Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
672
Views
0
Helpful
10
Replies

problem with c887w

Abdelilah Benrida
Level 1
Level 1

‎06-17-2015 05:00 AM - edited ‎03-08-2019 12:35 AM

Hi 

 

i work in a company and i have to change a modem router f@st 3304 by cisco c887w

 

i put this configuration in the cisco router and i can navigate to internet when im directly connected to the C887w

 

but when i put it with the firwall fortigate i can't navigate from the inside

 

----dialer0-C887W-(192.168.1.1)-------192.168.1.50 PC    ITWORKS

 

---dialer0-C887W--(192.168.1.1)-----192.168.1.50-Fortigate-10.10.10.2-----10.10.10.4-TMG-172.16.0.1------172.16.1.2-PC Doesn't work

 

here is my config

 

Routeur#sh run
Building configuration...
 
Current configuration : 6114 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Routeur
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-3037307739
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3037307739
 revocation-check none
 rsakeypair TP-self-signed-3037307739
!
!
crypto pki certificate chain TP-self-signed-3037307739
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33303337 33303737 3339301E 170D3135 30363135 31333133
  31375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30333733
  30373733 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100B732 BA8A3E18 2657828F 0F539EA2 2F721FF4 5C679938 9F0744C0 2EDB2249
  F85CE3B4 59854650 CB42DC26 C6B072AC 664AA0C2 A63197C0 082F3226 DF51DE2D
  6B5BD55F EF7395D8 B616F0CF 937E2FB7 FF00084C C96A4909 96EA682A 5E0B148E
  C495ED4F 68E2F512 518402C7 8E486962 DA50B748 6F58D070 07B99EDE 47FCD6FB
  618B0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 14D42CC5 E792ED0C 1DDA2203 EFF7BFA7 EA8804B7 CE301D06
  03551D0E 04160414 D42CC5E7 92ED0C1D DA2203EF F7BFA7EA 8804B7CE 300D0609
  2A864886 F70D0101 05050003 81810092 E9DF07B6 700FD965 1ECA6B67 9255FAFB
  01FC6F2C 9E65107B C61348BF 424FEE6A 7CA0793D 8A642456 4858DD43 1EE07E89
  C8605A98 4A3378B3 F4268B88 85A66653 BA61450D C354C70E 632C23F8 E3C83E39
  75B21C0E 62F358F1 32428B64 B18C7B83 27076FF2 A8024CD1 6A7B94C3 D1751417
  4132BAB3 3EE8AED2 86B4950A 2A804E
        quit
no ip source-route
ip cef
!
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.50
!
ip dhcp pool Wifi
 import all
 network 192.168.1.0 255.255.255.0
 default-router 192.168.1.1
 lease 50
!
!
!
no ip domain lookup
ip domain name yourdomain.com
no ipv6 cef
!
!
license udi pid C887VA-W-E-K9 sn FCZ191491CB
!
!
username admin privilege 15 secret 5 $1$clan$Kgjq7Y5v6m4.e0Jm.vEXx1
!
!
!
!
!
controller VDSL 0
!
!
!
!
!
!
!
!
!
!
interface ATM0
 no ip address
 atm vc-per-vp 64
 no atm ilmi-keepalive
 pvc 8/35
  pppoe-client dial-pool-number 1
 !
!
interface Ethernet0
 no ip address
!
interface FastEthernet0
 no ip address
!
interface FastEthernet1
 no ip address
!
interface FastEthernet2
 no ip address
!
interface FastEthernet3
 no ip address
!
interface Wlan-GigabitEthernet0
 description Internal switch interface connecting to the embedded AP
 no ip address
!
interface wlan-ap0
 description Service module interface to manage the embedded AP
 ip unnumbered Vlan1
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
 hold-queue 100 out
!
interface Dialer0
 ip address negotiated
 ip access-group 102 in
 no ip redirects
 no ip unreachables
 ip mtu 1492
 ip verify unicast reverse-path
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 ppp chap hostname XXXXXXXX
 ppp chap password 0 XXXXXXX
 ppp pap sent-username XXXXX password 0 XXXXXXX
 ppp ipcp dns request
 ppp ipcp wins request
 ppp ipcp route default
 no cdp enable
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 101 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit icmp any any packet-too-big
access-list 102 deny   icmp any any
access-list 102 permit ip any any
dialer-list 1 protocol ip permit
no cdp run
!
!
 
!
line con 0
 login local
 no modem enable
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 stopbits 1
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

- See more at: https://supportforums.cisco.com/discussion/12535621/little-problem-c887#sthash.IrN4LWNT.dpuf

Labels:
0 Helpful
10 Replies 10

johnd2310
Level 8
Level 8

‎06-17-2015 04:23 PM

Hi,

 Which device is doing the NAT? 887 only or 887  and Fortigate? Is the doing TMG doing proxy for the clients? Check you NAT and routing config.

 

Thanks

John

**Please rate posts you find helpful**
0 Helpful

Abdelilah Benrida
Level 1
Level 1
In response to johnd2310

‎06-17-2015 04:27 PM

Hi 

TMG is doing NAT

887 is doing NAT

fortigate is may be doing nat, can you please tell me what to do in the case if fortigate is doing the NAT and if not ?

0 Helpful

johnd2310
Level 8
Level 8
In response to Abdelilah Benrida

‎06-17-2015 04:55 PM

Hi,

 

Assuming the fortigate is not doing NAT, you will need to add a static route on the 887 for the 10.10.10.0 network pointing to the fortigate 192.168.1.5. e.g. assuming 10.10.10.0 is a /24

ip route 10.10.10.0 255.255.255.0 192.168.1.50

 

thanks

John

**Please rate posts you find helpful**
0 Helpful

Abdelilah Benrida
Level 1
Level 1
In response to johnd2310

‎06-17-2015 04:57 PM

 

Hi John

and if  it is doing nat ? the first configuration must work ?

 

thank you 

0 Helpful

johnd2310
Level 8
Level 8
In response to Abdelilah Benrida

‎06-17-2015 05:09 PM

Hi,

If fortigate is doing NAT, then from the TMG you should be able to connect to the Internet.

 

Thanks

John

**Please rate posts you find helpful**
0 Helpful

Abdelilah Benrida
Level 1
Level 1
In response to johnd2310

‎06-17-2015 05:14 PM

Hi again

 

Thank you very much john 

 

i will try and tell you the result 

 

thx again

0 Helpful

Abdelilah Benrida
Level 1
Level 1
In response to johnd2310

‎06-19-2015 07:32 AM

Hi 

the fortigate is doing nat...

 

thx

0 Helpful

Abdelilah Benrida
Level 1
Level 1
In response to johnd2310

‎06-22-2015 02:47 PM

Im connected from the inside to the internet but still have slow connection any suggestions please.?

0 Helpful

Abdelilah Benrida
Level 1
Level 1
In response to johnd2310

‎06-17-2015 04:32 PM

Hi 

 

yes TMG is a proxy for the client and the TMG use NAT when they go to the internet

 

im not sure about the fortigate but can you telle me what to do please in the two cases (fortigate doing nat or not doing it).

 

thanks a lot

0 Helpful

Abdelilah Benrida
Level 1
Level 1
In response to johnd2310

‎06-19-2015 05:12 AM

I think i have a DNS probelm when i connect the fortigate to the cisco router

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card