Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cisco 871W WAN connection roblem

Status
Not open for further replies.

Pra3tor1an

Technical User
Aug 20, 2007
13
US
I've configured my 871W to get the LAN and wireless working without any problems. However, I'm now having trouble getting my WAN connection working. I've configured the WAN interface with the IP address from the ISP. I have the NAT translation from 192.168.69.0-192.168.69.255 to the first usable address in our IP block, which is 209.168.233.112(IP changed here for security reasons). They have given us a "block" of IPs, which ranges from x.x.x.110 to x.x.x.114. The first, is our actual address, x.x.x.110. The second is their gateway, x.x.x.111, or (according to them), the address of their ADTRAN router device, which is in front of ours on the the way to the Internet. I called them, and they stated that they do not have a NAT firewall in place on their router, and they are "just handing off the address to us". The Cisco device will replace a Linksys WRT54GL, which has a staic WAN IP of 209.168.233.112, and is using a gateway of 209.168.233.111. I'm not sure where to configure a gateway on the Cisco device, or if that's even possible. I asked the ISP if they have encountered a similar scenario, and they stated that most customers don't use sophisticted devices like Cisco, only devices like the Linksys router we currently have in place. They were little help except to clarify that they do not have a conflicting NAT in place on their router. I'm positng my config below. This was all done using the SDM. Any help is appreciated, thanks.

Building configuration...

Current configuration : 7487 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname CISCO871W-SMS-NC
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$vHVp$ITwchNzpM0JEkvlEydaDK/
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
aaa session-id common
!
resource policy
!
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
ip subnet-zero
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.69.1 192.168.69.99
!
ip dhcp pool sdm-pool1
import all
network 192.168.69.0 255.255.255.0
dns-server 66.0.214.14 207.230.75.34
default-router 192.168.69.1
!
!
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip tcp synwait-time 10
no ip bootp server
ip domain name SMS-NC
ip name-server 66.0.214.14
ip name-server 207.230.75.34
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-2202461748
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2202461748
revocation-check none
rsakeypair TP-self-signed-2202461748
!
!
crypto pki certificate chain TP-self-signed-2202461748
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32323032 34363137 3438301E 170D3032 30333031 30303039
32315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 32303234
36313734 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BFEA 8810141E AAD55C39 860DBCCD ED1930F9 65726CB3 7019B167 2C57BC5C
6932B665 8EAFFF44 5409B2E5 AFBEDFD6 F4DC251F C3A82A72 96FACCCF E6131144
2A134A22 F8B6F4C0 47C1E77F 681102A9 EB317980 22475EE1 31946AFD D781C9A6
EB708BF2 2C60DEE8 75AC8982 298F72BB BC64DEF2 5F662024 BFFDE9DF BD8A29DC
FAF70203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17434953 434F3837 31572D53 4D532D4E 432E534D 532D4E43
301F0603 551D2304 18301680 1410CA7A D736D6F3 0A97636D 50603ECC BE2EBDB6
58301D06 03551D0E 04160414 10CA7AD7 36D6F30A 97636D50 603ECCBE 2EBDB658
300D0609 2A864886 F70D0101 04050003 81810048 57A2D726 FA7198A3 D460D885
DB88134E 1888FFE4 A68E505F A79C19DC C8E75FA3 35369FAA 2795467A 09D54924
1F37D640 BF8CF585 07423591 0F68D16F C380E166 576755A7 4F82E136 E9EE696A
144CB279 73BE9615 0D8526D0 D11E5F15 84394025 9E86CFBA B9D7E610 616A100B
CA2C2A68 F6E5D803 B7464756 03A6B56A 45A005
quit
username dpovinelli privilege 15 view root password 7 0231244903091D321F
username administrator privilege 15 view root secret 5 $1$8A2B$547Dx3fGnYalle4QH1vrX/
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group SMSNCVNP
key sysm@1nt
pool SDM_POOL_1
crypto isakmp profile sdm-ike-profile-1
match identity group SMSNCVNP
client authentication list sdm_vpn_xauth_ml_1
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile SDM_Profile1
set security-association idle-time 86400
set transform-set ESP-3DES-SHA
set isakmp-profile sdm-ike-profile-1
!
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$
ip address 209.168.233.112 255.255.255.248
ip access-group 101 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect DEFAULT100 out
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface Virtual-Template1 type tunnel
ip unnumbered BVI1
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
interface Dot11Radio0
ip address 192.168.70.1 255.255.255.0
!
broadcast-key change 900
!
!
encryption mode ciphers tkip
!
ssid SMS-CHARLOTTE
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 051B551D70411D1D4A1700425B0817
!
speed basic-1.0 2.0 5.5 6.0 9.0 11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
!
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 192.168.69.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
ip local pool SDM_POOL_1 192.168.69.75 192.168.69.200
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.69.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 209.168.233.110 0.0.0.7 any
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 207.230.75.34 eq domain host 209.168.233.114
access-list 101 permit udp host 66.0.214.14 eq domain host 209.168.233.114
access-list 101 permit ip 192.168.69.0 0.0.0.255 any
access-list 101 permit icmp any host 209.168.233.112 echo-reply
access-list 101 permit icmp any host 209.168.233.112 time-exceeded
access-list 101 permit icmp any host 209.168.233.112 unreachable
access-list 101 permit ip 10.0.0.0 0.255.255.255 any
access-list 101 permit ip 172.16.0.0 0.15.255.255 any
access-list 101 permit ip 192.168.0.0 0.0.255.255 any
access-list 101 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip host 255.255.255.255 any
access-list 101 permit ip host 0.0.0.0 any
access-list 101 permit ip any any
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

 
Hello
Below is the command to configure your ISP as the next hop default gateway.Let us know how it goes.

ip route 0.0.0.0 0.0.0.0 209.168.233.111

Regards
 
Minue:

Thanks, your fix worked in this format. I also had to delete the line:

default-router 192.168.69.1
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top