Page 1 of 2 12 LastLast
Results 1 to 10 of 13

Thread: Cisco 1600 Series Router NAT Config

  1. #1
    Junior Member
    Join Date
    Aug 2003
    Posts
    11

    Cisco 1600 Series Router NAT Config

    Good morning or Afternoon depending on where you are...

    First of all, if this has been a repeat question, then forgive me. I am a system admin of 10+ years, and have had my hands on everything from digital phone systems, to ODBC data connections for client/server software, VoIP, server builds, backup/disaster recovery, ect ect..

    HOWEVER, some of my time on certain technologies has been as a need-to-know basis, usually (as just about all sysads are) just what I need to know in order to make sure something is working so I can move on.

    Here is my issue: while I have inherited CISCO router and PIX configurations that I only had to massage a bit to add or remove accessibility (ports, ip addresses ect), I have NEVER built a configuration from scratch, and this month is my first attempt at doing so. What I am looking for would be good walkthroughs or generic configurations, or simulations that will help me configure this Cisco 1600 series router, to be a connect to the outside world, using NAT to feed information to the nodes inside, with those internal nodes running things like Informix servers, that will have to have proper port forwarding in order to be touched from remote offices.

    Fun catch: I am in California, and the router I will be configuring is over in Washington DC, so all this will be done remotely, and honestly, there really is NO room for error. I DO have this same router here in my office that I can try configurations out on, and verify what I am doing, but when I finally do this, I NEED to be SURE that what I have done is right.

    Thank you all for your time and energy helping me out on this, any links, ideas, questions are appreciated, and welcomed.
    -Java

  2. #2
    I've been working on cisco gear for 6+ years and every project I work on, I feel just as you do, no room for error. But seems like Murphy's Law creeps in everytime. I'm going to point you to cisco's website because it has everyting you are looking for and more. I question your network design and why you would want to use NAT on a 1600 router. You mention PIX and that's the place I would see you using NAT. Not knowing how your network is interconnected leaves me to nothing more than speculation.
    - Boyam


  3. #3
    Junior Member
    Join Date
    Oct 2003
    Posts
    26

    Re: Cisco 1600 Series Router NAT Config

    Originally posted here by Javadog
    Good morning or Afternoon depending on where you are...

    First of all, if this has been a repeat question, then forgive me. I am a system admin of 10+ years, and have had my hands on everything from digital phone systems, to ODBC data connections for client/server software, VoIP, server builds, backup/disaster recovery, ect ect..

    HOWEVER, some of my time on certain technologies has been as a need-to-know basis, usually (as just about all sysads are) just what I need to know in order to make sure something is working so I can move on.

    Here is my issue: while I have inherited CISCO router and PIX configurations that I only had to massage a bit to add or remove accessibility (ports, ip addresses ect), I have NEVER built a configuration from scratch, and this month is my first attempt at doing so. What I am looking for would be good walkthroughs or generic configurations, or simulations that will help me configure this Cisco 1600 series router, to be a connect to the outside world, using NAT to feed information to the nodes inside, with those internal nodes running things like Informix servers, that will have to have proper port forwarding in order to be touched from remote offices.

    Fun catch: I am in California, and the router I will be configuring is over in Washington DC, so all this will be done remotely, and honestly, there really is NO room for error. I DO have this same router here in my office that I can try configurations out on, and verify what I am doing, but when I finally do this, I NEED to be SURE that what I have done is right.

    Thank you all for your time and energy helping me out on this, any links, ideas, questions are appreciated, and welcomed.
    -Java

    you can use the cisco config maker from www.cisco.com. You can use this program to simulate your desired/current network set-up and check wether it's running or not.

  4. #4
    Member
    Join Date
    Jun 2002
    Posts
    44
    Javadog,

    How will you be configuring the router remotely if its a new configuration? What type of internet connection will the 1600 have? what hardware cards are installed into the 1600?
    Os1LaYr5

  5. #5
    Junior Member
    Join Date
    Feb 2003
    Posts
    19
    It's been a few years since i conf'ed cisco's but i do know of a small way to help in case you fear you'll mess up the conf...

    1) start by saving the running config (you know you can reach it remotely)

    2) have ur new conf on a notepad or similar text editor (remember NOT to include a save and reboot at the end of the config)

    3)access the router and (i can't remember the exact comand line but it something like restart or reboot in X sec or minutes) set the timer.. if you for some reason screw up later the router will restart by it self in let's say 15 minutes, and booting up using the conf that assures that you can reach it again.

    4) paste the entire new config into the router NOT writeing it.. u now have 10 min or so to verify that the router is up and running, that u can reach it using the new conf'ed ip addresses etc.

    5) if all is working properly access the router and write to memory!

    This should take care of ur prob..

