cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
845
Views
0
Helpful
6
Replies

860 Series Issues

Hi everyone,
 

I'm having some trouble configuring a Cisco 860 series as a WAN router for a satellite office. I have the device here ready to be installed, though in testing I'm not able to get WAN connectivity in my test environment from the LAN ports.

 

Basically, LAN clients (192.168.1.1/24) on FE0,1,2,3 & GE0 need to be able to access the internet via WAN port GE1 (Statically assigned address of 10.0.0.11/24 with a G/W of 10.0.0.1).
 

For testing purposes, clients have statically assigned addresses within the 192.168.1.1/24 range and their gateway set to 192.168.1.1 (the 860 series). I am aware that FE0,1,2,3 in the attached config are disabled, at the moment I am connected to GE0.

 

I can ping from the WAN port to 8.8.8.8 (Good), but not able to ping from any LAN clients to 8.8.8.8 (Bad).

 

I've attached a copy of the config file with sensitive information removed, any help would be appreciated.

 

Cheers,
Anthony  

1 Accepted Solution

Accepted Solutions

MD KAFINUZZAMAN
Level 1
Level 1

Hi anthonyTEC ,

 

ip nat inside source list nat-list interface GigabitEthernet1 overload

 

Where is nat-list ?????

Thanks

Kafi

 

 

 

View solution in original post

6 Replies 6

Tom Watts
VIP Alumni
VIP Alumni
interface GigabitEthernet1
 description PrimaryWAN
 ip address 10.0.0.11 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
 duplex auto
interface GigabitEthernet0
 no ip address

ip nat inside should be used on gigeth0.

Basic template or rules for client to connect would be the following-

 

1.    enable

2.    configure terminal

3.    ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}

4.    access-list access-list-number permit source [source-wildcard]

5.    ip nat inside source list access-list-number pool name overload

6.    interface type number

7.    ip address ip-address mask

8.    ip nat inside

9.    exit

10.    interface type number

11.    ip address ip-address mask

12.    ip nat outside

13.    end

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Hi Tom,
 

Sorry I don't understand why I would put "ip nat inside" on the physical port when I've already assigned it to the VLAN? My understanding is due to being a L2 router I need to configure the VLAN and not the ports.
 

I can ping the 192.168.1.1 from clients and access the http secure-server on the address which to me means that I've at least got that part right.
 

Cheers,
Anthony

There's still nothing configured on your gig e port. I don't believe the router is assuming the vlan. Try to set as access port in VLAN 1. 

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

There's still nothing configured on your gig e port. I don't believe the router is assuming the vlan.


show vlan-switch reports:

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0, Fa1, Fa2, Fa3, Gi0

So definitely a member of VLAN1. 

 

Cheers,
Anthony

MD KAFINUZZAMAN
Level 1
Level 1

Hi anthonyTEC ,

 

ip nat inside source list nat-list interface GigabitEthernet1 overload

 

Where is nat-list ?????

Thanks

Kafi

 

 

 

Uh, god damn it... changed rule to:

ip nat inside source list 1 interface GigabitEthernet1 overload


and created an ACL...

access-list 1 permit 192.1681.0 0.0.0.255


and now I'm getting:

Reply from 8.8.8.8: bytes=32 time=23ms TTL=56

 

Thanks for your help, I'll go find myself a hole now!

Cheers,
Anthony

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: