Home | Troubleshooting |  Quick Setup  |  Cisco How to  |  Wireless  |  Forums   | Site Map | Services  | About Us | Chicagotech MVP  | Search                          

 

 

Routing - How to

How to add a static entry to the PAT table on the Cisco 600
How to configure the Automatic Metric feature manually
How to configure default gateway in Windows 2008 and Vista with two gateways
How to Configure Windows 2000 to Be a Router
How to display the routing table
How to disable ip routing/forwarding on a W2K Pro?
How to enable ip routing/forwarding on Win2k
How to open Cisco PIX 515 firewall ports for inside VPN accessing outside VPN server
How to setup a W2K server as a router connecting to two different networks

Open port range RRAS SBS 3003
Route Redundancy

How to add a static entry to the PAT table on the Cisco 600

The full syntax for set NAT entry, specifying source and destination addresses, port, and protocol: set nat entry add {inside address} {port} {outside PAT address} {port} {ip protocol}.

For IP protocols TCP, UDP, and ICMP, the keywords tcp, udp, and icmp are defined for the IP protocol tag. For example, the TCP port of 25 is specified as both the inside and outside port: set nat entry add 10.0.0.50 25 103.1.1.1 25 tcp.

For an IP protocol other than TCP, UDP, or ICMP, use the protocol number and set the port values to 0. For example, the Generic Routing Encapsulation (GRE) IP protocol (protocol number 47) is added to the table: set nat entry add 10.0.0.50 0 103.1.1.1  0 47.

You can use a wildcard method in which only the inside IP address, port, and IP protocol are defined. Using this method, the default outside IP address is assumed as the outside NAT address. Also, the outside port and IP protocol are the same as the inside port and IP protocol defined.

This method is especially useful when the default outside IP address changes due to a user running PPPoA and obtaining a new address from the service provider. For example, set nat entry add 10.0.0.2 25 200.1.1.1 25 tcp can be set nat entry add 10.0.0.2 25 tcp

In Cisco Broadband Operating System (CBOS) versions 2.4(1) and later, you can use port ranges. The ports do not have to be the same, but the range of ports must be consistent. For example,

set nat entry add {inside address} {port range} {outside NAT address} {port range} {protocol}

set nat entry add 10.0.0.2 10-20 200.1.1.1 30-40 tcp

To remove an entry, issue the set nat entry delete command. The following options are available:

set nat entry delete all

set nat entry delete {inside address} match entries with same inside address

set nat entry delete {outside address} match entries with same outside address

set nat entry delete {inside address} {port} {protocol} match inside address, port, and protocol

set nat entry delete {inside address} {port} {outside address} {port} {protocol} match entire entry

Telnet

To allow Telnetting to a device behind the Cisco 600, add one of the following commands: set nat entry add {internal device address} 23 {outside NAT address} 23 tcp or set nat entry add {internal device address} 23 tcp.

PPTP

Point-to-Point Tunneling Protocol ( PPTP) uses TCP Port 1723 and IP Protocol 47 GRE.

Issue the set nat entry add command using the following syntax:

set nat entry add {internal device address} 0 {outside NAT address} 0 47
set nat entry add {internal device address} 1723 {outside NAT address} 1723 tcp

L2TP/L2F

L2TP and L2F both use UDP port 1701.

To allow an L2TP or L2F session through PAT, use the set nat entry add command with the following values:

set nat entry add {internal device address} 1701 {outside NAT address} 1701 udp

IPsec

There are many implementations of IP Security (IPsec) but not all of them can be used with PAT on the Cisco 600.

The following examples have been tested only with Cisco's VPN solution; success with other vendors' solutions is not guaranteed.

Some Cisco VPN clients can embed the IPsec packets into a UDP/TCP port that is specified on the client and server sides. In this scenario, a static PAT entry can be added that matches the ports used. For example, if the VPN client and server are set to embed IPsec packets within UDP packets of port 8000, the following command would be added:

set nat entry add {inside client address} 8000 {outside PAT address} 8000 udp

How to configure the Automatic Metric feature manually

To configure the Automatic Metric on XP feature manually, go to properties of network Connections>Internet Protocol (TCP/IP)>Properties>General>Advanced. To specify a metric, on the IP Settings tab, click to clear the Automatic metric check box, and then enter the metric that you want in the Interface Metric field.