    And as long as you remember to sat the timer and not write the running config you can mess up as many times as needed to get it right!

    Hope it works out for you!


    CBO


    ----The wheel is still turning but the hamster is dead ----

    Oh yeah just forgot to add, that if you for some reason can't login to the router and write the conf after it has been initiated (perhaps a security issue) then just do he exact above and once you have verified that the conf is up and runnig as it should, add a write running config in the end of your conf.txt wait for the router to reboot and copy/paste the conf as stated above!!! case closed!

    But then again I have never been a fan of conf'ing routers that are unreachable after the implementation of the working config!


    CBO

    ---- The wheel is still turning, but the hamster is dead ----

  6. #6
    Senior Member
    Join Date
    Aug 2003
    Posts
    205
    1) Is it just the 1600 router you need to configure or the PIX as well?
    2) Is this 1600 router in production now?
    3) How do you plan on configuring the router...Will you be dialing in or telnetting in?
    (if dialing in,,,no worry if you screw up...It is like a console session)
    4) If you can give specific requirements i can send you configs that will get you going.
    *I need to know if you want to NAT (statically one to one, dynamically or you dont really care))
    *Also need to know if you would like to PAT certain addresses as well...

    If you can describe your network in detail with respect to the number of IP addresses you want NAT or PAT I can help you out with configs..( you dont have to list actual addresses)
    You can modify later accordingly..


    Cheers...

  7. #7
    Member
    Join Date
    Jun 2002
    Posts
    44
    cbo its reload in x where x is the number of minutes. this command is very useful and has saved me hundreds of times.....you never really know how important this command is until you do that one stupid mistake and are completly locked out of the router.
    Os1LaYr5

  8. #8
    Junior Member
    Join Date
    Aug 2003
    Posts
    11
    I am Terribly Sorry for not being around, my apologies in advance, was out of town (wife running a marathon) and have not been anywhere near a computer in days....

    To give some clarification and some background let me lay out what i will be doing over the next few days and maybe this will help me help you help me (??)................. *smile*

    i have a network that i will be reconfiguring remotely that is a small workgroup that needs outside access to hit databases here where i am (California) from where they are (Washington DC). the network is as follows:

    Covad DSL line coming into thier own hardware router with 4 ethernet ports on the back (router/switch combination). I have a Cisco 1605R that is currently NOT in use, but sitting over there as part of the system ready for me to get setup. the Cisco plugs into a HP Switch that feeds 4 standard X86 based PC's, there is a Livingstion Terminal Server that feeds about 10 Wyse terminals, and there is a SUN Ultra5 that houses a small Informix database that the users update with flat file data.

    My job is going to be as follows:

    1.) flash the firmware on the router to get it up to date (its running firmware that is 5 years old at least, and prob doesnt support NAT at this time)

    2.) reconfigure the Cisco Router with the new ip pool from Covad and configure the proper access to NAT'd internal Nodes (192.168.x.x ect..)

    3.) telnet in and reconfigure the HP Switch, Livingston Terminal Server, and Ultra5 with the new ips

    4.) after i finish the final change, i will be in essence locked out until i call someone at that office, and have them move the cable from the old Qwest router over to the Covad router and then into the system i just re-ip'd and ill be damned if it all comes up on the first try.

    Some of the issues i will face:
    1.) I will have to use the Covad router in order to keep them (Covad) happy, IE, if i dont use it, and there is a problem with the line, they will blame me first and the line second. if i have their equipment in use, then they HAVE to come out in order to close the ticket, and since im 3K miles away, having their techs available will be a must.

    2.) will i be able to have the Covad dsl modem/router there inline and then connect the cisco router to it? yes it seems redundant to me too, but if i HAVE to use the Covad equip, can i not just leave the Covad stuff set WIDE OPEN, and do all my filtering in the Cisco?

    3.) finding and understanding a good NAT discussion (i read some of what was on Cisco's site "NAT for first timers" or somethign, and while it was helpful, there was very little to do with an acutal "walkthough" (am i expecting too much here?)

    Thank you all for your help, i am working on this for the next two days, so i will be paying close attention to any questions and help that anyone has.



    Again, thank you for all your time, and if needed, i can certainly create a .jpg that would be a Visio diagram or any other supporting info that anyone would need.

  9. #9
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    There's a lot of good information about configuring Cisco 1600 routers for different situations on the cisco website. This info is freely available.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  10. #10
    Junior Member
    Join Date
    Aug 2003
    Posts
    11
    Agreed, and I have been digging around Cisco for tutorials, and the couple that are there are very high level, and didnt give as much background as to WHY, just the HOW. Still looking and thank you for replying, would appreciate it if anyone has other suggestions that would be helpful.

    Again, thank you all for your time

    -Javadog

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •