Port-Forwarding/NAT to 1941W behind DSL Modem/Router

mlangdon1 · ‎09-04-2013

Software developer out of my element just getting into Cisco routers.

To put it in the plainest language possible, I am trying to set up a 1941W router behind a DSL Modem/Router (@ 192.168.1.254) such that the 1941W can be reached directly on the external IP of the router. Ideally this would be done without bridging so that the office can retain the use of the regular router.

I've looked at:

https://supportforums.cisco.com/thread/2131214

And borrowed some nat config lines from:

https://supportforums.cisco.com/thread/2131026

I am connected on terminal via usb serial. GigabitEthernet0/0 is connected directly to the DSL router.

I am able ping other devices on the dsl modem/router from the 1941W. I can't ping external ips like 8.8.8.8 and the 1941W does not appear in the device list on my DSL router. I can ping the 1941W at 192.168.1.100. I have these settings:

interface GigabitEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$

ip address 192.168.1.100 255.255.255.0

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface wlan-ap0

description Service module interface to manage the embedded AP

no ip address

arp timeout 0

no mop enabled

no mop sysid

!

interface GigabitEthernet0/1

ip address <public IP> 255.255.255.0

ip nat inside

ip virtual-reassembly in

shutdown

duplex auto

speed auto

crypto map VZW-MAP

!

interface Wlan-GigabitEthernet0/0

description Internal switch interface connecting to the embedded AP

no ip address

!

interface Vlan1

no ip address

!

router bgp 64515

bgp log-neighbor-changes

neighbor 192.168.0.1 remote-as 6167

neighbor 192.168.0.1 default-originate

neighbor 192.168.0.5 remote-as 6167

neighbor 192.168.0.5 default-originate

!

ip forward-protocol nd

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source list 1 interface GigabitEthernet0/0 overload

!

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 23 permit 10.10.10.0 0.0.0.7

access-list 172 permit gre host <public IP> host xx.xx.xx.xx

Suggestions would be tremendous.

cadet alain · ‎09-04-2013

Hi,

1st you'll need a default route pointing towards your DSL modem/router because NAT is done after routing.

2nd if you just want to reach your router from the Internet then just port forward the corresponding port( telnet or ssh and/or http/https) on your DSL modem, you don't need no NAT overload on the router for this.

If you wnt hosts on the LAN interface on the router to get out to the internet then you'll need NAT overload like you did but you'll have to specify your LAN subnet in your NAT ACL.

Regards

Alain

Don't forget to rate helpful posts.

mlangdon1 · ‎09-05-2013

Alain,

Thanks for the reply!

Could you possibly expand on that last bit: "you'll need NAT overload like you did but you'll have to specify your LAN subnet in your NAT ACL."

I thought maybe this line accomplished that:

access-list 1 permit 192.168.1.0 0.0.0.255

But I guess not.

cadet alain · ‎09-05-2013

Hi,

you must specify the subnet on your NAT inside or reachable out your NAT inside interface in your NAT ACL but here you specified the subnet of the NAT outside interface and you've got a public IP on the NAT inside interface and a private one on the NAT outside which is strange.

Regards

Alain

Don't forget to rate helpful posts.