Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9641
Views
0
Helpful
1
Replies

Basic configuration for Cisco ISR 4331

paudet1400
Level 1
Level 1

‎08-21-2015 06:46 AM - edited ‎03-05-2019 02:07 AM

I am an Cisco CCNA but has not work routers in a long time.

I need to get 2 basic setups done

1 - Configure 2 ports (1 wan DHCP, 1 Lan 192.168.11.1 255.255.255.0) and make Lan acces Wan

2 - Setup VPN server service on this device for Device to Device Networking.

 

So far I have...

interfaces GigabitEthernet 0/0/0

 Ip Address DHCP

 Autonego

Interfaces GigabitEthernet 0/0/1

 Ip Address 192.168.11.1 255.255.255.0

 Autonego

ip route classless

ip route 192.168.11.0 GigabitEthernet 0/0/0

 

I though this was enough but this does not work.

Can some one help?

Labels:
0 Helpful
1 Reply 1

Anthony Brandelli
Level 1
Level 1

‎08-21-2015 05:37 PM

If I have some more time later I can go into VPN config. 

For the first half of this...

You're missing three obvious things:

  1. NAT/PAT configuration (ip nat inside, ip nat outside, define an access list to match your internal address space, then ip nat source list <ACL> interface <outside if> overload. 
  2. A default route to the internet. ip route 0.0.0.0 0.0.0.0 dhcp, take the default gateway from DHCP on the outside interface. 
  3. Firewall config, there are too many options here for me to go into. For simple config you probably just want to research CBAC (http://www.cisco.com/c/en/us/td/docs/ios/sec_data_plane/configuration/guide/12_4/sec_data_plane_12_4_book/sec_cfg_content_ac.html) or if you are willing to spend some time (the "current" way would be zone based firewall. (http://www.cisco.com/c/en/us/support/docs/security/ios-firewall/98628-zone-design-guide.html)

I would recommend reorienting yourself with IOS before diving into production environments, get a cheap router and play with it at home because VPN and ZBF config can get complicated. 

Cisco Configuration Professional may also help you initially, it's a GUI based config tool. It can make config messy, so I wouldn't recommend it in the long run. 

Beyond the above that IP route to 192.168.11.0 doesn't make sense, so I would remove it. Keep in mind that routers add connected routes to their routing table. 

Hope this gives you a starting point to work off of. 

0 Helpful
Customers Also Viewed These Support Documents