Re: Initial Configuration. No internet access after NAT and Access rule - C897VA-K9

nidhinpk · ‎03-28-2019

I am trying to set up Internet access for C897VA-K9. Given below is the current configuration, Internal network is as 192.168.30.0 and internal is 182.0.0.5. I wish to set up S2S VPN with Azure gateway.. would like to know if this router supports that.

I am not able to ping the ISP gateway.

Current configuration : 2239 bytes
!
! Last configuration change at 20:27:22 UTC Thu Mar 28 2019
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CiscoHome
!
boot-start-marker
boot-end-marker
!
!
enable password >>>>
!
no aaa new-model
ethernet lmi ce
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!

!
!
ip dhcp pool net
!
ip dhcp pool net-pool
network 192.168.30.0 255.255.255.0
default-router 192.168.30.1
dns-server 8.8.8.8 1.1.1.1
lease 9
!
!
!
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C897VA-K9 sn FGL224914TL
!
!
username admin password 0 >>>>>>>
!
!
!
!
!
controller VDSL 0
!
!
!
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface Ethernet0
no ip address
shutdown
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
!
interface GigabitEthernet5
no ip address
!
interface GigabitEthernet6
no ip address
!
interface GigabitEthernet7
no ip address
!
interface GigabitEthernet8
ip address 182.0.0.5 255.255.255.240
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
ip address 192.168.30.1 255.255.255.0
ip nat inside
no ip virtual-reassembly in
!
ip default-gateway 182.0.0.20
ip forward-protocol nd
ip http server
no ip http secure-server
!
!
ip nat pool pool1 192.168.30.1 192.168.30.254 netmask 255.255.255.0
ip nat inside source list 1 pool pool1 overload
ip route 0.0.0.0 0.0.0.0 182.0.0.20
ip route 0.0.0.0 0.0.0.0 182.0.0.21
!
!
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
line con 0
password cisco
no modem enable
line aux 0
line vty 0 4
password >>>>>
login
transport input telnet
line vty 5 15
password >>>>>>
login
transport input telnet
!
scheduler allocate 20000 1000
!
end

I tried NAT Translation and its showing empty, Show NAT statistics and gave below output

CiscoHome#show ip nat stati
CiscoHome#show ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Peak translations: 0
Outside interfaces:
GigabitEthernet8
Inside interfaces:
Vlan1
Hits: 0 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 5] access-list 1 pool pool1 refcount 0
pool pool1: netmask 255.255.255.0
start 192.168.30.1 end 192.168.30.254
type generic, total addresses 254, allocated 0 (0%), misses 0

Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0

Georg Pauwen · ‎03-28-2019

Hello,

make the changes marked in bold to your configuration:

Current configuration : 2239 bytes
!
! Last configuration change at 20:27:22 UTC Thu Mar 28 2019
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CiscoHome
!
boot-start-marker
boot-end-marker
!
enable password >>>>
!
no aaa new-model
ethernet lmi ce
!
ip dhcp pool net
!
ip dhcp pool net-pool
network 192.168.30.0 255.255.255.0
default-router 192.168.30.1
dns-server 8.8.8.8 1.1.1.1
lease 9
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
license udi pid C897VA-K9 sn FGL224914TL
!
username admin password 0 >>>>>>>
!
controller VDSL 0
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface Ethernet0
no ip address
shutdown
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
!
interface GigabitEthernet5
no ip address
!
interface GigabitEthernet6
no ip address
!
interface GigabitEthernet7
no ip address
!
interface GigabitEthernet8
ip address 182.0.0.5 255.255.255.240
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
ip address 192.168.30.1 255.255.255.0
ip nat inside
no ip virtual-reassembly in
!
--> no ip default-gateway 182.0.0.20
ip forward-protocol nd
ip http server
no ip http secure-server
!
--> no ip nat pool pool1 192.168.30.1 192.168.30.254 netmask 255.255.255.0
ip nat inside source list 1 interface GigabitEthernet8 overload
--> no ip route 0.0.0.0 0.0.0.0 182.0.0.20
--> no ip route 0.0.0.0 0.0.0.0 182.0.0.21
ip route 0.0.0.0 0.0.0.0 GigabitEthernet8
!
access-list 1 permit 192.168.30.0
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
line con 0
password cisco
no modem enable
line aux 0
line vty 0 4
password >>>>>
login
transport input telnet
line vty 5 15
password >>>>>>
login
transport input telnet
!
scheduler allocate 20000 1000
!
end

nidhinpk · ‎03-28-2019

I tried the above changes but still the same result. Attaching the running config along with this. Show ip nat translations doesnt show any result.

Georg Pauwen · ‎03-29-2019

Hello,

since this thread has been developing, not sure if that has been asked before, but do you have Internet connectivity at all ? Can you ping 8.8.8.8 from the router ?

