Hello guys;
I have a cisco 837 router trying to get it configured to work with my dsl provider. It connects and getting dsl sync I am having routing problem or firewall problem traffic is not getting routed. If any one can provide some basic config that will work , I greatly appreciate it. Here is the scenario;
inside network : 10.1.4.0
Router address : 10.1.4.1
Static ip (ISP eg) 205.50.50.40
Gateway : 205.50.50.10
dns 1 : 205.50.40.10
dns 2 : 205.50.30.10
vpi/vci : 0/35
www port forwarding to : 10.1.4.4
1. I have tried with some sample config found on the net. It connects to isp, I can see the incoming traffic is getting denied by one of the acl rule (in the hyperterminal)
2. When I try to test the connection in SDM it fails at 'checking exiting interface' when sdm trying to ping the dsn server it fails there saying problem with exiting interface ?
- I tried pinging through the hyperterminal and it does not ping
- I tried pinging through SDM it does not.
However there was a point where I was able to ping outside through hyperterminal, not through any internal host. So I was playing around with it and now even I cannot ping outside through hyperterminal, unfortunately I did not backup the config at the time I was able to ping.
One more thing when I ping through any internal host, I can see in the hyperterminal log says denied by one of the rule.
Thanks in advance.
Roshan
=======
Thanks for the reply... here is my config. sorry for the long list.
===========
router#show config
Using 5330 out of 131072 bytes
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$ycBw$tytreOW0eQGW3fSLAm.hNPKV990
enable password 7 021520320530A085E32444C081B1C
!
no aaa new-model
ip subnet-zero
no ip source-route
no ip routing
ip domain name local
ip name-server 206.10.10.10
ip name-server 206.10.20.10
ip dhcp excluded-address 10.1.4.1 10.1.4.100
ip dhcp excluded-address 10.1.4.1
ip dhcp excluded-address 10.1.4.1 10.1.4.120
ip dhcp excluded-address 10.1.4.254
!
ip dhcp pool dhcppool
import all
network 10.0.0.0 255.0.0.0
default-router 10.1.4.1
update arp
!
!
no ip bootp server
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip inspect name firewall tcp
ip inspect name firewall udp
ip inspect name firewall cuseeme
ip inspect name firewall h323
ip inspect name firewall rcmd
ip inspect name firewall realaudio
ip inspect name firewall streamworks
ip inspect name firewall vdolive
ip inspect name firewall sqlnet
ip inspect name firewall tftp
ip inspect name firewall ftp
ip inspect name firewall icmp
ip inspect name firewall sip
ip inspect name firewall esmtp
ip inspect name firewall fragment maximum 256 timeout 1
ip inspect name firewall netshow
ip inspect name firewall rtsp
ip inspect name firewall skinny
ip inspect name Dialer_0 tcp
ip inspect name Dialer_0 udp
ip inspect name Dialer_0 cuseeme
ip inspect name Dialer_0 ftp
ip inspect name Dialer_0 h323
ip inspect name Dialer_0 rcmd
ip inspect name Dialer_0 realaudio
ip inspect name Dialer_0 streamworks
ip inspect name Dialer_0 vdolive
ip inspect name Dialer_0 sqlnet
ip inspect name Dialer_0 tftp
ip audit po max-events 100
ip audit name intrusion info action alarm
ip audit name intrusion attack action alarm drop reset
vpdn enable
!
vpdn-group pptp
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
no ftp-server write-enable
!
!
username xxxxx privilege 15 password 7 xxxxxx
!
!
no crypto isakmp enable
!
!
!
interface Loopback0
ip address 10.1.5.254 255.0.0.0
!
interface Ethernet0
description $ETH-LAN$$FW_INSIDE$
ip address 10.1.4.1 255.0.0.0
ip access-group 102 in
ip nat inside
no ip route-cache
ip tcp adjust-mss 1412
hold-queue 100 out
!
interface ATM0
no ip address
no ip route-cache
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.2 point-to-point
no ip route-cache
pvc 0/35
oam-pvc manage
pppoe-client dial-pool-number 1
!
!
interface Virtual-Template1
ip unnumbered Loopback0
peer default ip address pool pptp
ppp encrypt mppe 40
ppp authentication ms-chap
!
interface Dialer1
ip address x.x.x.x 255.255.255.0
ip access-group 101 in
ip mtu 1452
ip nat outside
ip inspect Dialer_0 out
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username
password 7 0258095F4F041E0019
!
ip local pool pptp 192.168.3.1 192.168.3.253
ip classless
ip route 0.0.0.0 0.0.0.0 a.b.c.d (my isp gatway)
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 0.0.0.0 0.0.0.0 ATM0
ip route 0.0.0.0 0.0.0.0 ATM0.2
ip route 0.0.0.0 0.0.0.0 Ethernet0
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
!
!
ip access-list extended Temp
remark SDM_ACL Category=1
permit tcp any any
access-list 1 remark The local LAN.
access-list 1 permit 10.1.4.0 0.0.0.255
access-list 2 remark Where management can be done from.
access-list 2 permit 10.1.4.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 deny ip 10.1.4.0 0.0.0.255 any
access-list 103 permit icmp any any echo-reply
access-list 103 permit icmp any any time-exceeded
access-list 103 permit icmp any any unreachable
access-list 103 deny ip 10.0.0.0 0.255.255.255 any
access-list 103 deny ip 172.16.0.0 0.15.255.255 any
access-list 103 deny ip 192.168.0.0 0.0.255.255 any
access-list 103 deny ip 127.0.0.0 0.255.255.255 any
access-list 103 deny ip host 255.255.255.255 any
access-list 103 deny ip host 0.0.0.0 any
access-list 103 deny ip any any log
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 1 in
privilege level 15
password 7 152145536030D0A7B382C2A32373B
login local
transport preferred all
transport input telnet ssh
transport output none
!
scheduler max-task-time 5000
!
end
===============
Thanks again.
Similar Threads
