Tip

This is the documentation for the 24.06 version. Looking for the documentation of the latest version? Have a look here.

Step 3: TNSR IP Configuration

Use the following diagram to support the configuration to provide IP connectivity for the remote office.

TNSR remote office IP diagram

TNSR remote office IP diagram

There are two inside IP subnets: CORP89 and GUEST220.

  • TNSR provides DHCP service to both inside subnets, CORP89 and GUEST220, each using a DHCP address range of 100-199.

  • DNS on the CORP89 DHCP includes an internal DNS address for access to the intranet.

IP Assignments

Interface Name

IP Address

IP Gateway

NAT

WAN

192.168.0.53/24

192.168.0.1

WAN/pool

CORP89

172.21.89.1/24

n/a

inside

GUEST220

192.168.220.1/24

n/a

inside

Configure Interface IP Addressing and NAT

Configuration for the interfaces includes setting the MTU and the IP address, enabling NAT, then the interfaces itself, as shown below:

# NAT global options must come first
nat global-options nat44 forwarding true
nat global-options nat44 endpoint-dependent true
nat global-options nat44 enabled true

# WAN interface
interface WAN
  mtu 1500
  ip address 192.168.0.53/24
  ip nat outside
  enable
  exit
#
# CORP89 interface
interface CORP89
  mtu 1500
  ip address 172.21.89.1/24
  ip nat inside
  enable
  exit
#
# GUEST220 interface
interface GUEST220
  mtu 1500
  ip address 192.168.220.1/24
  ip nat inside
  enable
  exit
#
# enable WAN interface IP as NAT pool (PAT)
nat pool interface WAN

Use show interface and show interface ip to inspect the status of the interfaces.

Configure DHCP Pools

Configure the DHCP server for both inside interfaces, CORP89 and GUEST220:

dhcp4 server
  interface listen CORP89
  subnet 172.21.89.0/24
    pool 172.21.89.100-172.21.89.199
    exit
  interface CORP89
    option routers
      data 172.21.89.1
      exit
    option domain-name-server
      data 10.10.10.75,1.1.1.1
      exit
    exit
  # next DHCP for GUEST220
  interface listen GUEST220
  subnet 192.168.220.0/24
    pool 192.168.220.100-192.168.220.199
    exit
  interface GUEST220
    option routers
      data 192.168.220.1
      exit
    option domain-name-server
      data 1.1.1.1,9.9.9.9
      exit
    exit
  exit
# enable the DHCP4 server
dhcp4 enable

Devices on the CORP89 and GUEST220 interfaces should now be able to pull an IP address from the TNSR DHCP server, and use the internet (via NAT.)

Configure IP Default Route

When using a static IP configuration on the WAN interface, it is necessary to add an IP Default Route.

route table default
  route 0.0.0.0/0
    next-hop 0 via 192.168.0.1
    exit
  exit

Devices on CORP89 and GUEST220 should now be able to ping the internet.