CiscoBeginner
Posts1Registration dateFriday November 1, 2024StatusMemberLast seenNovember 1, 2024
-
Updated on Nov 2, 2024 at 10:40 AM
Hello! An Internet modem is connected to the FastEthernet4 interface of the Cisco 881-SEC-K9 router, a VPN modem is connected to the FastEthernet1 interface, and an unmanaged LAN switch is connected to the FastEthernet0 interface. It is necessary to that the computer connected to the switch have the Internet and access certain resources via a VPN modem. The IP address of the Internet modem is 10.41.196.2 (DHCP is enabled on the modem), the VPN modem is 172.26.66.171. The Cisco configuration is as follows:
version 15.5
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname 881_Router
!
boot-start-marker
boot system flash:c880data-universalk9-mz.155-3.M10.bin
boot-end-marker
!
!
logging buffered 65536
enable secret 5 ******************************
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
ethernet lmi ce
memory-size iomem 10
clock timezone EET 3 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip port-map http port tcp from 1 to 65535 list 1
!
!
!
!
ip domain name *****************
ip inspect name CSM_INSPECT_1 http
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO881-SEC-K9 sn ***********
!
!
archive
log config
logging enable
logging size 200
hidekeys
object-group service RDP
tcp eq 3389
!
username Admin_bez privilege 15 secret 5 ******************************
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
description lan
switchport access vlan 20
no ip address
!
interface FastEthernet1
description vpn
switchport access vlan 30
no ip address
!
interface FastEthernet2
description lan
switchport access vlan 20
no ip address
!
interface FastEthernet3
description lan
switchport access vlan 20
no ip address
!
interface FastEthernet4
description WAN
ip address dhcp client-id FastEthernet4
ip nat outside
ip virtual-reassembly in
shutdown
duplex auto
speed auto
!
interface Vlan1
no ip address
no ip redirects
no ip proxy-arp
ip virtual-reassembly in
!
interface Vlan20
description lan
ip address 10.40.169.3 255.255.255.0
ip access-group Inbound in
ip access-group Outbound out
ip nat inside
ip virtual-reassembly in
!
interface Vlan30
description vpn
ip address 172.26.66.173 255.255.255.248
ip access-group Inbound in
ip nat outside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip dns server
ip nat inside source route-map RMAP_NAT_FastEthernet4 interface FastEthernet4 overload
ip route 10.96.16.0 255.255.255.0 172.26.66.169
ip route 10.128.217.12 255.255.255.255 172.26.66.169
ip route 10.254.11.31 255.255.255.255 172.26.66.169
ip route 81.30.80.63 255.255.255.255 172.26.66.169
ip route 172.26.0.0 255.255.0.0 172.26.66.169
ip route 172.30.1.242 255.255.255.255 172.26.66.169
ip route 192.168.110.0 255.255.255.0 172.26.66.169
ip route 192.168.120.0 255.255.255.0 172.26.66.169
ip route 192.168.144.0 255.255.240.0 172.26.66.169
ip route 192.168.201.0 255.255.255.0 172.26.66.169
ip route 0.0.0.0 0.0.0.0 dhcp
ip ssh version 2
!
ip access-list standard SNMP_ACCESS_RO
permit 10.96.16.2
ip access-list standard admin
permit 10.96.16.91
permit 10.96.16.32
permit 10.40.169.234
permit 10.40.169.115
deny any log
!
ip access-list extended ACL_NAT
permit ip 10.40.169.0 0.0.0.255 any
ip access-list extended Inbound
permit icmp any any
permit udp any any
permit tcp any any
ip access-list extended Outbound
permit icmp any any
permit udp any any
permit tcp any any
!
!
route-map RMAP_NAT_FastEthernet4 permit 10
match ip address ACL_NAT
match interface FastEthernet4
!
snmp-server community zabbix_mos_admin RO SNMP_ACL
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server host 10.96.16.2 version 2c zabbix_mos_admin
!
!
!
control-plane
!
!
line con 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
access-class admin in
exec-timeout 60 0
password 7 **********************
logging synchronous
transport input ssh
!
ntp source Vlan30
ntp update-calendar
ntp server 10.96.16.2
!
end
There is Internet on the computers of the local network. The IP address 172.26.66.173 of the Vlan30 port bound to the FastEthernet1 interface to which the VPN modem is connected is pinged from the LAN computer (if the mask of the additional IP address of the computer 172.26.66.177 is 255.255.255.248, if the mask is 255.255.255.0, then no). The IP addresses of the 172.266.66.XXX network and the IP addresses specified in the Cisco "ip route" commands are pinged from the Cisco console. But all these addresses are not pinged from the LAN computer, only 172.266.66.173 (Vlan30 address). I tried to enable routing on my computer:
Nothing has changed, the address 10.128.217.12 did not ping after that. Question: what should I do to make the IP addresses of the 172.26.66.xxx network and those specified in the "ip route" commands on Cisco "visible" from the computer? Windows / Chrome 130.0.0.0