|
|
|
|
|
|||||||
 |
General Help Related Topics - Cisco 837 ADSL router configuration help needed!! |
|
|
Thread Tools | Search this Thread |
09-08-2007, 12:21 AM
|
#1 |
Cisco 837 ADSL router configuration help needed!!
Hello guys;
I have a cisco 837 router trying to get it configured to work with my dsl provider. It connects and getting dsl sync I am having routing problem or firewall problem traffic is not getting routed. If any one can provide some basic config that will work , I greatly appreciate it. Here is the scenario; inside network : 10.1.4.0 Router address : 10.1.4.1 Static ip (ISP eg) 205.50.50.40 Gateway : 205.50.50.10 dns 1 : 205.50.40.10 dns 2 : 205.50.30.10 vpi/vci : 0/35 www port forwarding to : 10.1.4.4 1. I have tried with some sample config found on the net. It connects to isp, I can see the incoming traffic is getting denied by one of the acl rule (in the hyperterminal) 2. When I try to test the connection in SDM it fails at 'checking exiting interface' when sdm trying to ping the dsn server it fails there saying problem with exiting interface ? - I tried pinging through the hyperterminal and it does not ping - I tried pinging through SDM it does not. However there was a point where I was able to ping outside through hyperterminal, not through any internal host. So I was playing around with it and now even I cannot ping outside through hyperterminal, unfortunately I did not backup the config at the time I was able to ping. One more thing when I ping through any internal host, I can see in the hyperterminal log says denied by one of the rule. Thanks in advance. Roshan ======= Thanks for the reply... here is my config. sorry for the long list. =========== router#show config Using 5330 out of 131072 bytes ! version 12.3 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime localtime service timestamps log datetime localtime service password-encryption ! hostname router ! boot-start-marker boot-end-marker ! no logging buffered enable secret 5 $1$ycBw$tytreOW0eQGW3fSLAm.hNPKV990 enable password 7 021520320530A085E32444C081B1C ! no aaa new-model ip subnet-zero no ip source-route no ip routing ip domain name local ip name-server 206.10.10.10 ip name-server 206.10.20.10 ip dhcp excluded-address 10.1.4.1 10.1.4.100 ip dhcp excluded-address 10.1.4.1 ip dhcp excluded-address 10.1.4.1 10.1.4.120 ip dhcp excluded-address 10.1.4.254 ! ip dhcp pool dhcppool import all network 10.0.0.0 255.0.0.0 default-router 10.1.4.1 update arp ! ! no ip bootp server ip inspect name SDM_LOW cuseeme ip inspect name SDM_LOW ftp ip inspect name SDM_LOW h323 ip inspect name SDM_LOW icmp ip inspect name SDM_LOW netshow ip inspect name SDM_LOW rcmd ip inspect name SDM_LOW realaudio ip inspect name SDM_LOW rtsp ip inspect name SDM_LOW esmtp ip inspect name SDM_LOW sqlnet ip inspect name SDM_LOW streamworks ip inspect name SDM_LOW tftp ip inspect name SDM_LOW tcp ip inspect name SDM_LOW udp ip inspect name SDM_LOW vdolive ip inspect name firewall tcp ip inspect name firewall udp ip inspect name firewall cuseeme ip inspect name firewall h323 ip inspect name firewall rcmd ip inspect name firewall realaudio ip inspect name firewall streamworks ip inspect name firewall vdolive ip inspect name firewall sqlnet ip inspect name firewall tftp ip inspect name firewall ftp ip inspect name firewall icmp ip inspect name firewall sip ip inspect name firewall esmtp ip inspect name firewall fragment maximum 256 timeout 1 ip inspect name firewall netshow ip inspect name firewall rtsp ip inspect name firewall skinny ip inspect name Dialer_0 tcp ip inspect name Dialer_0 udp ip inspect name Dialer_0 cuseeme ip inspect name Dialer_0 ftp ip inspect name Dialer_0 h323 ip inspect name Dialer_0 rcmd ip inspect name Dialer_0 realaudio ip inspect name Dialer_0 streamworks ip inspect name Dialer_0 vdolive ip inspect name Dialer_0 sqlnet ip inspect name Dialer_0 tftp ip audit po max-events 100 ip audit name intrusion info action alarm ip audit name intrusion attack action alarm drop reset vpdn enable ! vpdn-group pptp ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 ! no ftp-server write-enable ! ! username xxxxx privilege 15 password 7 xxxxxx ! ! no crypto isakmp enable ! ! ! interface Loopback0 ip address 10.1.5.254 255.0.0.0 ! interface Ethernet0 description $ETH-LAN$$FW_INSIDE$ ip address 10.1.4.1 255.0.0.0 ip