How to Configure Windows server to Be a Router

RRAS is installed under w2k server by default, but not activated. To setup Windows 2000 as a router for a LAN, you need to two network adapters.

To setup Windows 2000/2003 as a router for a LAN, you need to two network adapters. To enable LAN routing. go to Administrative Tools>Routing and Remote Access>Action>Configure and Enable Routing and Remote Access, and then complete the wizard. Right-click the server for which you want to enable routing, and then click Properties>General>Router, check Local area network (LAN) routing only, and then click OK.

Still need help, contact consultant          Your feedback and contributions to this web site

How to display the routing table

To display the routing table, 1) use netstat -r command; 2) or route print.

How to disable ip routing/forwarding on a W2K Pro?

To disable IP routing, go to HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters, Set 'IPEnableRouter' to 0.

How to enable ip routing/forwarding on Win2k

Depending on your OS, you may have two options. 1) If you have w2k server,  Install Routing and Remote Access. 2) If you are running w2k/xp pro, set IPEnableRouter=0x01 in the registry HKLM\System\CurrentControlSet\Services\TCPIP\Parameters. Note: the default value is 0.

How to open Cisco PIX 515 firewall ports for inside VPN accessing outside VPN server

Symptom: When attempting to connect to a VPN server on the outside of the PIX it returns error 721, the computer failed to respond.

Resolution: In order to PPTP through a PIX, you must have a one-to-one mapping from the external IP to an internal IP for type 47 GRE packets and port 1723. Add for pptp: conduit permit gre host x.x.x.197 any AND conduit permit tcp host x.x.x.197 eq 1723. For l2tp over ipsec: conduit permit esp host x.x.x.197 any, conduit permit udp host x.x.x.197 eq 1701 any AND conduit permit udp host x.x.x.197 eq 500 any.

How to setup a W2K server as a router connecting to two different networks

Q: I have a W2K server at work with two nic cards hooked to two different networks. I have turned on IP forwarding in the registry but when I try to ping an address on the 2nd network the ping gets routed thru the gateway for the 1st network. How can I fix this? Here is the route table.

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x1000003 ...00 02 55 1a 71 38 ...... Intel 8255x-based Integrated Fast Ethernet
0x3000004 ...00 02 2a f1 3e 6f ...... NDIS 5.0 driver

===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface Metric
0.0.0.0          0.0.0.0    192.175.140.1  130.175.140.102   1
0.0.0.0          0.0.0.0    10.219.217.1  10.219.217.252   1
127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1   1
192.175.140.0    255.255.255.0  192.175.140.102  192.175.140.102   1
192.175.140.102  255.255.255.255        127.0.0.1       127.0.0.1   1
192.175.255.255  255.255.255.255  192.175.140.102  192.175.140.102   1
10.219.217.0    255.255.255.0  10.219.217.252  10.219.217.252   1
10.219.217.252  255.255.255.255        127.0.0.1       127.0.0.1   1
10.219.255.255  255.255.255.255  10.219.217.252  10.219.217.252   1
224.0.0.0        224.0.0.0  192.175.140.102  192.175.140.102   1
224.0.0.0        224.0.0.0  10.219.217.252  10.219.217.252   1
255.255.255.255  255.255.255.255  192.175.140.102  192.175.140.102   1
Default Gateway:     192.175.140.1
===========================================================================
Persistent Routes:
None

A: Assuming you don't have a router connecting to the Internet, you should delete the following line:
Network Destination        Netmask          Gateway       Interface  Metric
 0.0.0.0          0.0.0.0    130.175.140.1  130.175.140.102   1
 0.0.0.0          0.0.0.0    143.219.217.1  143.219.217.252   1
Default Gateway:     130.175.140.1

In other words, you should not have multiple default gateways ( 0.0.0.0 ) in the same network and don't assign gateway IPs on both nics.

 


 

 

Hit Counter   This web is provided "AS IS" with no warranties.
Copyright 2002-2013 ChicagoTech.net, All rights reserved. Unauthorized reproduction forbidden.