I have added new router at an existing location and have not been able to get it working as of yet. We added the router due to switching from a T1 connection, to a Metro-E connection. This location is on the 172.16.4.0 network and I have configured VLAN 1 on this network. Eth 0/1 is on the 10.10.10.0 network because our existing Metro-E network is configured for that network. From VLAN 1 I can communicate to the eth 0/1 interface but not any device after it. From the eth 0/1 I can communicate to any device on the network but devices on the 172.16.4.0 network. Below is my configuration. Ask me any questions that may help.
interface eth 0/1
description Metro-E
ip address 10.10.10.4 255.255.255.0
ip flow ingress
ip flow egress
no shutdown
!
!
interface vlan 1
description LAN Uplink to Core Switch
ip address 172.16.4.1 255.255.255.0
ip flow ingress
ip flow egress
no shutdown
!
ip route 0.0.0.0 0.0.0.0 10.10.10.1
hcutechsupport:
Your interfaces have no access-policies on them. You would need to have an access list and policy class which allows the 172.16.4.0 network to be NAT'ed out of the 10.10.10.1 gateway. And have the corresponding access policies applied to the interfaces. Try something like this.
ip access-list standard NAT-ICS
permit any
!
ip access-list extended DEVICE
permit ip any any log
!
ip access-list extended MANAGE
permit <IP's you need to access device from outside>
!
ip policy-class Private
allow list DEVICE self
nat source list NAT-ICS interface eth 0/1 overload
!
ip policy-class Public
allow list MANAGE self
And then add the access policies to your interfaces
interface eth 0/1
description Metro-E
ip address 10.10.10.4 255.255.255.0
ip access-policy Public
ip flow ingress
ip flow egress
no shutdown
!
!
interface vlan 1
description LAN Uplink to Core Switch
ip address 172.16.4.1 255.255.255.0
ip access-policy Private
ip flow ingress
ip flow egress
no shutdown
I tried that but it did not seem to help, as I am still unable to ping out from 172.16.4.0
!
interface eth 0/1
description Metro E
ip address 10.10.10.4 255.255.255.0
ip access-policy Public
ip flow ingress
ip flow egress
no shutdown
!
interface vlan 1
description LAN Uplink to Core Switch
ip address 172.16.4.1 255.255.255.0
ip access-policy Private
ip flow ingress
ip flow egress
no shutdown
!
ip access-list standard NAT-ICS
remark NAT list NAT-ICS
permit any
!
!
ip access-list extended DEVICE
permit ip any any log
!
ip access-list extended MANAGE
permit ip 172.16.0.0 0.0.255.255 any
!
ip policy-class Private
allow list VPN-10-vpn-selectors stateless
allow list DEVICE self
nat source list NAT-ICS interface eth 0/1 overload policy Public
!
ip policy-class Public
allow reverse list VPN-10-vpn-selectors stateless
allow list MANAGE self
!
ip route 0.0.0.0 0.0.0.0 10.10.10.1