Cisco 871 and NAT

Discussion in 'General Computer Support' started by Beachguy, May 19, 2009.

  1. Beachguy


    May 19, 2009
    Florida's Space Coast
    I work for a small WISP and have a customer that owns a few office buildings. Our company feeds the internet to the buildings and the owner resells it to their tenants. We split the revenue and it's a win/win for all.

    In one building we bought a Cisco 871 integrated services router and everyone can get out to the internet but I cannot remotely access tenant routers behind it or ping it!

    At our WISP we have multiple class C IP address ranges. We have one half of a class C set up for this office building. We run a static environment, so no DHCP anywhere. Also each tenant gets a public IP address.

    My boss said he couldn’t get the internet access working unless NAT was being used…Why would that be? Why would you give a tenant a public IP only to NAT it behind the router? Seems like a waste of IP’s to me.

    Here’s and example of what is set up:

    WAN (our feed to the building) 200.200.50.x

    LAN (for the office building tenants) 200.200.51.x (x = 130 – 254)

    A voip system has the 10.10.10.x

    Needs to be removed 200.200.49.x

    Here’s the router configuration:

    User Access Verification

    Username: admin
    yourname#show running-config
    Building configuration...

    Current configuration : 4320 bytes
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname yourname
    logging buffered 52000 debugging
    no aaa new-model
    resource policy
    clock timezone NewYork -5
    clock summer-time NewYork date Apr 6 2003 2:00 Oct 26 2003 2:00
    ip subnet-zero
    ip cef
    no ip dhcp use vrf connected
    ip dhcp excluded-address
    ip dhcp pool sdm-pool
    import all
    lease 0 2
    ip domain name
    ip name-server
    ip name-server
    crypto pki trustpoint TP-self-signed-3075099920
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-3075099920
    revocation-check none
    rsakeypair TP-self-signed-3075099920
    crypto pki certificate chain TP-self-signed-3075099920
    certificate self-signed 01
    3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 33303735 30393939 3230301E 170D3032 30333031 30303539
    34315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 30373530
    39393932 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100DEC9 D21B4F4F C6A0EB90 E3382B20 EDA5F91C C9F201F8 1B55A0BD 0D06DADA
    5FE1C9D9 DCA8AD14 EC6B4932 8918E4ED 0DEABEA9 EAB966AC E495BB90 D0902453
    06D3E228 3E914A04 F9FF236B 60C8349D A26B9B7A 01BFED51 AC773A61 70FE69CA
    D902ED4F 4AB4D806 61CA2F48 521C5A39 3F03953D B92C24E5 7AE41866 C6A563C9
    E61F0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
    551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
    301F0603 551D2304 18301680 149B76BF 23902CB9 43E64CCC B72D503F 6E3FC78B
    FA301D06 03551D0E 04160414 9B76BF23 902CB943 E64CCCB7 2D503F6E 3FC78BFA
    300D0609 2A864886 F70D0101 04050003 8181003A 3B3822BF B2C183E1 FB21C48F
    18C387AC 8EF01C91 F7A5272A 2BC884A6 AEEF4ED4 91EC1FA8 3D1C770C DB592F4F
    ABEB8268 B92E84E0 02874578 8A72D4A1 A2CF3F55 F4BC2580 FBCFD9AE 79218D40
    CD7B8702 11B1A045 2D531D09 887EB87A D7C09097 ACD7B89A B92A9B86 63F33080
    1EA0960B 71BE6924 296DE80A AA3F16C3 17AC4C
    username admin privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXXX
    interface FastEthernet0
    interface FastEthernet1
    interface FastEthernet2
    interface FastEthernet3
    interface FastEthernet4
    description $ETH-LAN$
    ip address
    ip nat outside
    ip virtual-reassembly
    duplex auto
    speed auto
    interface Vlan1
    ip address
    ip nat inside
    ip virtual-reassembly
    router rip
    no auto-summary
    ip classless
    ip route FastEthernet4
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source list 3 interface FastEthernet4 overload
    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit
    access-list 2 remark SDM_ACL Category=2
    access-list 2 permit
    access-list 3 remark SDM_ACL Category=2
    access-list 3 permit
    no cdp run
    banner login ^C
    Cisco Router and Security Device Manager (SDM) is installed on this device.
    This feature requires the one-time use of the username "cisco"
    with the password "cisco". The default username and password have a privilege le
    vel of 15.

    Please change these publicly known initial credentials using SDM or the IOS CLI.

    Here are the Cisco IOS commands.

    username <myuser> privilege 15 secret 0 <mypassword>
    no username cisco

    Replace <myuser> and <mypassword> with the username and password you want to use

    line con 0
    login local
    no modem enable
    line aux 0
    line vty 0 4
    privilege level 15
    login local
    transport input telnet ssh
    scheduler max-task-time 5000
    Beachguy, May 19, 2009
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AM

    VLnas and cisco 871.

    AM, Oct 28, 2005, in forum: Cisco
    Oct 29, 2005
  2. Mario Lopez

    Cisco 871 router and WEP WPA-PSK

    Mario Lopez, Nov 28, 2005, in forum: Cisco
    Mario Lopez
    Nov 28, 2005
  3. Steve
    Feb 12, 2006
  4. Mike_B
  5. Martin Latos

    Cisco 871 : NAT virtual interface

    Martin Latos, May 16, 2006, in forum: Cisco
    May 16, 2006