Cisco 887 WAN Access Issues

jloveday · ‎05-05-2019

Hi Guys,

I've recently had to adapt an 887 to work at one of our sites, which has a HFC connection delivered to an ISP provided modem. As this particular 887 doesn't have a WAN port, I've had to setup one of the LAN ports as a WAN port. After some research online, I was able to get the connection working.

The HFC is connected to our WAN, and there is a Laptop and Printer plugged into f1 and f2. I am able to ping other devices on the WAN from the laptop, and I am able to ping the printer from the laptop, however I am unable to ping the printer (or laptop) from other devices on the WAN (e.g. my PC that is on the WAN at another site).

How would I go about making the devices plugged into the LAN side accessible from the WAN? I mainly need access to the printer remotely.

Here is the setup:

!
ip dhcp excluded-address 192.168.18.1 192.168.18.20
!
ip dhcp pool 10
import all
network 192.168.18.0 255.255.255.0
dns-server 139.130.4.4 203.50.2.71
default-router 192.168.18.254
!
!
!
ip name-server 139.130.4.4
ip name-server 203.50.2.71
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
cts logging verbose
license udi pid C887VAM-K9 sn FGL224013XU
!
!
!
!
!
!
!
controller VDSL 0
operating mode vdsl2
shutdown
!
!
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Ethernet0
no ip address
shutdown
!
interface FastEthernet0
description CONNECTED TO WAN
switchport access vlan 300
no ip address
spanning-tree portfast
!
interface FastEthernet1
description LAN
switchport access vlan 200
switchport voice vlan 100
no ip address
spanning-tree portfast
!
interface FastEthernet2
description LAN
switchport access vlan 200
switchport voice vlan 100
no ip address
spanning-tree portfast
!
interface FastEthernet3
description LAN
switchport access vlan 200
switchport voice vlan 100
no ip address
spanning-tree portfast
!
interface Vlan1
no ip address
shutdown
!
interface Vlan100
no ip address
!
interface Vlan200
description LAN
ip address 192.168.18.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan300
description WAN
ip address 10.200.10.25 255.255.255.252
ip nat outside
ip virtual-reassembly in
!
ip default-gateway 10.200.10.26
ip forward-protocol nd
ip http server
ip http secure-server
!
!
ip nat inside source list 100 interface Vlan300 overload
ip route 0.0.0.0 0.0.0.0 10.200.10.26
ip ssh version 2
!
!
access-list 100 permit ip any any

Any help would be much appreciated, cheers!

luis_cordova · ‎05-05-2019

Hi @jloveday ,

Can you enlarge the mask of the WAN network to a mask /29?(10.200.10.24/29)

If possible, you could leave the .25 and .26 for the physical interfaces and the NAT PAT and occupy the .27 to make a static NAT for the printer.

ip nat inside source static <printer IP> 10.200.10.27

Regards

jloveday · ‎05-05-2019

Hi @luis_cordova

Thanks for your prompt response!

In regards to expanding the WAN mask, correct me if I'm wrong, but I believe it would mess with routing, as we have .27 and .28 at another site under a .252 network.

luis_cordova · ‎05-05-2019

Hi @jloveday ,

Indeed, if you are already occupying those ip in another network there will be routing problems.

Could you then assign a network that is not being used and that allows you a mask /29?

Regards

jloveday · ‎05-05-2019

Hi @luis_cordova

Thanks for your response.

Unfortunately I don't have any control over the masks...as they were setup and provided by the ISP.

balaji.bandi · ‎05-06-2019

If i understand correcrtly you want to access the Priter from remote end.

But remote end Printer was localted in the Local LAN, then you need either do NAT enable or establish VPN between these sites.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help