access-group 102 in ip nat inside no ip route-cache ip tcp adjust-mss 1412 hold-queue 100 out ! interface ATM0 no ip address no ip route-cache no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.2 point-to-point no ip route-cache pvc 0/35 oam-pvc manage pppoe-client dial-pool-number 1 ! ! interface Virtual-Template1 ip unnumbered Loopback0 peer default ip address pool pptp ppp encrypt mppe 40 ppp authentication ms-chap ! interface Dialer1 ip address x.x.x.x 255.255.255.0 ip access-group 101 in ip mtu 1452 ip nat outside ip inspect Dialer_0 out encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication pap callin ppp pap sent-username password 7 0258095F4F041E0019 ! ip local pool pptp 192.168.3.1 192.168.3.253 ip classless ip route 0.0.0.0 0.0.0.0 a.b.c.d (my isp gatway) ip route 0.0.0.0 0.0.0.0 Dialer1 ip route 0.0.0.0 0.0.0.0 ATM0 ip route 0.0.0.0 0.0.0.0 ATM0.2 ip route 0.0.0.0 0.0.0.0 Ethernet0 ip http server ip http authentication local ip http secure-server ip nat inside source list 1 interface Dialer0 overload ! ! ip access-list extended Temp remark SDM_ACL Category=1 permit tcp any any access-list 1 remark The local LAN. access-list 1 permit 10.1.4.0 0.0.0.255 access-list 2 remark Where management can be done from. access-list 2 permit 10.1.4.0 0.0.0.255 access-list 100 remark auto generated by SDM firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 103 remark auto generated by SDM firewall configuration access-list 103 remark SDM_ACL Category=1 access-list 103 deny ip 10.1.4.0 0.0.0.255 any access-list 103 permit icmp any any echo-reply access-list 103 permit icmp any any time-exceeded access-list 103 permit icmp any any unreachable access-list 103 deny ip 10.0.0.0 0.255.255.255 any access-list 103 deny ip 172.16.0.0 0.15.255.255 any access-list 103 deny ip 192.168.0.0 0.0.255.255 any access-list 103 deny ip 127.0.0.0 0.255.255.255 any access-list 103 deny ip host 255.255.255.255 any access-list 103 deny ip host 0.0.0.0 any access-list 103 deny ip any any log dialer-list 1 protocol ip permit ! control-plane ! ! line con 0 no modem enable transport preferred all transport output all line aux 0 transport preferred all transport output all line vty 0 4 access-class 1 in privilege level 15 password 7 152145536030D0A7B382C2A32373B login local transport preferred all transport input telnet ssh transport output none ! scheduler max-task-time 5000 ! end =============== Thanks again. azzaams Last edited by azzaams : 09-09-2007 at 05:25 AM. |
|
|
|
|
09-08-2007, 01:54 PM
|
#2 |
|
Junior Member
Join Date: Sep 2007
Posts: 1
|
please post your config - it would be much more helpful to troubleshoot.
jpaulhamus |
|
|
|
|
09-09-2007, 04:22 AM
|
#3 | |
|
Junior Member
Join Date: Sep 2007
Posts: 3
|
Quote:
Thanks for your reply jpaulhamus Here is the config from my router, My apology for the long config. because I tried this with sample configs. ============ router#show config Using 5330 out of 131072 bytes ! version 12.3 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime localtime service timestamps log datetime localtime service password-encryption ! hostname router ! boot-start-marker boot-end-marker ! no logging buffered enable secret 5 $1$ycBw$tytreOW0eQGW3fSLAm.hNPKV990 enable password 7 021520320530A085E32444C081B1C ! no aaa new-model ip subnet-zero no ip source-route no ip routing ip domain name local ip name-server 206.10.10.10 ip name-server 206.10.20.10 ip dhcp excluded-address 10.1.4.1 10.1.4.100 ip dhcp excluded-address 10.1.4.1 ip dhcp excluded-address 10.1.4.1 10.1.4.120 ip dhcp excluded-address 10.1.4.254 ! ip dhcp pool dhcppool import all network 10.0.0.0 255.0.0.0 default-router 10.1.4.1 update arp ! ! no ip bootp server ip inspect name SDM_LOW cuseeme ip inspect name SDM_LOW ftp ip inspect name SDM_LOW h323 ip inspect name SDM_LOW icmp ip inspect name SDM_LOW netshow ip inspect name SDM_LOW rcmd ip inspect name SDM_LOW realaudio ip inspect name SDM_LOW rtsp ip inspect name SDM_LOW esmtp ip inspect name SDM_LOW sqlnet ip inspect name SDM_LOW streamworks ip inspect name SDM_LOW tftp ip inspect name SDM_LOW tcp ip inspect name SDM_LOW udp ip inspect name SDM_LOW vdolive ip inspect name firewall tcp ip inspect name firewall udp ip inspect name firewall cuseeme ip inspect name firewall h323 ip inspect name firewall rcmd ip inspect name firewall realaudio