Cisco Support Community
Community Member

Cisco 2921 router configuration

Hello Mr. Watts:

My name is Tom Jenson, ;cell 254-253-1803 and I’m a Network Manager at a small rural Hospital in central Texas. In the past two weeks I switched Internet providers and I just finished upgrading from a bonded-T1 3Mbit circuit to a 20Mbit metro Ethernet circuit.

My new assignment is to add a new Hospital wide software called Cerner. Cerner is utilized through the Internet cloud. I have a diagram from Cerner showing the configuration needed to allow Cerner access to the LAN and how they will need Internet access.

I have the LAN connections working. My question is Cerner has provided a Cisco 2911 router which will be installed behind my Hospital Cisco 2921 router.

The path from the outside world into the LAN is as follows. Internet from Century Link goes through a Adtran 3448 NetVanta to my Cisco 2921 and then to a Cisco ASA 5510. I hope to bypass the ASA 5510 firewall and connect directly to the Cisco 2921 router from the Cisco 2911 router which is behind the Cisco 2921 router.

From the Cerner Cisco 2911 port G 0/1 private IP to my Cisco 2921 port GE 0/0 private IP I know I’ll need to possible NAT from an external routable IP to an internal IP on the Cisco 2921 router. I also need to turn up port GE 0/0.

This is my Cisco 2921 configuration.


GWHF-Cisco#sh run | i ip nat

ip nat inside

ip nat outside

ip nat inside

ip nat inside source list nonat interface FastEthernet0/0/0 overload

ip nat inside source static udp 500 interface FastEthernet0/0/0 500

ip nat inside source static udp 4500 interface FastEthernet0/0/0 4500

ip nat inside source static esp interface FastEthernet0/0/0

ip nat inside source static

ip nat inside source static

ip nat inside source static

ip nat inside source static

ip nat inside source static

ip nat inside source static

ip nat inside source static

GWHF-Cisco#sh ip inter brief

Interface                 IP-Address     OK? Method Status               Protocol

Embedded-Service-Engine0/0 unassigned     YES NVRAM administratively down down

GigabitEthernet0/0         unassigned     YES NVRAM up                   up

GigabitEthernet0/1         unassigned     YES NVRAM down                 down

GigabitEthernet0/2         unassigned     YES NVRAM down                 down

FastEthernet0/0/0     YES manual up                   up

FastEthernet0/0/1     YES NVRAM up                   up

Multilink1                 unassigned     YES unset down                 down

NVI0                       unassigned     YES unset administratively down

I’ve never had the benefit of a Cisco Smartnet agreement. Cisco has been very helpful with aiding me in the Internet provider switch and re-establishing twelve site to site VPN tunnels when I come across a tunnel that just does work.

I’m not a WAN design engineer and any suggestions would highly appreciated.


Tom Jenson

CreatePlease to create content