cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
710
Views
0
Helpful
2
Replies

Installing an 871W behind an NAT

markc
Level 1
Level 1

I have an existing network which has a cable modem connected to an NAT firewall/4-port bridge.  From that firewall, I have cables running to various points in my house.  Two of these hook directly to computers, and two others hook to 4- and 8-port bridges.

To allow me to work remotely, I have been given a Cisco 871W router, configured to provide VPN services to the corporate site.  I was told that I could connect it anywhere on my network so that I could connect to the corporate network.  However, when I connect it downstream of the firewall, the only lights that come on are OK and LNK.  The second OK light, on the WLAN side, blinks.  In this state, when I try to connect to the VPN, it does not work.

If I hook the 871W directly to the cable modem, I get a solid VPN light.  I can then connect to the corporate site over the VPN.

The problem is, if I install the 871W at the cable modem location, I do not have wifi signal at my work location.  Additionally, I was provided with a CIsco VOIP phone to connect to the router.  Again, since the cable modem is some distance from the office, I would have to quite a bit of cable to get the phone to the desk. 

Since I can not get the 871W to work, I am currently connecting the PC to one of the bridges via cable.  I then use the AnyConnect VPN Client to connect to the corporate site.  That works, but is not ideal, as the bridge is not in the same room as my work area.  I have tried installing the 871W to the same bridge, but still, only a solid OK and LNK light on the left side, with a blinking OK light on the right side.

What settings do I need to check/enable on the NAT firewall to allow the 871W to be installed downstream of the firewall?  Anything else I should check?

2 Replies 2

Jitendriya Athavale
Cisco Employee
Cisco Employee

what firewall is it

many third party firewall's provided my isp's block vpn traffic

open up these ports on the firewall/ nat device

udp 500, 4500,

esp 50

also wehn you connect the router directly to the isp modem you get a public ip but when you connect it to the nat device you get a private ip

check if on the head end and on the router nat traversal is enabled, you can ask your admin to enable it on his side and on the router


we can verify if this is problem, by not natting on firewall and trying  vpn, please try that

The firewall is an SMC7004ABR, which is quite old but reliable.  It is configured to allow VPN Passthrough.  I will try specifically allowing the ports you specified and see if that makes a difference.

Unfortunately, I can't disable NAT on this firewall, so we can't test that way.

I'll update after I've had a chance to test with the ports specified.