[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Cisco 891 -  How to configure basic internet access

Posted on 2012-08-21
13
Medium Priority
?
7,021 Views
Last Modified: 2012-08-28
We have a CISCO 891 and the GUI does not appear to be working as intended so we have telneted into the device and were are trying to configure the router to connect to the internet.  We currently have the following set up.

DSL ---PIX---UNMANAGED SWITCH-----CISCO 891----DEVICES

The PIX is out gateway with .201.1 IP and all other DEVICES with have a 201.XXX IP.

Under config term what commands do I enter to get this basic config established?
0
Comment
Question by:rjwcpa
  • 5
  • 4
  • 4
13 Comments
 
LVL 5

Expert Comment

by:Honez
ID: 38316602
have you entered ip route 0.0.0.0 0.0.0.0 x.x.201.1

without seeing the entire config this is a shot in the dark.  IMO, you dont need the router between your devices and the PIX.  

If the 891 is a WAP just add it as a peer, and not a router between the network an the pix.
0
 

Author Comment

by:rjwcpa
ID: 38317109
The 891 was recommended so that we could do automatic port forwarding/triggering.  Below is a copy our current config.  Thank you in advance for the help.

ip source-route
ip dhcp excluded-address 10.10.10.1
ip cef
no ip domain lookup
ip domain name yourdomain.com
no ipv6 cef
multilink bundle-name authenticated
license udi pid CISCO891-K9 sn FCZ16xxxxxxx
username tssuser password 0 1xxxxxxx
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
interface FastEthernet5
interface FastEthernet6
interface FastEthernet7
interface FastEthernet8
 no ip address
 duplex auto
 speed auto
interface GigabitEthernet0
 ip address 192.168.201.215 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 duplex auto
 speed auto
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$
 ip address 10.10.10.1 255.255.255.0 secondary
 ip address 192.168.203.1 255.255.255.0
 ip tcp adjust-mss 1452
interface Async1
 no ip address
 encapsulation slip
ip default-gateway 192.168.201.1
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface GigabitEthernet0 overload
access-list 1 permit 192.168.201.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.7
no cdp run
control-plane
line con 0
 login local
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
scheduler max-task-time 5000
0
 
LVL 10

Expert Comment

by:djcanter
ID: 38317203
Until you bridge the dsl modem and put a public IP on the outside interface of the pix no port forwarding will work.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Expert Comment

by:Honez
ID: 38317213
This device is set up more like a gateway then a router.   So I am confused as to what it is you are really trying to accomplish.  You mentioned port forwarding, is that what you are really trying to get to?

Im sorry to ask so many questions, but before I recommend any action I would really like to understand the intended result.
0
 
LVL 10

Expert Comment

by:djcanter
ID: 38317217
I misread the config above, sorry i thought it was for the PIX.
0
 

Author Comment

by:rjwcpa
ID: 38317245
The purpose of the 891 is strictly for automatic port forwarding from inside the network.  It should not act as a gateway, only allow machines behind the 891 to access to internet thru our PIX (which is firewall & gateway).  Thanks.
0
 
LVL 10

Expert Comment

by:djcanter
ID: 38317270
in that case your nat source list is incorrect. It should be 192.168.203.0/24. and a dhcp server needs configured for this network segment.
0
 
LVL 5

Expert Comment

by:Honez
ID: 38317276
So far with the information given, I belive the PIX is sufficient.  Is the port forwarding for a specific server, or multiple servers?
0
 

Author Comment

by:rjwcpa
ID: 38317305
How do I configure the dhcp server for the network segment?

The port forwarding is for multiple servers that sit behind the 891.
0
 
LVL 10

Accepted Solution

by:
djcanter earned 1500 total points
ID: 38317369
Check the following. it provides some examples that should get you setup correctly.


http://www.networkstraining.com/basic-cisco-800-router-configuration-for-internet-access/
0
 
LVL 5

Expert Comment

by:Honez
ID: 38317681
how many public ip addresses do you have?
How many servers do you have?
0
 

Author Comment

by:rjwcpa
ID: 38340595
I followed the training guide and changed my configuration in the router.  I the 891 set up in the following network schema:

INTERNET-------CABLE MODEM/GATEWAY (192.168.0.1 Internal IP)---------CISCO 891------COMPUTERS

I have configured the gigabit WAN port with an IP address of 192.168.0.199.  I can telnet into the 891 from computers on the network that are not behind the Cisco 891.  Any computers connected to the Ethernet Ports 1-8 cannot ping the gateway, telnet to the Cisco 891 or connect to the internet.  I have currently have 1 computer behind the Cisco 891 with a static IP address of 192.168.0.95 connected to Ethernet Port 1.  What do I do to get this computer to have internet access.  See my current router config below:

version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname TSS891
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$/xxx$EYxxxxxxxxxxxxxxxxxxx.
!
no aaa new-model
!
!
!
!
crypto pki trustpoint TP-self-signed-1459994718
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1459994718
 revocation-check none
 rsakeypair TP-self-signed-1459994718
!
!
crypto pki certificate chain TP-self-signed-1459994718
 certificate self-signed 01 nvram:IOS-Self-Sig#5.cer
ip source-route
!
!
ip dhcp excluded-address 192.168.0.1 192.168.0.200
!
ip dhcp pool vlan1pool
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.1
   dns-server 192.168.0.1
!
!
ip cef
no ip domain lookup
ip domain name yourdomain.com
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO891-K9 sn FCZ1617C6KQ
!
!
username txxxxxx password 0 xxxxxxx
!
!
!
!
!
!
!
!
!
interface FastEthernet0
 !
!
interface FastEthernet1
 !
!
interface FastEthernet2
 !
!
interface FastEthernet3
 !
!
interface FastEthernet4
 !
!
interface FastEthernet5
 !
!
interface FastEthernet6
 !
!
interface FastEthernet7
 !
!
interface FastEthernet8
 no ip address
 duplex auto
 speed auto
 !
!
interface GigabitEthernet0
 ip address 192.168.0.199 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 duplex auto
 speed auto
 !
!
interface Async1
 no ip address
 encapsulation slip
 !
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface GigabitEthernet0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0
!
no cdp run

!
!
!
!
!
!
control-plane
 !
!
line con 0
 login local
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
0
 

Author Comment

by:rjwcpa
ID: 38342713
I closed this question and moved it to the following thread.  Any help would be greatly appreciated:

http://www.experts-exchange.com/Hardware/Networking_Hardware/Routers/Q_27845038.html
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question