ip inspect name firewall streamworks ip inspect name firewall vdolive ip inspect name firewall sqlnet ip inspect name firewall tftp ip inspect name firewall ftp ip inspect name firewall icmp ip inspect name firewall sip ip inspect name firewall esmtp ip inspect name firewall fragment maximum 256 timeout 1 ip inspect name firewall netshow ip inspect name firewall rtsp ip inspect name firewall skinny ip inspect name Dialer_0 tcp ip inspect name Dialer_0 udp ip inspect name Dialer_0 cuseeme ip inspect name Dialer_0 ftp ip inspect name Dialer_0 h323 ip inspect name Dialer_0 rcmd ip inspect name Dialer_0 realaudio ip inspect name Dialer_0 streamworks ip inspect name Dialer_0 vdolive ip inspect name Dialer_0 sqlnet ip inspect name Dialer_0 tftp ip audit po max-events 100 ip audit name intrusion info action alarm ip audit name intrusion attack action alarm drop reset vpdn enable ! vpdn-group pptp ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 ! no ftp-server write-enable ! ! username xxxxx privilege 15 password 7 xxxxxx ! ! no crypto isakmp enable ! ! ! interface Loopback0 ip address 10.1.5.254 255.0.0.0 ! interface Ethernet0 description $ETH-LAN$$FW_INSIDE$ ip address 10.1.4.1 255.0.0.0 ip access-group 102 in ip nat inside no ip route-cache ip tcp adjust-mss 1412 hold-queue 100 out ! interface ATM0 no ip address no ip route-cache no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.2 point-to-point no ip route-cache pvc 0/35 oam-pvc manage pppoe-client dial-pool-number 1 ! ! interface Virtual-Template1 ip unnumbered Loopback0 peer default ip address pool pptp ppp encrypt mppe 40 ppp authentication ms-chap ! interface Dialer1 ip address x.x.x.x 255.255.255.0 ip access-group 101 in ip mtu 1452 ip nat outside ip inspect Dialer_0 out encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication pap callin ppp pap sent-username password 7 0258095F4F041E0019 ! ip local pool pptp 192.168.3.1 192.168.3.253 ip classless ip route 0.0.0.0 0.0.0.0 a.b.c.d (my isp gatway) ip route 0.0.0.0 0.0.0.0 Dialer1 ip route 0.0.0.0 0.0.0.0 ATM0 ip route 0.0.0.0 0.0.0.0 ATM0.2 ip route 0.0.0.0 0.0.0.0 Ethernet0 ip http server ip http authentication local ip http secure-server ip nat inside source list 1 interface Dialer0 overload ! ! ip access-list extended Temp remark SDM_ACL Category=1 permit tcp any any access-list 1 remark The local LAN. access-list 1 permit 10.1.4.0 0.0.0.255 access-list 2 remark Where management can be done from. access-list 2 permit 10.1.4.0 0.0.0.255 access-list 100 remark auto generated by SDM firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 103 remark auto generated by SDM firewall configuration access-list 103 remark SDM_ACL Category=1 access-list 103 deny ip 10.1.4.0 0.0.0.255 any access-list 103 permit icmp any any echo-reply access-list 103 permit icmp any any time-exceeded access-list 103 permit icmp any any unreachable access-list 103 deny ip 10.0.0.0 0.255.255.255 any access-list 103 deny ip 172.16.0.0 0.15.255.255 any access-list 103 deny ip 192.168.0.0 0.0.255.255 any access-list 103 deny ip 127.0.0.0 0.255.255.255 any access-list 103 deny ip host 255.255.255.255 any access-list 103 deny ip host 0.0.0.0 any access-list 103 deny ip any any log dialer-list 1 protocol ip permit ! control-plane ! ! line con 0 no modem enable transport preferred all transport output all line aux 0 transport preferred all transport output all line vty 0 4 access-class 1 in privilege level 15 password 7 152145536030D0A7B382C2A32373B login local transport preferred all transport input telnet ssh transport output none ! scheduler max-task-time 5000 ! end =================================== Please have a look at the above config and help me on this issue. Many thanks in advance azzaams |
|
|
|
|
|
| Thread Tools | Search this Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Help needed in Router DNS configuration - Website not accessible from inside LAN | moiztankiwala | Hardware | 0 | 12-11-2008 10:16 PM |
| Cisco Router can't connect to internet t1 | pgmarcus | Hardware | 1 | 10-31-2008 07:58 PM |
| Cisco 877 ADSL problem connecting | gastonp50 | Hardware | 0 | 03-30-2008 11:50 AM |
| Cisco 1601 configuration | icefrost1 | Hardware | 1 | 01-07-2008 07:52 PM |
| Adsl Router > Dual Wan Load Balancing Router > 24 port Switch Hub | nazeth | Hardware | 0 | 03-28-2007 09:36 AM |
