11-08-2011 03:41 AM - edited 03-04-2019 02:11 PM
Hi,
I'm having a business DSL-connection which requires a modem from the provider (It cannot be replaced by another modem/router)
I want to know if it is possible to place the Cisco 877W-G-E-K9 behind the modem and set it up as an VPN-server.
The internet connection wil be established in the modem/router of our provider.
11-08-2011 03:58 AM
Hi,
Could you confirm if it's an 877 or 887?
If it's 877 with a K9 IOS, then it supports IPSec VPN.
Sent from Cisco Technical Support iPhone App
11-08-2011 05:20 AM
It's an Cisco 877W-G-E-K9. (It has a POTS RJ11-connection on the back)
The ISP-modem forwards all ports to 192.168.254.2.
How do I configure the cisco to act as a router behind this modem?
11-08-2011 06:04 AM
Hi,
Use one of the FE port to connect to the ISP modem's RJ45 port and configure a point-to-point address.
877(config)#int f0
877(config-if)#no switchport
877(config-if)#ip address IP_ADDRESS 255.255.255.252
877(config)#int vlan 1
877(config-if)#ip address INTERNAL_ADDRESS
877(config)#ip route 0.0.0.0 0.0.0.0 ISP_MODEM_IP
Sent from Cisco Technical Support iPhone App
11-08-2011 06:58 AM
Hi,
It's not working for me.
The ISP-modem has ip 192.168.254.1 and there is no DHCP configured on this device. All port are forwarded to 192.168.254.2 (This must be the cisco router)
I have a default configuration in my cisco877.
Internal network of cisco = 10.10.10.1 with DHCP.
No dialer configured yet, also NAT is not configured.
Do you have some kind of template which I can use? Maybe from there I can configure the cisco correctly.
11-08-2011 06:18 PM
hi,
you can start from here. it basically covers everything especially what you're looking for (PPP, NAT and VPN).
http://www.cisco.com/en/US/docs/routers/access/800/850/software/configuration/guide/857sg_bk.pdf
11-16-2011 12:31 AM
Hi,
Below you will find my running config. The connection with the ISP modem on Interface F0 does not work.
When i'm using command "No switchport" it says "invalid command"
My static IP-address on F0 must be 192.168.254.2 255.255.255.0
Running Config:
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname cisco877
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200
logging console critical
enable secret 5 $1$Zw/5$a5r6xtBQsVR40v27N1uBP/
!
no aaa new-model
clock timezone PCTime -8
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-2535400162
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2535400162
revocation-check none
rsakeypair TP-self-signed-2535400162
!
!
crypto pki certificate chain TP-self-signed-2535400162
certificate self-signed 01
30820242 308201AB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32353335 34303031 3632301E 170D3032 30333031 30303133
33365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 35333534
30303136 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100DF7C 6A798BD1 CBC85030 5932EF76 5BD8F854 A227ACFE BA27F5D4 FABD7336
7BDBD52D 60AB26D5 BAB4E5CB DDD81C7F AA145FD1 F6E5D76B 57C43B3E 4A6160DF
E71D6EAE AFAAD933 1F5E7073 654BC9FB 0F5D55F5 5EB88BFD A73D12E2 4E4EC369
A6AFC55E D80E611E 78F2F201 26E53B90 E5C9AF75 8630A3A3 9D5424F2 26DD8FFE
5E6B0203 010001A3 6A306830 0F060355 1D130101 FF040530 030101FF 30150603
551D1104 0E300C82 0A555253 49393052 54522E30 1F060355 1D230418 30168014
4B9B9F77 812300EB 4A57682E FA8B3906 EF68139B 301D0603 551D0E04 1604144B
9B9F7781 2300EB4A 57682EFA 8B3906EF 68139B30 0D06092A 864886F7 0D010104
05000381 81003002 AD380ED7 46E79FD5 4BE38820 827453A4 94FEDF40 3D39D664
2EBEFC90 55ECBF6D BC6A8158 FF9BDA69 0C553D50 08A75F24 87A67A82 8F52C846
E3B2B451 2B0CE940 B5CB5C49 FA85DAA6 769155CE BB814984 0C27D414 36AA1CCF
A738FDA1 71100188 7B97EA4F E07BD35E 183E1C62 659286CF E8695FCD 7C797858
55898CFF 79C2
quit
dot11 syslog
no ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool sdm-pool1
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 195.238.2.21 195.238.2.22
!
!
ip cef
no ip bootp server
ip name-server 195.238.2.21
ip name-server 195.238.2.22
!
!
!
!
username admin privilege 15 secret 5 $1$j4JQ$3Dm.WJbnkheQ4meFbu/
!
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
no ip ftp passive
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface FastEthernet0
description WAN_Link
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 101 interface FastEthernet0 overload
!
logging trap debugging
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
no cdp run!
!
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!
^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
11-16-2011 03:13 AM
hi,
sorry, it should be "no switchport access vlan" command. see below.
877(config-if)#no switchport access vlan
877(config-if)#ip address ?
A.B.C.D IP address
dhcp IP Address negotiated via DHCP
pool IP Address autoconfigured from a local DHCP pool
please rate if helpful. thanks!
11-16-2011 03:36 AM
Hi,
you should change this
ip route 0.0.0.0 0.0.0.0 FastEthernet0
to
ip route 0.0.0.0 0.0.0.0 192.168.1.254
and make the f0 interface a routed port with the command from john and assign it an ip address in the same range as the modem/router
I suppose this is a Belgacom BBox from the the DNS servers you configured on the router in your dhcp pool?
So the modem/router LAN ip must be in the 192.168.1.0 /24 if you didn't change anything and it should be a DHCP server for this LAN by default.
Regards.
Alain
11-16-2011 04:00 AM
Hi Alain,
The modem from Belgacom is an Speedtouch 787 (Business DSL)
The IP of this modem is 192.168.254.1 and has no DHCP configured. All the ports are forwarded in this modem to 192.168.254.2.
It is ok that I must set a static IP address(192.168.254.2) on the F0 interface?
11-16-2011 04:46 AM
Hi,
yes you can and the static route will be then:
ip route 0.0.0.0 0.0.0.0 192.168.254.1 on Cisco router
Regards.
Alain
11-16-2011 07:00 AM
Thanks.
When setting an ip address on the F0 interface i get the error:
IP addresses may not be configured on L2 links FastEthernet0 (See screenshot attached to this post)
11-16-2011 08:44 AM
Hi,
My apologies again. 877 FE ports are Layer 2 only by default. Try configuring as below:
877(config)#vlan 10
877(config)#int vlan 10
877(config-if)#ip add 192.168.254.2 255.255.254.0
877(config-if)#int f0
877(config-if)#switchport access vlan 10
Sent from Cisco Technical Support iPhone App
11-17-2011 03:22 AM
Hi,
I did everything described above. But I cannot get internet through the F0-interface.
Below you will find my recent running config.
p.s.: I've change the subnet 192.168.254.x tot 192.168.2.x, because i'm testing the router in my network. When done it will be placed in the 192.168.254.x subnet.
My ISP modem had the ip-address 192.168.2.254
!
ip dhcp pool sdm-pool1
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 192.168.2.254
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface FastEthernet0
description WAN_Link
switchport access vlan 10
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
!
interface Vlan10
ip address 192.168.2.2 255.255.255.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.2.254
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 101 interface FastEthernet0 overload
!
11-17-2011 03:44 AM
hi,
could you try the below:
int vlan 10
ip nat out
no ip nat inside source list 101 interface FastEthernet0 overload
ip nat inside source list 101 interface vlan 10 overload
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide