03-19-2013 12:40 AM - edited 03-04-2019 07:20 PM
Hello,
I have a block of eight routable IP addresses from my ISP. I have a Cisco 887VA that I want to use as my router. I know the router will take one of my IP addresses, but I'm having a problem getting the other IP addresses to route through the router. My ADSL is up and running and I can ping addresses on the outside, but I have been unsuccessful at getting anything out from the inside. Here is a copy of my running config:
- - - - - - - - - -
ip source-route
!
!
ip cef
no ipv6 cef
!
!
license udi pid CISCO887VA-K9 sn XXXXXXXXXXX
!
!
controller VDSL 0
operating mode ansi
!
!
interface Ethernet0
no ip address
no fair-queue
!
interface ATM0
description DSL Interface
no ip address
no atm ilmi-keepalive
pvc 0/32
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Vlan1
no ip address
!
interface Dialer1
ip address 71.xx.xx.102 255.255.255.248
ip mtu 1492
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname xxxxxxxxxxxxx
ppp chap password 7 xxxxxxxxxxxxxxxx
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended inet
permit ip any any
!
!
line con 0
line aux 0
line vty 0 4
login
transport input all
!
end
- - - - - - - - - -
I've tried to blow away the default VLAN (can't do that). I have tried to create a bridge group, but that was unsuccessful. Any help will be appreciated.
Solved! Go to Solution.
03-19-2013 06:13 AM
Have you tried giving VLAN1 one of the IP addresses and then using ip unnumbered Vlan 1 on the dialer interface?
I've used this in the past for Cisco 877 routers with /29 blocks of IP addresses.
03-19-2013 01:12 AM
Hello Tom
Can you confirm if you using ADSL or VDSL
As I can see the ATM interface configured I am assuming its ADSL?
Can you explains a little bit more in what your issue is, Are you saying you Internal network isn't able to reach the internet?
Do you have private addressing for your internal LAN?
Res
paul
Sent from Cisco Technical Support iPad App
03-19-2013 05:45 AM
Hello,
I am running ADSL.
Issue: I have four devices with public IP addresses. Those four devices cannot get out to the internet. Previously I had a DSL modem that would take one public IP address. The other devices, I would point them to the DSL modem's public IP address as the default gateway and they would go out without issue.
Do I have private addressing? I would like to have private addressing, but my primary concern is to get these four devices with public IPs out to the Internet.
Thank you.
03-19-2013 02:04 AM
hi tom,
just assign any one of the 8 routable IPs under VLAN 1 SVI and this will be your DG for the rest of the IP on that range.
assign other devices using the same IP subnet and connect on the available FE0-3 ports
03-19-2013 05:53 AM
I did not try taking one of the eight IP addresses and assigning it to VLAN1. I am reluctant to do that because my router will take two public IP addresses instead of one and that will leave me with no extra IP addresses to play with. That's why I am trying to avoid using more IPs than I absolutely have to. That why I tried doing the bridging.
Thank you for the suggestion. I will give that a shot if there are no other options.
03-19-2013 06:13 AM
Have you tried giving VLAN1 one of the IP addresses and then using ip unnumbered Vlan 1 on the dialer interface?
I've used this in the past for Cisco 877 routers with /29 blocks of IP addresses.
03-19-2013 06:30 AM
kmccourt, your suggestion worked perfectly. Thank you for sharing. I appreciate it.
03-19-2013 08:56 PM
Cool! Good info! +5
Sent from Cisco Technical Support iPad App
11-12-2014 06:01 AM
This works excellently!
Thank you very much.
However, for some reason my EZVPN Client stopped working.
I've changed the outside VPN interface from Dailer0 to VLAN2 (dialer0 is my atm dialer which is now IP unnumbered, and VLAN2 is now my WAN VLAN). The tunnel comes back up but the client(this) router will not forward any traffic through the tunnel.
Am I missing something? There is rarely any change to the original configuration where dialer0 was designated as the vpn outside interface.
Here is my sanitized config of my 887VA:
version 15.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname XXX
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 4 XXX
!
no aaa new-model
memory-size iomem 10
clock timezone Paris 1 0
clock summer-time DST recurring last Sun Mar 2:00 last Sun Oct 3:00
!
crypto pki trustpoint TP-self-signed-129303053
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-129303053
revocation-check none
rsakeypair TP-self-signed-129303053
!
crypto pki certificate chain TP-self-signed-129303053
certificate self-signed XX
quit
no ip source-route
!
!
no ip bootp server
ip domain lookup source-interface Dialer0
ip domain name kpn.net
ip name-server 8.8.4.4
ip cef
no ipv6 cef
!
license udi pid CISCO887VA-K9 sn FCZXXX
!
username XXX privilege 15 view root secret 4 XXX
!
controller VDSL 0
!
ip ssh version 2
!
crypto ipsec client ezvpn VPN
connect auto
group XXGroup key XXX
local-address Vlan2
mode network-extension
peer XY.ZX.IJ.ZZ
username XX password XX
xauth userid mode local
!
interface Ethernet0
no ip address
shutdown
!
interface ATM0
description KPN
no ip address
load-interval 30
no atm ilmi-keepalive
pvc 2/32
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
switchport access vlan 2
no ip address
!
interface Vlan1
ip address 172.16.86.134 255.255.255.248
no ip route-cache
crypto ipsec client ezvpn VPN inside
!
interface Vlan2
ip address <PUBLIC IP#1> 255.255.255.252
ip virtual-reassembly in
no ip route-cache
no autostate (This statement was very important because the VPN needs to be online even though no physical devices were connected!)
crypto ipsec client ezvpn VPN
!
interface Dialer0
ip unnumbered Vlan2
encapsulation ppp
dialer pool 1
dialer-group 1
ppp chap hostname kpn
ppp pap sent-username kpn password 7 05001601
no cdp enable
!
ip forward-protocol nd
no ip http server
ip http access-class 10
ip http authentication local
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
access-list 10 remark Access CCP/SSH
access-list 10 permit XXXX
dialer-list 1 protocol ip permit
no cdp run
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 10 in
privilege level 15
login local
transport input ssh
!
ntp update-calendar
ntp server nl.pool.ntp.org prefer source Dialer0
!
end
11-13-2014 12:45 AM
DOH!
It was a bug in the 15.2(4)M4 IOS software.
When I upgraded to 15.3(3)M4 and put the outside ezvpn interface back to dialer0 the problem was resolved!
(When I had vlan2 as the ezvpn outside interface the behaviour was the same as with the 15.2(4)M4 software. Tunnel up, but no tx from client side)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: