Step 3: TNSR IP Configuration

Use the following diagram to support the configuration to provide IP connectivity for the remote office.

TNSR remote office IP diagram

TNSR remote office IP diagram

There are two inside IP subnets: CORP89 and GUEST220.

  • TNSR provides DHCP service to both inside subnets, CORP89 and GUEST220, each using a DHCP address range of 100-199.

  • DNS on the CORP89 DHCP includes an internal DNS address for access to the intranet.

IP Assignments

Interface Name

IP Address

IP Gateway

NAT

WAN

192.168.0.53/24

192.168.0.1

External

CORP89

172.21.89.1/24

n/a

Internal

GUEST220

192.168.220.1/24

n/a

Internal

Configure Interface IP Addressing and NAT

Configuration for the interfaces includes setting the MTU and the IP address, enabling NAT, then the interfaces itself, as shown below:

# WAN interface
interface WAN
  mtu 1500
  ip address 192.168.0.53/24
  enable
  exit

# CORP89 interface
interface CORP89
  mtu 1500
  ip address 172.21.89.1/24
  enable
  exit

# GUEST220 interface
interface GUEST220
  mtu 1500
  ip address 192.168.220.1/24
  enable
  exit

vpf nat ruleset WAN-nat
  description NAT for WAN
  rule 1010
    description NAT from CORP89 prefix
    direction out
    dynamic
    algorithm ip-hash
    from ipv4-prefix 172.21.89.0/24
    nat-prefix 192.168.0.53/32
    exit

  rule 1020
    description NAT from GUEST220 prefix
    direction out
    dynamic
    algorithm ip-hash
    from ipv4-prefix 192.168.220.0/24
    nat-prefix 192.168.0.53/32
    exit
  exit

vpf options
  interface WAN nat-ruleset WAN-nat
  exit

Use show interface and show interface ip to inspect the status of the interfaces.

Configure DHCP Pools

Configure the DHCP server for both inside interfaces, CORP89 and GUEST220:

dhcp4 server
  interface listen CORP89
  subnet 172.21.89.0/24
    id 89
    pool 172.21.89.100-172.21.89.199
    exit
  interface CORP89
    option routers
      data 172.21.89.1
      exit
    option domain-name-server
      data 10.10.10.75,1.1.1.1
      exit
    exit
  # next DHCP for GUEST220
  interface listen GUEST220
  subnet 192.168.220.0/24
    id 220
    pool 192.168.220.100-192.168.220.199
    exit
  interface GUEST220
    option routers
      data 192.168.220.1
      exit
    option domain-name-server
      data 1.1.1.1,9.9.9.9
      exit
    exit
  exit
# enable the DHCP4 server
dhcp4 enable

Devices on the CORP89 and GUEST220 interfaces should now be able to pull an IP address from the TNSR DHCP server, and use the internet (via NAT.)

Configure IP Default Route

When using a static IP configuration on the WAN interface, it is necessary to add an IP Default Route.

route table default
  route 0.0.0.0/0
    next-hop 0 via 192.168.0.1
    exit
  exit

Devices on CORP89 and GUEST220 should now be able to ping the internet.