09-04-2013 10:56 AM - edited 03-04-2019 08:57 PM
Software developer out of my element just getting into Cisco routers.
To put it in the plainest language possible, I am trying to set up a 1941W router behind a DSL Modem/Router (@ 192.168.1.254) such that the 1941W can be reached directly on the external IP of the router. Ideally this would be done without bridging so that the office can retain the use of the regular router.
I've looked at:
https://supportforums.cisco.com/thread/2131214
And borrowed some nat config lines from:
https://supportforums.cisco.com/thread/2131026
I am connected on terminal via usb serial. GigabitEthernet0/0 is connected directly to the DSL router.
I am able ping other devices on the dsl modem/router from the 1941W. I can't ping external ips like 8.8.8.8 and the 1941W does not appear in the device list on my DSL router. I can ping the 1941W at 192.168.1.100. I have these settings:
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address 192.168.1.100 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface wlan-ap0
description Service module interface to manage the embedded AP
no ip address
arp timeout 0
no mop enabled
no mop sysid
!
interface GigabitEthernet0/1
ip address <public IP> 255.255.255.0
ip nat inside
ip virtual-reassembly in
shutdown
duplex auto
speed auto
crypto map VZW-MAP
!
interface Wlan-GigabitEthernet0/0
description Internal switch interface connecting to the embedded AP
no ip address
!
interface Vlan1
no ip address
!
router bgp 64515
bgp log-neighbor-changes
neighbor 192.168.0.1 remote-as 6167
neighbor 192.168.0.1 default-originate
neighbor 192.168.0.5 remote-as 6167
neighbor 192.168.0.5 default-originate
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 172 permit gre host <public IP> host xx.xx.xx.xx
access-list 172 permit gre host <public IP> host xx.xx.xx.xx
Suggestions would be tremendous.
09-04-2013 11:11 AM
Hi,
1st you'll need a default route pointing towards your DSL modem/router because NAT is done after routing.
2nd if you just want to reach your router from the Internet then just port forward the corresponding port( telnet or ssh and/or http/https) on your DSL modem, you don't need no NAT overload on the router for this.
If you wnt hosts on the LAN interface on the router to get out to the internet then you'll need NAT overload like you did but you'll have to specify your LAN subnet in your NAT ACL.
Regards
Alain
Don't forget to rate helpful posts.
09-05-2013 07:46 AM
Alain,
Thanks for the reply!
Could you possibly expand on that last bit: "you'll need NAT overload like you did but you'll have to specify your LAN subnet in your NAT ACL."
I thought maybe this line accomplished that:
access-list 1 permit 192.168.1.0 0.0.0.255
But I guess not.
09-05-2013 07:51 AM
Hi,
you must specify the subnet on your NAT inside or reachable out your NAT inside interface in your NAT ACL but here you specified the subnet of the NAT outside interface and you've got a public IP on the NAT inside interface and a private one on the NAT outside which is strange.
Regards
Alain
Don't forget to rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide