I have a Cisco Router 1800 Series and im having some trouble with access for client pc’s behind that in a double nat setup
It sits behind a pfsense Router/Firewall that has the ip of 192.168.16.1. I have connected a client directly into the Cisco Router.
The Client can ping the outside interface 192.168.16.240 and the inside interface of 10.10.20.1 of the cisco router. The client pc gets a address from the DHCP pool from the cisco router.
The Client pc cannot contact the internet and cannot ping other host on the 192.168.16.0 network, witch the pfsense firewall/router handles.
The Cisco Router itself can ping things on the internet and the 192.168.16.0 network also from the 10.10.20.0 interface with the ip of 10.10.20.1. The 10.10.20.0 network are defined in vlan 1.
Allso the Pfsense with ip 192.168.16.1 can ping the outside interface of the Cisco Router with ip 192.168.16.240 and the inside interface of 10.10.20.1. The Pfsense has a static route to the 10.10.20.0 network with a gateway of 192.168.16.240. The pfsense cannot ping the Client PC behind the Cisco Router.
Can anyone see what is wrong with my conf ?
Current configuration : 1819 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1ND
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$Rx0C$eGYoDl0WYvOAWi2PqHypE/
enable password somestuff
!
no aaa new-model
!
!
dot11 syslog
no ip routing
!
!
no ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.20.1 10.10.20.10
!
ip dhcp pool dpool1
import all
network 10.10.20.0 255.255.255.0
default-router 10.10.20.1
dns-server 8.8.8.8 1.1.1.1
domain-name ndcisco
!
!
ip domain name noerdar.local
ip name-server 192.168.16.1
ip name-server 8.8.8.8
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
ip address 192.168.16.240 255.255.255.0
ip nat outside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
!
interface BRI0
no ip address
encapsulation hdlc
no ip route-cache
shutdown
!
interface FastEthernet1
!
interface FastEthernet2
switchport access vlan 20
shutdown
!
interface FastEthernet3
shutdown
!
interface FastEthernet4
shutdown
!
interface FastEthernet5
!
interface FastEthernet6
shutdown
!
interface FastEthernet7
shutdown
!
interface FastEthernet8
!
interface ATM0
no ip address
no ip route-cache
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface Vlan1
ip address 10.10.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
!
ip default-gateway 192.168.16.1
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip nat inside source list 100 interface FastEthernet0 overload
!
!
!
!
!
!
!
control-plane
!
!
line con 0
password somestuff
line aux 0
line vty 0 4
password somestuff
login
!
end
Hope someone can help me. I tried to define access-list 100 permit ip any any
but it does not help