Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
384
Views
0
Helpful
2
Replies

Client cant access the network on cisco 877W router

rodonohu1
Level 1
Level 1

‎03-06-2007 03:48 PM - edited ‎07-03-2021 01:44 PM

Hi guys,

I'm having a total nightmare with a 877 router. I have it fully configured using a vpn tunnle and bgp. From the router interface I can ping out the entire network and the routing table shows all the BGP networks. My problem is thus, when i connect my desktop to the switch on the router, it pulls an IP from the DHCP on the router but I can't ping outside of the local interfaces. It can't get anywhere. That along with the wireless doesn't seem to be working. I've mirrored a config that works as close as possible but still nothing.I'm prob missing something small. Can you have alook at the config? any help is great.

Labels:
0 Helpful
2 Replies 2

rodonohu1
Level 1
Level 1

‎03-06-2007 03:54 PM

here is the config of the router

Preview file
7 KB
0 Helpful

bporter78
Level 1
Level 1
In response to rodonohu1

‎04-06-2007 12:21 PM

Hi there,

For the wireless side of it:

* Take out the WEP key (don't need this if using EAP)

* Change the cipher statement to:

encryption mode ciphers tkip

* Under ssid EmP1R3D add in: authentication key-management wpa

* might also have to remove the authentication open mac-address mac_methods eap eap_methods line

This should now allow the client to communicate with your EAP radius servers and generate a dynamic WPA key and then authenticate via the EAP and MAC servers to the wireless.

For you LAN side of it:

Could be your nat inside and outside causing the problem. Trying setting up a route-map to exclude natting on your VPN addresses. I'm assuming that you are not wanting any external access out to the internet - just traffic between the VPN's?

*in global config add in: ip nat inside source route-map NAT_MAP_1 interface Dialer1 overload

*then: route-map NAT_MAP_1 permit 1

* then in the route map add in: match ip address 101

*exit back to global config and then set: access-list 101 deny ip 172.17.25.80 0.0.0.15 x.x.x.x x.x.x.x (where x represents the remote internal network and subnet mask)

access-list 101 permit ip 172.17.25.80 0.0.0.15 any

* also you want to change your match address list to an extended access list. at the moment you are only encrypting 1 host to another host. So that is why your router can ping across the VPN but nothing else can.

* in your crypto map change the command so it reads: match address VPN_Traffic

* then in global config enter: ip access-list extended VPN_Traffic

* then in the access-list:

remark Allow VPN Traffic to remote office

permit ip 172.17.25.80 0.0.0.15 x.x.x.x x.x.x.x (where the x's represent the other network and it's associated subnet massk)

That should do it. Attached is your config with the required changes - email me at eagleeyes426@yahoo.com to let me know how you get on :)

Cheers,

Peter

Preview file
7 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card