Cisco 819 NAT Config
53 views
Skip to first unread message
Steve Jones
Nov 3, 2017, 5:15:20 PM11/3/17
to P25NX
I'm having an issue remoting into my Cisco and Pi through my cellular router. I've got 2 other repeaters with hard wired static connections and I don't have a problem accessing them remotely.
The good news is I do have a remote connection to my Console port so I'm able to make changes to the Cisco at least.
Any suggestions?
Here's my config:
!
aaa session-id common
clock timezone EST -5 0
clock summer-time EDT recurring
!
ip domain name p25nx.com
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip multicast-routing
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
chat-script lte "" "AT!CALL" TIMEOUT 20 "OK"
!
license udi pid C819G-4G-V-K9 sn FTX182585RV
!
archive
log config
hidekeys
!
controller Cellular 0
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key BA4841AF1D3FD327D83F6CF81D4CB address 0.0.0.0
!
crypto ipsec transform-set trans2 esp-des esp-md5-hmac
mode transport
!
crypto ipsec profile vpnprof
set transform-set trans2
!
stun peer-name 10.2.4.55
stun protocol-group 55 basic
stun remote-peer-keepalive
stun keepalive-count 2
!
interface Loopback0
ip address 10.2.4.55 255.255.255.255
ip pim sparse-mode
!
interface Tunnel1
bandwidth 1000
ip address 172.21.4.55 255.255.240.0
no ip redirects
ip mtu 1400
ip pim nbma-mode
ip pim sparse-mode
ip nhrp authentication p25nx
ip nhrp map 172.21.1.1 44.98.249.177
ip nhrp map multicast 44.98.249.177
ip nhrp network-id 100001
ip nhrp holdtime 600
ip nhrp nhs 172.21.1.1
ip tcp adjust-mss 1350
ip ospf network broadcast
ip ospf priority 0
delay 1000
tunnel source Cellular0
tunnel mode gre multipoint
tunnel key 100001
tunnel protection ipsec profile vpnprof shared
!
interface Cellular0
description outside interface
ip address negotiated
ip pim sparse-mode
ip nat outside
ip virtual-reassembly in
encapsulation slip
dialer in-band
dialer string lte
dialer-group 1
!
interface GigabitEthernet0
ip address 172.31.4.37 255.255.255.252
ip pim sparse-mode
ip nat inside
ip virtual-reassembly in
ip igmp query-interval 125
duplex auto
speed auto
!
interface Serial0
mtu 2104
no ip address
encapsulation stun
clock rate 9600
stun group 55
stun route all tcp 172.31.4.38
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
network 10.2.4.55 0.0.0.0 area 0
network 172.21.4.55 0.0.0.0 area 0
network 172.31.4.36 0.0.0.3 area 0
maximum-paths 1
!
no ip forward-protocol nd
ip http server
no ip http secure-server
!
ip pim bidir-enable
ip pim spt-threshold infinity
ip nat inside source list NAT interface Cellular0 overload
ip nat inside source static tcp 172.31.4.38 22 interface Cellular0 2222
ip nat inside source static tcp 172.31.4.38 8080 interface Cellular0 8080
ip route 0.0.0.0 0.0.0.0 Cellular0
!
ip access-list standard NAT
permit 172.31.4.36 0.0.0.3
permit 172.31.0.0 0.0.255.255
!
dialer-list 1 protocol ip permit
!
snmp-server community p25nx RO
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
line con 0
password 7 0837491D111F
logging synchronous
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line 3
script dialer lte
no exec
rxspeed 100000000
txspeed 50000000
line vty 0 4
password 7 044D0E551727
transport input ssh
!
scheduler allocate 20000 1000
ntp server 129.6.15.28
ntp server 129.6.15.29
!
end
The good news is I do have a remote connection to my Console port so I'm able to make changes to the Cisco at least.
Any suggestions?
Here's my config:
!
aaa session-id common
clock timezone EST -5 0
clock summer-time EDT recurring
!
ip domain name p25nx.com
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip multicast-routing
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
chat-script lte "" "AT!CALL" TIMEOUT 20 "OK"
!
license udi pid C819G-4G-V-K9 sn FTX182585RV
!
archive
log config
hidekeys
!
controller Cellular 0
!
crypto isakmp policy 1
authentication pre-share
crypto isakmp key BA4841AF1D3FD327D83F6CF81D4CB address 0.0.0.0
!
crypto ipsec transform-set trans2 esp-des esp-md5-hmac
mode transport
!
crypto ipsec profile vpnprof
set transform-set trans2
!
stun peer-name 10.2.4.55
stun protocol-group 55 basic
stun remote-peer-keepalive
stun keepalive-count 2
!
interface Loopback0
ip address 10.2.4.55 255.255.255.255
ip pim sparse-mode
!
interface Tunnel1
bandwidth 1000
ip address 172.21.4.55 255.255.240.0
no ip redirects
ip mtu 1400
ip pim nbma-mode
ip pim sparse-mode
ip nhrp authentication p25nx
ip nhrp map 172.21.1.1 44.98.249.177
ip nhrp map multicast 44.98.249.177
ip nhrp network-id 100001
ip nhrp holdtime 600
ip nhrp nhs 172.21.1.1
ip tcp adjust-mss 1350
ip ospf network broadcast
ip ospf priority 0
delay 1000
tunnel source Cellular0
tunnel mode gre multipoint
tunnel key 100001
tunnel protection ipsec profile vpnprof shared
!
interface Cellular0
description outside interface
ip address negotiated
ip pim sparse-mode
ip nat outside
ip virtual-reassembly in
encapsulation slip
dialer in-band
dialer string lte
dialer-group 1
!
interface GigabitEthernet0
ip address 172.31.4.37 255.255.255.252
ip pim sparse-mode
ip nat inside
ip virtual-reassembly in
ip igmp query-interval 125
duplex auto
speed auto
!
interface Serial0
mtu 2104
no ip address
encapsulation stun
clock rate 9600
stun group 55
stun route all tcp 172.31.4.38
!
interface Vlan1
no ip address
shutdown
!
router ospf 1
network 10.2.4.55 0.0.0.0 area 0
network 172.21.4.55 0.0.0.0 area 0
network 172.31.4.36 0.0.0.3 area 0
maximum-paths 1
!
no ip forward-protocol nd
ip http server
no ip http secure-server
!
ip pim bidir-enable
ip pim spt-threshold infinity
ip nat inside source list NAT interface Cellular0 overload
ip nat inside source static tcp 172.31.4.38 22 interface Cellular0 2222
ip nat inside source static tcp 172.31.4.38 8080 interface Cellular0 8080
ip route 0.0.0.0 0.0.0.0 Cellular0
!
ip access-list standard NAT
permit 172.31.4.36 0.0.0.3
permit 172.31.0.0 0.0.255.255
!
dialer-list 1 protocol ip permit
!
snmp-server community p25nx RO
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
line con 0
password 7 0837491D111F
logging synchronous
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line 3
script dialer lte
no exec
rxspeed 100000000
txspeed 50000000
line vty 0 4
password 7 044D0E551727
transport input ssh
!
scheduler allocate 20000 1000
ntp server 129.6.15.28
ntp server 129.6.15.29
!
end
Reply all
Reply to author
Forward
0 new messages