05-21-2017 11:20 AM - edited 03-05-2019 08:34 AM
Double NAT........Gateway addresses........two routers???? Is this even possible????
First a little background.....
Lab setup:
10.1.1.1 /24
Dell R710 w/esxi
Cisco 881W
2/8port 2960 Cisco switches
*utilized for network testing, software testing, learning.....playing.
"Production" network
ISP Gateway Calix 844G-1
192.168.1.1 /24
Outside IP is static from ISP
*utilized for basic TV, internet, gaming, etc.
Reasoning behind this config setup? I am in the Cyber field and this will allow my lab to have network connectivity when I need certain software and can also hit some websites I host from work for vulnerability testing, etc.
On the Calix gateway, I reserved 192.168.1.200 for the 881W mac address.
This is my current 881w config.....I obviously have a few things not set correctly since I cant get out to the internet so please critique away!! If there is another option to configure everything.....remove hardware, whatever......please feel free to add your input!!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 881
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 **********************************
!
no aaa new-model
memory-size iomem 10
!
!
!
!
!
ip dhcp excluded-address 10.1.1.1 10.1.1.10
ip dhcp excluded-address 10.1.1.254
ip dhcp excluded-address 10.1.1.245
!
ip dhcp pool LabPOOL
import all
network 10.1.1.0 255.255.255.0
dns-server 8.8.8.8 8.8.4.4
default-router 10.1.1.254
lease infinite
!
!
!
no ip domain lookup
ip domain name lab.local
ip cef
no ipv6 cef
!
!
license udi pid CISCO881W-GN-A-K9 sn FTX133481H2
!
!
username lab secret 5 *************************************
!
!
!
!
!
ip ssh version 2
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
spanning-tree portfast
!
interface FastEthernet1
no ip address
spanning-tree portfast
!
interface FastEthernet2
no ip address
spanning-tree portfast
!
interface FastEthernet3
no ip address
spanning-tree portfast
!
interface FastEthernet4
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan4
shutdown
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
no ip address
!
interface Vlan1
ip address 10.1.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan4
no ip address
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list inside-nat-pool interface FastEthernet4 overload
!
ip access-list standard rtr_access
permit 10.1.1.0 0.0.0.255
!
!
!
!
line con 0
password **************
logging synchronous
login local
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
access-class rtr_access in
password ****************
login local
transport input ssh
!
!
end
Solved! Go to Solution.
05-21-2017 04:30 PM
Hi,
"ip nat inside source list inside-nat-pool interface FastEthernet4 overload" You have defined NAT but you have not configure the access list specified in you NAT statement. You need to create access-list inside-nat-pool e.g.
ip access-list standard inside-nat-pool
permit 10.1.1.0 0.0.0.255
Thanks
John
05-21-2017 04:30 PM
Hi,
"ip nat inside source list inside-nat-pool interface FastEthernet4 overload" You have defined NAT but you have not configure the access list specified in you NAT statement. You need to create access-list inside-nat-pool e.g.
ip access-list standard inside-nat-pool
permit 10.1.1.0 0.0.0.255
Thanks
John
05-21-2017 05:46 PM
John-
worked perfect with your recommendation......thank you sir!!
Kevin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide