Simple Question with Routing

Unanswered Question
Dec 10th, 2007


I have a routing question that I need help with. Here's how my network is set up:

AT&T DSL modem Ethernet interface configuration:

Cisco VPN 3002 hardware client Ethernet interface (public) configuration:

Cisco VPN 3002 hardware client Ethernet interface (private) configuration:

There is an Ethernet cable between “AT&T DSL modem Ethernet interface” and “Cisco VPN 3002 hardware client Ethernet interface (public).”

There is a computer “Host A” connected to “Cisco VPN 3002 hardware client Ethernet interface (private)” with IP


From “Host A” I cannot ping (or any public IPs). However, I can ping

(From Cisco VPN 3002 client, I can ping or any public IPs.)

Is there anything that I am missing? Should I add a static route somewhere?

Thank you for your help.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Edison Ortiz Mon, 12/10/2007 - 17:05

No, you need to configure NAT so private IP addresses can communicate with public IP addresses.

Hi All

Can I just ask a question here please?

On the AT&T DSL modem Ethernet interface you mention that the IP address is and the Cisco VPN 3002 clients Ethernet interface has an IP address of

Using the /29 mask of is the IP address of the DSL modem not the broadcast IP address of that subnet and the IP address assigned to the Cisco VPN 3002 not the subnet number of the next subnet? as the /29 mask provides a subnet block size of 8.

So the subnets would be




I don't understand how these IP addresses are assigned to interfaces, or am I missing something?

Best Regards,


Jon Marshall Tue, 12/11/2007 - 00:57

Hi Michael

No i don't believe you are missing anything. You are quite right as far as i can see .23 is a broadcast address and .24 is the next network address.


Edison Ortiz Tue, 12/11/2007 - 07:12

Good catch Michael. I wonder if the OP was masking the real addresses and made that mistake on posting.

davidwins Tue, 12/11/2007 - 16:57

Hello All,

Thannk you for your replies. Michael is right, I didn't use the real IPs and should have added a note for this when I posted the initial question.

I am out for vacation for this week so I am unable to do the testings. I am new to Cisco & networking so I have a few questions and hoope you can help me with:

1). Why should I enable NAT? Shouldn't NAT be automatically configured so traffics initiated from inside the network can be routed out to the Internet? If I need to configure a Cisco router, say 2610, do I need to enable NAT too? and should I always do this?

1.5). Should I enable NAT, in this case, in the Cisco VPN 3002 device?

2). Is there a general rule when I should add a "default route" in this format: "ip route" ? Where is default route normally put at - in the gateway, or a another router/host behind the gateway?

3). the reason I use VPN 3002 in this case is becasue I need to set up a Cisco WiFI AP. I got this VPN 3002 free from a friend so I don't have to invest on buying a router or build a software-based routing host. Is VPN 3002 capable of routing at all? I am not using it to connect to a VPN Concentrator at all. I am leaving it as a stand-alone unit serving for routing purpose only. Am I making a silly move here?

Thank you very much for your advice!

Kind regards,


This Discussion