Solved: Hi anthonyTEC ,

Anthony Willison · ‎06-21-2015

Hi everyone,

I'm having some trouble configuring a Cisco 860 series as a WAN router for a satellite office. I have the device here ready to be installed, though in testing I'm not able to get WAN connectivity in my test environment from the LAN ports.

Basically, LAN clients (192.168.1.1/24) on FE0,1,2,3 & GE0 need to be able to access the internet via WAN port GE1 (Statically assigned address of 10.0.0.11/24 with a G/W of 10.0.0.1).

For testing purposes, clients have statically assigned addresses within the 192.168.1.1/24 range and their gateway set to 192.168.1.1 (the 860 series). I am aware that FE0,1,2,3 in the attached config are disabled, at the moment I am connected to GE0.

I can ping from the WAN port to 8.8.8.8 (Good), but not able to ping from any LAN clients to 8.8.8.8 (Bad).

I've attached a copy of the config file with sensitive information removed, any help would be appreciated.

Cheers,
Anthony

MD KAFINUZZAMAN · ‎06-21-2015

Hi anthonyTEC ,

ip nat inside source list nat-list interface GigabitEthernet1 overload

Where is nat-list ?????

Thanks

Kafi

View solution in original post

Tom Watts · ‎06-21-2015

interface GigabitEthernet1
 description PrimaryWAN
 ip address 10.0.0.11 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
 duplex auto

interface GigabitEthernet0
 no ip address

ip nat inside should be used on gigeth0.

Basic template or rules for client to connect would be the following-

1. enable

2. configure terminal

3. ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length}

4. access-list access-list-number permit source [source-wildcard]

5. ip nat inside source list access-list-number pool name overload

6. interface type number

7. ip address ip-address mask

8. ip nat inside

9. exit

10. interface type number

11. ip address ip-address mask

12. ip nat outside

13. end

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Anthony Willison · ‎06-21-2015

Hi Tom,

Sorry I don't understand why I would put "ip nat inside" on the physical port when I've already assigned it to the VLAN? My understanding is due to being a L2 router I need to configure the VLAN and not the ports.

I can ping the 192.168.1.1 from clients and access the http secure-server on the address which to me means that I've at least got that part right.

Cheers,
Anthony

Tom Watts · ‎06-21-2015

There's still nothing configured on your gig e port. I don't believe the router is assuming the vlan. Try to set as access port in VLAN 1.

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Anthony Willison · ‎06-21-2015

There's still nothing configured on your gig e port. I don't believe the router is assuming the vlan.

show vlan-switch reports:

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0, Fa1, Fa2, Fa3, Gi0

So definitely a member of VLAN1.

Cheers,
Anthony

MD KAFINUZZAMAN · ‎06-21-2015

Hi anthonyTEC ,

ip nat inside source list nat-list interface GigabitEthernet1 overload

Where is nat-list ?????

Thanks

Kafi

Anthony Willison · ‎06-21-2015

Uh, god damn it... changed rule to:

ip nat inside source list 1 interface GigabitEthernet1 overload

and created an ACL...

access-list 1 permit 192.1681.0 0.0.0.255

and now I'm getting:

Reply from 8.8.8.8: bytes=32 time=23ms TTL=56

Thanks for your help, I'll go find myself a hole now!

Cheers,
Anthony

860 Series Issues