Hi all,
Fairly new to Cisco and this one has been baffling me. I've recently replaced an Draytek 2820N router with a Cisco 891FW. Works great but I cant seem to get PAT working via the Inside global address when clients are connected via the inside local network, though it works fine when they connect to the inside global from anywhere external (via 3G for example). The 891FW sits behind a cable modem, exactly the same as the Draytek 2820 did. Vlan 5 is the integrated wireless AP (which the device accessing these PATs uses when in the office). The Inside global address is assigned via the ISPs DHCP, but normally stays the same (or hasn't changed in 12 months at least).
Here's an example of the PAT setup (with IPs changed for obvious reasons):
interface Vlan1 (which has an IP route via 10.0.0.2 - a Layer 3 switch to get to the 10.0.2.0 range + others)
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface Vlan5 (wireless)
ip address 172.16.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet8 (WAN)
description External Interface
ip dhcp client broadcast-flag clear
ip address dhcp
ip access-group Block_internet_traffic_inbound in
ip nat outside
ip inspect FW out
ip virtual-reassembly in
duplex auto
speed auto
ip nat inside source static tcp 10.0.2.6 5555 interface GigabitEthernet8 5555
ip nat inside source static tcp 10.0.2.7 6666 interface GigabitEthernet8 6666
ip nat inside source list NAT_Out interface GigabitEthernet8 overload
Extended IP access list NAT_Out
10 permit ip 10.0.0.0 0.0.255.255 any
20 permit ip 192.168.0.0 0.0.255.255 any
30 permit ip 172.16.0.0 0.0.255.255 any
50 deny ip any any
DNS is not an option here, IP only and its required to function when the client is in the office or out of the office (but without a VPN) and without changing any IP addresses in the software that connects using the PAT. Can anyone offer any advice as to why this setup no longer works after moving over to the 891FW ?
Many Thanks :)
