SOHO 97 + NAT + ADSL Telecom

[stag]

Ciao,
ho un problema a configurare un router Cisco soho 97 per connettere alcuni pc in lan ad internet. Il provider e' Telecom.

Il problema e' che con il contratto attuale per accedere ad internet bisogna configurare il NAT sul router in modo tale che tutti i pc della lan 10.0.0.x escano come 85.40.xxx."X" - 85.40.xxx."X+5" (dove "X" e' uno dei sei ip pubblici che ci ha dato Telecom), cosa che ho provato a fare ma non ci sono riuscito.





Il router al momento e' configurato cosi' (configurazione fatta via web):


version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Router
!
no logging buffered
enable secret 5 $1$lVm2$QgwXxnjnewZ15ph1rR3qi1
!
username Router password 7 1102100B10
ip subnet-zero
ip name-server 151.99.125.1
ip name-server 151.99.0.100
!
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
no aaa new-model
!
!
!
!
!
!
!
interface Ethernet0
description CRWS Generated text. Please do not delete this:10.0.0.1-255.255.255.0
ip address 10.0.0.1 255.255.255.0 secondary
ip address 10.10.10.1 255.255.255.0
no ip mroute-cache
hold-queue 100 out
!
interface ATM0
no ip address
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address 85.36.xxx.xxx 255.255.255.252
ip access-group 111 in
ip inspect myfw out
pvc 8/35
encapsulation aal5snap
!
!
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.1
ip http server
no ip http secure-server
!
access-list 23 permit 10.0.0.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
access-list 111 deny ip any any
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
transport input all
line vty 0 4
access-class 23 in
exec-timeout 120 0
login local
length 0
!
scheduler max-task-time 5000
!
end




Per quanto ne capisco io a questo punto basterebbe entrare in telnet e abilitare il nat, ho provato qualcosina ma senza ottenere risultati.




Grazie e chiunque mi sappia/voglia rispondere.

[Roby]

Dando una sbirciata veloce ti manca:

ip nat pool internet 85.40.xxx.X 85.40.xxx."X+5" netmask 255.255.255.248
ip nat inside source list 23 pool internet overload
interface Ethernet0
ip nat inside
interface ATM0.1 point-to-point
ip nat outside

(da verificare la netmask)

ciao
Roby

[stag]

FUNZIONA, GRAZIE 1000!!!