Showing results for 
Search instead for 
Did you mean: 
Join Customer Connection to register!

Cisco 1941 SEC-K9 with EHWIC-4ESG-P Configuration Questions

Greetings all:

I recently purchased a 1941 with a EHWIC-4ESG-P. I've spent some time reviewing numerous docs and haven't found the answers to some of the questions I have in configuring this guy. Here is the topology I'm trying to support (IP's changed to protect the innocent):

  WAN - (G0/0, Dialer1 assigned from ISP (VDSL/PPPoE to modem with RFC 1483 bridging)

  LAN   - (G0/0/0 / Vlan2)

  DMZ  - (G0/0/1 / Vlan3 .. Externally facing web, mail and DNS servers)

  LAN2  - (G0/0/2 / Vlan4)

I've been able to successfully establish the PPPoE connection to my ISP, and NAT the LAN hosts to the outside world - this part works fine. What isn't working is pretty much everything else -- which brings me to this forum to ask a few questions so that I might better understand some of the concepts a bit better so I can move forward with this router migration.

I have the EHWIC interfaces assigned to the Vlans, and have assigned the Vlans static addresses as shown above.

My first question pertains to access-lists / ACLs on the 1941 with the EHWIC-4ESG-P etherwswitch module:

Q: Am I correct in assigning ACLs / access-groups on the Vlan interfaces, or is this suppose to be done soley on the router GigabitEthernet ports?

Q: Would a rule like this be correct for port forwarding WWW traffic to one of the DMZ hosts?

     ip nat inside source static tcp 80 80 extendable

Q: Do I need any specific acccess-list rules in the access-group in/out for the Dialer1 interface to establish PPPoE/PPP to my ISP? The reason I ask this is because I can't maintain the conntection with any in or out access-groups assigned to it (I'm sure this is fail on my part, but nothing I've tried works other than removing the groups from the interface).

I would paste my sh run, but at this point  I'm back to square one and just have the Vlan address assignments and a basic working ppp setup until I can get help. Also, CDW is being slow with my SMARTnet contract, so I'm ~7-10 days away from obtaining it

Any help and/or insight would be greatly appreciated!



Disregard my previous post - I'm (happiliy) getting over the migration curve from ASA to IOS now, and nat is in fact my friend.