using fe0 as WAN port on 887

xa-mont72 · ‎09-26-2011

Hey guys,

I am trying to set up an 887 to use fe0 as a WAN port to connect to another router that was provided preconfigured by my ISP (and i have no access to change settings on it)

i am able to connect to the one20 router (from the ISP) and out to the internet using a laptop plugged to its fe0 and using ip: 202.134.232.146, sn:255.255.255.252, gateway: 202.134.232.145. so it is working fine.

My problem comes when trying to set up the 887 to route it all.

Here is a quick little network diagram of what i am trying to do...

http://i29.photobucket.com/albums/c287/xacoupe/EMC.png

here is where i have gotten to with the config. In this state i can ping 202.134.232.146, but not 145 (the one20) and not out to the internet.... WHAT AM I DOING WRONG?!?

Current configuration : 2284 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec localtime

service password-encryption

!

hostname emcmelb

!

boot-start-marker

boot system flash:c870-advsecurityk9-mz.124-20.T2.bin

boot-end-marker

!

logging message-counter syslog

logging buffered 512000

enable secret

!

no aaa new-model

!

dot11 syslog

ip source-route

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.0.1

ip dhcp excluded-address 192.168.0.165 192.168.0.180

!

ip dhcp pool emcmelb-dhcp

network 192.168.0.0 255.255.255.0

domain-name essentialmedia.com.au

dns-server 202.126.100.178 202.126.100.157

default-router 192.168.0.1

lease infinite

!

ip cef

ip domain name essentialmedia.com.au

ip name-server 203.0.178.191

ip name-server 8.8.8.8

!

username drew password

username admin password

!

crypto isakmp policy 10

encr 3des

authentication pre-share

lifetime 86000

crypto isakmp key Loe8TrPhBi8RuBiorI address 203.217.21.142

crypto isakmp keepalive 300 30 periodic

!

crypto ipsec transform-set emc-trans-set esp-3des esp-sha-hmac

!

crypto ipsec profile policy1

set transform-set emc-trans-set

!

archive

log config

hidekeys

!

ip ssh time-out 30

!

interface ATM0

no ip address

logging event subif-link-status

load-interval 30

shutdown

no atm ilmi-keepalive

dsl operating-mode auto

dsl enable-training-log showtime

!

interface FastEthernet0

switchport access vlan 2

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Vlan1

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Vlan2

ip address 202.134.232.146 255.255.255.252

ip nat outside

ip virtual-reassembly

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 202.134.232.145

no ip http server

no ip http secure-server

!

ip nat inside source list emcmelb-ip interface Vlan2 overload

!

ip access-list extended emcmelb-ip

permit ip 192.168.0.0 0.0.0.255 any

!

access-list 10 permit 192.168.0.0 0.0.0.255

!

control-plane

!

line con 0

no modem enable

line aux 0

line vty 0 4

password

login

transport input all

transport output all

!

scheduler max-task-time 5000

end

Marwan ALshawi · ‎09-26-2011

when you connected to the cisco router can post the show ip nat translation out put here

also ping from the PC any public ip in the internet to ake sure if its DNS issue or routing

xa-mont72 · ‎09-26-2011

hey mate. I'll get the show ip nat translation when i am back on site (should be lunch time ish)

As for the routing/dns issue, when connected to the main network i am unable to even ping the .145 address, so i assumed nothing further out on the net would work.

johnlloyd_13 · ‎09-26-2011

Hi Travis,

Could you post your show ip interface brief command output? Try using cross cable.

Sent from Cisco Technical Support iPhone App

xa-mont72 · ‎09-26-2011

will do.

xa-mont72 · ‎09-26-2011

OK…. here are a few diagnostic outputs that people have requested (here and on other forums)

show ip arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 192.168.0.1 - 0025.454a.c4b6 ARPA Vlan1

Internet 192.168.0.2 0 0026.bbe8.e0b4 ARPA Vlan1

Internet 192.168.0.3 0 c82a.140f.9d3b ARPA Vlan1

Internet 192.168.0.5 0 e0f8.472b.b06e ARPA Vlan1

Internet 192.168.0.50 0 70f1.a1f1.7387 ARPA Vlan1

Internet 192.168.0.102 0 1c65.9d30.0f96 ARPA Vlan1

Internet 192.168.0.117 0 70f1.a1ec.ba28 ARPA Vlan1

Internet 192.168.0.118 0 1cc1.defc.aa0f ARPA Vlan1

Internet 192.168.0.123 0 d485.64ec.c1dd ARPA Vlan1

Internet 192.168.0.136 0 1c65.9d30.41c5 ARPA Vlan1

Internet 202.134.232.145 0 Incomplete ARPA

Internet 202.134.232.146 - 0025.454a.c4b6 ARPA Vlan2

show ip route

Gateway of last resort is 202.134.232.145 to network 0.0.0.0

202.134.232.0/30 is subnetted, 1 subnets

C 202.134.232.144 is directly connected, Vlan2

C 192.168.0.0/24 is directly connected, Vlan1

S* 0.0.0.0/0 [1/0] via 202.134.232.145

show ip nat trans *

shows nothing at all

ping from router to external (174.132.170.162)

Sending 5, 100-byte ICMP Echos to 174.132.170.162, timeout is 2 seconds:

Packet sent with a source address of 202.134.232.146

.....

Success rate is 0 percent (0/5)

sh ip int brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0 unassigned YES unset up up

FastEthernet1 unassigned YES unset up up

FastEthernet2 unassigned YES unset up down

FastEthernet3 unassigned YES unset up up

ATM0 unassigned YES NVRAM administratively down down

SSLVPN-VIF0 unassigned NO unset up up

Vlan1 192.168.0.1 YES NVRAM up up

NVI0 unassigned YES unset administratively down down

Vlan2 202.134.232.146 YES NVRAM up up

Marwan ALshawi · ‎09-26-2011

ok it looks like there is not traffic hitting the NAT ACL

when you connect to the router is you PC obtain IP address with the right IP range and Default gateway ?

are you using crossover cable between the two routers ?

it seems to be connectivity issue

Internet 202.134.232.145 0 Incomplete ARPA

xa-mont72 · ‎09-26-2011

I was under the impression that network devices nowdays generally worked the difference between straight through and crossovers?

Yeah clients get IP addresses, subnet masks and gateways just fine.

Marwan ALshawi · ‎09-26-2011

yes the correct, but sometimes just it dose not work as epected, i am not sure if this is the reason but just give it a go

xa-mont72 · ‎09-26-2011

tried a crossover, still the same "incomplete" on the ARP list.

Client wants me to give up on this and go get a billion 7800n and use that instead (should be easier to set up... probably won't perform as well though)

Marwan ALshawi · ‎09-26-2011

can you set the speed and deplux to auto as well

lioninblack · ‎04-29-2012

mine is same problem :((((

Sent from Cisco Technical Support iPhone App