Please advise if cisco 877 is compatible for Site2Site VPN with Fortigate 600c?
And second question is about my config. As first step I'm trying to setup 877 as NAT and DHCP. FA0 connected to a network with another DHCP router and the Internet connection. Lab network connected to FA2. Lab. should get DHCP from 877 (192.168.144.0/24) and be able to access the Internet. Currently it's able to receive DHCP but can't access internet. Please help to fix it
version 15.1 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname office ! boot-start-marker boot-end-marker ! ! ! no aaa new-model ! memory-size iomem 10 crypto pki token default removal timeout 0 ! ! ip source-route no ip routing ! ! ! ip dhcp excluded-address 192.168.144.254 ! ip dhcp pool office-pool import all network 192.168.144.0 255.255.255.0 default-router 192.168.144.254 dns-server 192.168.144.254 ! ! no ip cef no ipv6 cef ! ! ! controller VDSL 0 ! ! interface Ethernet0 shutdown ! interface ATM0 shutdown ! interface FastEthernet0 switchport access vlan 2 no ip address ! interface FastEthernet1 no ip address shutdown ! interface FastEthernet2 switchport access vlan 3 no ip address ! interface FastEthernet3 no ip address shutdown ! interface Vlan1 ip address dhcp no ip route-cache shutdown ! interface Vlan2 ip address dhcp ! interface Vlan3 ip address 192.168.144.254 255.255.255.0 ip nat inside ip virtual-reassembly in ! ip forward-protocol nd no ip http server no ip http secure-server ! !
I have personally never tried a Ste2Site VPN between the Cisco 877 and a Fortigate device. I am assuming it should work as long as the Fortigate VPN code is RFC compliant and Phase 1/Phase 2 IPsec parameters match.
I have also noticed that for some reason, the "Routing" capability is disabled in your equipment. This will prevent Routing for working normally. Let's start enabling it.
! ip routing ip cef !
Now, you should be able to make NAT work using the following configuration:
! ip access-list standard INSIDE-LOCAL-NET permit 192.168.144.0 0.0.0.255 ! route-map NAT-1 match ip address INSIDE-LOCAL-NET match interface vlan2 ! ip nat inside source route-map NAT-1 interface Vlan2 overload ! interface Vlan3 ip nat inside interface Vlan2 ip nat outside !
As a side note, I can see that the DHCP Server configuration on the Cisco Router is providing the IP address for the interface on Vlan 3 for the DNS Server for hosts on that VLAN.
I would suggest to use a different DNS Server (like Google's public servers) or activate the Router's DNS Server capability.
! ! Make the Router a DNS Server. ! ip dns server ! end
! ! Provide a different IP for DNS Server. ! ip dhcp pool office-pool no dns-server 192.168.44.254 dns-server 18.104.22.168 ! end
After my first publication of the book OSPF Demystified With RFC in 2014 which goes beyond the CCIE level which explores OSPF from the RFC's perspective. Since one year I had the idea : why not write a book for CCIE Enterprise and Infrastructure to be an ...
Do you use Cisco DNA Center? Have you used and are you willing to provide your feedback in using the Cisco DNA Center help and documentation?
If so, we’d like you to complete the survey linked below. Your feedback will help provide more effective and easi...
Listen: https://smarturl.it/CCRS9E18Follow us: https://twitter.com/CiscoChampion Reaching the height of your career is no simple feat. It often requires a combination of pursuing the right education, building the right professional network and being ...