Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > General Computer Discussion > General Computer Support > Cisco 871 and NAT

Thread Tools

Cisco 871 and NAT

Beachguy Beachguy is offline
Junior Member
Join Date: May 2009
Location: Florida's Space Coast
Posts: 5
I work for a small WISP and have a customer that owns a few office buildings. Our company feeds the internet to the buildings and the owner resells it to their tenants. We split the revenue and it's a win/win for all.

In one building we bought a Cisco 871 integrated services router and everyone can get out to the internet but I cannot remotely access tenant routers behind it or ping it!

At our WISP we have multiple class C IP address ranges. We have one half of a class C set up for this office building. We run a static environment, so no DHCP anywhere. Also each tenant gets a public IP address.

My boss said he couldn’t get the internet access working unless NAT was being used…Why would that be? Why would you give a tenant a public IP only to NAT it behind the router? Seems like a waste of IP’s to me.

Here’s and example of what is set up:

WAN (our feed to the building) 200.200.50.x

LAN (for the office building tenants) 200.200.51.x (x = 130 – 254)

A voip system has the 10.10.10.x

Needs to be removed 200.200.49.x

Here’s the router configuration:

User Access Verification

Username: admin
yourname#show running-config
Building configuration...

Current configuration : 4320 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname yourname
logging buffered 52000 debugging
no aaa new-model
resource policy
clock timezone NewYork -5
clock summer-time NewYork date Apr 6 2003 2:00 Oct 26 2003 2:00
ip subnet-zero
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address
ip dhcp pool sdm-pool
import all
lease 0 2
ip domain name
ip name-server
ip name-server
crypto pki trustpoint TP-self-signed-3075099920
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3075099920
revocation-check none
rsakeypair TP-self-signed-3075099920
crypto pki certificate chain TP-self-signed-3075099920
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33303735 30393939 3230301E 170D3032 30333031 30303539
34315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30373530
39393932 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100DEC9 D21B4F4F C6A0EB90 E3382B20 EDA5F91C C9F201F8 1B55A0BD 0D06DADA
5FE1C9D9 DCA8AD14 EC6B4932 8918E4ED 0DEABEA9 EAB966AC E495BB90 D0902453
06D3E228 3E914A04 F9FF236B 60C8349D A26B9B7A 01BFED51 AC773A61 70FE69CA
D902ED4F 4AB4D806 61CA2F48 521C5A39 3F03953D B92C24E5 7AE41866 C6A563C9
E61F0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 149B76BF 23902CB9 43E64CCC B72D503F 6E3FC78B
FA301D06 03551D0E 04160414 9B76BF23 902CB943 E64CCCB7 2D503F6E 3FC78BFA
300D0609 2A864886 F70D0101 04050003 8181003A 3B3822BF B2C183E1 FB21C48F
18C387AC 8EF01C91 F7A5272A 2BC884A6 AEEF4ED4 91EC1FA8 3D1C770C DB592F4F
ABEB8268 B92E84E0 02874578 8A72D4A1 A2CF3F55 F4BC2580 FBCFD9AE 79218D40
CD7B8702 11B1A045 2D531D09 887EB87A D7C09097 ACD7B89A B92A9B86 63F33080
1EA0960B 71BE6924 296DE80A AA3F16C3 17AC4C
username admin privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXXX
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description $ETH-LAN$
ip address
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface Vlan1
ip address
ip nat inside
ip virtual-reassembly
router rip
no auto-summary
ip classless
ip route FastEthernet4
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 3 interface FastEthernet4 overload
access-list 1 remark SDM_ACL Category=2
access-list 1 permit
access-list 2 remark SDM_ACL Category=2
access-list 2 permit
access-list 3 remark SDM_ACL Category=2
access-list 3 permit
no cdp run
banner login ^C
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege le
vel of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.

Here are the Cisco IOS commands.

username <myuser> privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use

line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
scheduler max-task-time 5000
Reply With Quote

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco 871 : NAT virtual interface Martin Latos Cisco 1 05-16-2006 02:06 PM
Cisco 871 VLAN and DSL problems Mike_B Cisco 1 02-14-2006 02:43 PM
Cisco 871 - supports multi-nat? Steve Cisco 12 02-12-2006 11:08 AM
Cisco 871 router and WEP WPA-PSK Mario Lopez Cisco 0 11-28-2005 11:04 PM
VLnas and cisco 871. AM Cisco 1 10-29-2005 09:33 PM