Configuring WAN for internet access on small network

Answered Question
Jul 20th, 2010

I have an 861W wireless router that I've just purchased and would like to get working. I'm replacing a router that needs to be rebooted frequently. The configuration of the network is as follows: there's a cable modem which plugs into the wan interface of the old router. The other side of the router is plugged into a switch which connects to several clients. The router is configured for DHCP. This enables all clients to use the internet. This is how I would like the 861W to operate.

Because I can't stop work to configure the 861W, I have the WAN interface (FE4) attached to our network. The old router gives it an ip. I have an ethernet cable coming from a LAN port on the 861W to my machine. This is how I'm configuring it. When I telnet into the 861W, I can ping any machine on our network. I can ping my client machine as well. I cannot ping any other machine on the network from my client machine. I need to be able to access client on the WAN side of the router from a client on the LAN side.

Below is my configuration. Any help would be greatly appreciated.

Current configuration : 5425 bytes

!

! Last configuration change at 20:50:22 CST Sun Feb 28 1993 by admin

!

version 15.0

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname 861W

!

boot-start-marker

boot-end-marker

!

logging buffered 51200

logging console critical

enable secret 5 $1$fT/U$UBWQYmc.cNTE.aZjnKT5E.

!

no aaa new-model

memory-size iomem 10

clock timezone CST -6

clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00

!

crypto pki trustpoint TP-self-signed-460023439

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-460023439

revocation-check none

rsakeypair TP-self-signed-460023439

!

!

crypto pki certificate chain TP-self-signed-460023439

certificate self-signed 01

  30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 34363030 32333433 39301E17 0D393330 33303130 30303034

  355A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F

  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3436 30303233

  34333930 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100

  D6F6B497 E1786E36 06E42523 99C9621F FFA52A33 8383AF7C 95E30B5B F96710D2

  C408B9F1 12384196 83EA2D6E EF19650D 084140E1 A9551E4C D7FFDB4E ED8CA160

  6C8975CB B1D577F5 139CA52B A17CD014 70B0DE64 79264CE6 3E54516F 90399B32

  F7297A83 1C18C603 0F099E50 823AB88F 507EF241 D25322BB 9E7AD7FF 2FD0172B

  02030100 01A37D30 7B300F06 03551D13 0101FF04 05300301 01FF3028 0603551D

  11042130 1F821D38 3631572E 73706563 74657269 6E737472 756D656E 74732E6C

  6F63616C 301F0603 551D2304 18301680 14C49087 AF886BBB 3D5B1EF7 B33F370F

  B22EDD53 5E301D06 03551D0E 04160414 C49087AF 886BBB3D 5B1EF7B3 3F370FB2

  2EDD535E 300D0609 2A864886 F70D0101 04050003 81810065 435E79F9 69ADC7B8

  3AD08D38 2FE24522 B6E2CACC 13CCC533 05F83E2F D8ADD621 FCD78AB5 579AE83C

  DCEDDC30 DB7D70A7 7C395410 47A8EDCC F7072CB2 F158F89C 2194CB42 F1167877

  47DC5B21 4C2769C0 2A5514A6 7BFC8AEA 0FFB65F9 4E549E7B A67AF639 AC70E0EC

  E26E79CD 0EC26940 65DD3454 417AEBC1 642E0DE8 9FC228

        quit

no ip source-route

ip dhcp excluded-address 10.10.10.1 10.10.10.99

ip dhcp excluded-address 192.168.1.1 192.168.1.99

!

ip dhcp pool ccp-pool1

   import all

   network 10.10.10.0 255.255.255.0

   dns-server 209.18.47.61 209.18.47.62

   default-router 10.10.10.1

   domain-name specterinstruments.local

   lease 0 2

!

!

ip cef

no ip bootp server

ip domain name specterinstruments.local

ip name-server 209.18.47.61

ip name-server 209.18.47.62

!

!

license udi pid CISCO861W-GN-A-K9 sn FTX14208243

!

!

username admin privilege 15 secret 5 $1$nSfP$tGrUQM4cJLbR6x2QhCyCX1

!

!

ip tcp synwait-time 10

ip ssh time-out 60

ip ssh authentication-retries 2

!

!

!

!

!

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

description $FW_OUTSIDE$$ES_WAN$$ETH-WAN$

ip address dhcp client-id FastEthernet4

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface wlan-ap0

description Service module interface to manage the embedded AP

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

arp timeout 0

!

interface Wlan-GigabitEthernet0

description Internal switch interface connecting to the embedded AP

switchport mode trunk

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$

ip address 10.10.10.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip route 0.0.0.0 0.0.0.0 FastEthernet4

!

logging trap debugging

no cdp run

!

control-plane

!

banner exec ^C

% Password expiration warning.

-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device

and it provides the default username "cisco" for  one-time use. If you have

already used the username "cisco" to login to the router and your IOS image

supports the "one-time" user option, then this username has already expired.

You will not be able to login to the router with this username after you exit

this session.

It is strongly suggested that you create a new username with a privilege level

of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you

want to use.

-----------------------------------------------------------------------

^C

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

login local

no modem enable

transport output telnet

line aux 0

login local

transport output telnet

line 2

no activation-character

no exec

transport preferred none

transport input all

line vty 0 4

privilege level 15

login local

transport input telnet ssh

!

scheduler max-task-time 5000

scheduler allocate 4000 1000

scheduler interval 500

end

I have this problem too.
0 votes
Correct Answer by Nagaraja Thanthry about 6 years 4 months ago

Hello,

You are missing the NAT configuration on the router. Please try the following:

access-list 1 permit 10.10.10.0 0.0.0.255

ip nat source list 1 interface FastEthernet4 overload

This should take care of the connectivity issue.

Hope this helps.

Regards,

NT

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Nagaraja Thanthry Tue, 07/20/2010 - 17:04

Hello,

You are missing the NAT configuration on the router. Please try the following:

access-list 1 permit 10.10.10.0 0.0.0.255

ip nat source list 1 interface FastEthernet4 overload

This should take care of the connectivity issue.

Hope this helps.

Regards,

NT

Actions

This Discussion