Try to make the changes in bold to your configuration:

Current configuration : 2149 bytes
!
! Last configuration change at 23:32:16 UTC Thu Mar 28 2019
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CiscoHome
!
boot-start-marker
boot-end-marker
!
!
enable password Lankil12
!
no aaa new-model
ethernet lmi ce
!
ip dhcp pool net
!
ip dhcp pool net-pool
network 192.168.30.0 255.255.255.0
default-router 192.168.30.1
dns-server 8.8.8.8 1.1.1.1
lease 9
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
license udi pid C897VA-K9 sn FGL224914TL
!
username admin password 0 >>>>>>>
!
controller VDSL 0
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface Ethernet0
no ip address
shutdown
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
!
interface GigabitEthernet5
no ip address
!
interface GigabitEthernet6
no ip address
!
interface GigabitEthernet7
no ip address
!
interface GigabitEthernet8
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
ip address 192.168.30.1 255.255.255.0
ip nat inside
no ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet8 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet8 dhcp
!
access-list 1 permit 192.168.30.0
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
line con 0
password cisco
no modem enable
line aux 0
line vty 0 4
password >>>>>
login
transport input telnet
line vty 5 15
password ?>>>>
login
transport input telnet
!
scheduler allocate 20000 1000
!
end

balaji.bandi · ‎03-28-2019

try below config :

ip dhcp pool net-pool
network 192.168.30.0 255.255.255.0
default-router 192.168.30.1
dns-server 8.8.8.8 1.1.1.1
lease 9
!
ip dhcp excluded-address 192.168.30.1
!
!
interface GigabitEthernet8
ip address 182.0.0.5 255.255.255.240
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
ip address 192.168.30.1 255.255.255.0
ip nat inside
no ip virtual-reassembly in
!
no ip default-gateway 182.0.0.20
ip forward-protocol nd
ip http server
no ip http secure-server
!
!
no ip nat pool pool1 192.168.30.1 192.168.30.254 netmask 255.255.255.0
no ip nat inside source list 1 pool pool1 overload

access-list 1 permit ip 192.168.30.0 0.0.0.255 any
ip nat inside source list 1 interface GigabitEthernet8 overload
!
ip route 0.0.0.0 0.0.0.0 182.0.0.20
ip route 0.0.0.0 0.0.0.0 182.0.0.21
!

Connect the PC and make sure you get DHCP IP from 192.168.30.x and ping 8.8.8.8

check :

#show ip nat translations

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

nidhinpk · ‎03-28-2019

Hi Thanks for the reply.

I am getting the below error while creating access list.

CiscoHome(config)#access-list 1 permit ip 192.168.30.0 0.0.0.255 any
Translating "ip"...domain server (255.255.255.255)
^
% Invalid input detected at '^' marker.

CiscoHome(config)#

Deepak Kumar · ‎03-28-2019

Hi,

The Command statement is incorrect:

access-list 1 permit 192.168.30.0 0.0.0.255

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

balaji.bandi · ‎03-28-2019

Typo issue - corrected as below

#access-list 1 permit ip 192.168.30.0 0.0.0.255

test and advise

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Deepak Kumar · ‎03-28-2019

Hi @balaji.bandi

Here is the correct statement:

R1(config)#access-list 1 permit ?
  Hostname or A.B.C.D  Address to match
  any                  Any source host
  host                 A single host address
R1(config)#access-list 1 permit 192.168.1.0 0.0.0.255

R1(config)#ip access-list standard 1
R1(config-std-nacl)#?
Standard Access List configuration commands:
  <1-2147483647>  Sequence Number
  default         Set a command to its defaults
  deny            Specify packets to reject
  exit            Exit from access-list configuration mode
  no              Negate a command or set its defaults
  permit          Specify packets to forward
  remark          Access list entry comment

R1(config-std-nacl)#pe
R1(config-std-nacl)#permit ?
  Hostname or A.B.C.D  Address to match
  any                  Any source host
  host                 A single host address

R1(config-std-nacl)#permit 10.10.10.1 0.0.0.255 ?
  log  Log matches against this entry
  <cr>
R1(config-std-nacl)#permit 10.10.10.1 0.0.0.255

Because Standard ACL will only work with the Source address.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

paul driver · ‎03-29-2019

Hello

@nidhinpk wrote:

I am not able to ping the ISP gateway.

interface GigabitEthernet8
ip address 182.0.0.5 255.255.255.240
ip nat outside

ip route 0.0.0.0 0.0.0.0 182.0.0.20
ip route 0.0.0.0 0.0.0.0 182.0.0.21

First of all you have the wrong default route, its needs to be between 1-14 ,Sort this out first and test again connectivity you should at least be able to ping the next-hop even without NAT

@nidhinpk wrote:

I wish to set up S2S VPN with Azure gateway.. would like to know if this router supports that.

You dont say what kind of vpn but 890 series router supports the following:

● Secure Sockets Layer (SSL) VPN for secure remote access
● Hardware-accelerated DES, 3DES, AES 128, AES 192, and AES 256
● Public-Key-Infrastructure (PKI) support
● Fifty IPsec tunnels
● Cisco Easy VPN Client and Server
● NAT transparency
● Dynamic Multipoint VPN (DMVPN)
● Tunnel-less Group Encrypted Transport VPN

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul