81.142.bbb.bbb 22 extendable
ip nat inside source static tcp 10.100.0.9 25 81.142.bbb.bbb 25 extendable
ip nat inside source static tcp 10.100.0.9 80 81.142.bbb.bbb 80 extendable
ip nat inside source static tcp 10.100.0.9 443 81.142.bbb.bbb 443 extendable
!
access-list 1 permit 10.100.0.0 0.0.0.255
snmp-server community public RO
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 exec-timeout 120 0
 password ********
 length 0
!
scheduler max-task-time 5000
end