Cisco 871W.
Commands from the IOS command line to reach the outside world fail. Be it PING, Traceroute telnet etc. Hosts that connect to the internet via this router are able to perform those functions.
Commands to talk to the LAN work fine. The LAN machines I talk to are on VLAN10.
The architecture:
FA0/4 is the port to the ADSL modem (dial pool 1)
Dialer 1 interface Dialer1 description PPPoE to Modem ip address negotiated ip access-group ACLinbound in ip mtu 1492 ip nat outside ip virtual-reassembly encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer idle-timeout 0 dialer enable-timeout 10 dialer persistent no cdp enable ppp authentication pap callin ppp pap sent-username snipped-for-privacy@disney.org password 0 mickey.mouse end
BVI 10 has:
bridge irb bridge 10 protocol ieee bridge 10 route ip ! interface BVI 10 ip address 10.0.0.2 255.255.0.0 ip nat inside ip virtual-reassembly no shutdown
From the console (the serial port or a telnet session into the router), I can telnet to a local host and confirm that the console uses the
10.0.0.2 IP address of the router (and obviously is in the VLAN 10 as it can reach the LAN machines in that vlan).If I remove the "IP NAT INSIDE" from the BVI 10 interface, then the commands (traceroute etc) work fine from IOS CLI, but not from computers attached to that router.
The console lines are defined as: line con 0 exec-timeout 0 0 no modem enable terminal-type VT300 exec-character-bits 8 databits 8 stopbits 1 length 0 international flowcontrol software line aux 0 line vty 0 4 access-class 23 in privilege level 15 terminal-type vt300 exec-character-bits 8 length 0 international transport input telnet ssh
Do I need to add something to the con and vty definitions to cause them to get properly natted when doing commands that reach out to the internet ?