01-16-2012 11:50 PM - edited 03-07-2019 04:23 AM
Greetings all:
I recently purchased a 1941 with a EHWIC-4ESG-P. I've spent some time reviewing numerous docs and haven't found the answers to some of the questions I have in configuring this guy. Here is the topology I'm trying to support (IP's changed to protect the innocent):
WAN - 1.1.1.78/29 (G0/0, Dialer1 assigned from ISP (VDSL/PPPoE to modem with RFC 1483 bridging)
LAN - 10.0.0.0/24 (G0/0/0 / Vlan2)
DMZ - 10.0.1.0/24 (G0/0/1 / Vlan3 .. Externally facing web, mail and DNS servers)
LAN2 - 10.0.2.0/24 (G0/0/2 / Vlan4)
I've been able to successfully establish the PPPoE connection to my ISP, and NAT the LAN hosts to the outside world - this part works fine. What isn't working is pretty much everything else -- which brings me to this forum to ask a few questions so that I might better understand some of the concepts a bit better so I can move forward with this router migration.
I have the EHWIC interfaces assigned to the Vlans, and have assigned the Vlans static addresses as shown above.
My first question pertains to access-lists / ACLs on the 1941 with the EHWIC-4ESG-P etherwswitch module:
Q: Am I correct in assigning ACLs / access-groups on the Vlan interfaces, or is this suppose to be done soley on the router GigabitEthernet ports?
Q: Would a rule like this be correct for port forwarding WWW traffic to one of the DMZ hosts?
ip nat inside source static tcp 10.0.1.4 80 1.1.1.73 80 extendable
Q: Do I need any specific acccess-list rules in the access-group in/out for the Dialer1 interface to establish PPPoE/PPP to my ISP? The reason I ask this is because I can't maintain the conntection with any in or out access-groups assigned to it (I'm sure this is fail on my part, but nothing I've tried works other than removing the groups from the interface).
I would paste my sh run, but at this point I'm back to square one and just have the Vlan address assignments and a basic working ppp setup until I can get help. Also, CDW is being slow with my SMARTnet contract, so I'm ~7-10 days away from obtaining it
Any help and/or insight would be greatly appreciated!
Thanks
01-17-2012 01:16 PM
Disregard my previous post - I'm (happiliy) getting over the migration curve from ASA to IOS now, and nat is in fact my friend.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide