Cisco 837 ADSL router configuration help needed!!

Discussion in 'General Computer Support' started by azzaams, Sep 8, 2007.

  1. azzaams

    azzaams

    Joined:
    Sep 6, 2007
    Messages:
    2
    Hello guys;

    I have a cisco 837 router trying to get it configured to work with my dsl provider. It connects and getting dsl sync I am having routing problem or firewall problem traffic is not getting routed. If any one can provide some basic config that will work , I greatly appreciate it. Here is the scenario;

    inside network : 10.1.4.0
    Router address : 10.1.4.1

    Static ip (ISP eg) 205.50.50.40
    Gateway : 205.50.50.10
    dns 1 : 205.50.40.10
    dns 2 : 205.50.30.10

    vpi/vci : 0/35

    www port forwarding to : 10.1.4.4

    1. I have tried with some sample config found on the net. It connects to isp, I can see the incoming traffic is getting denied by one of the acl rule (in the hyperterminal)

    2. When I try to test the connection in SDM it fails at 'checking exiting interface' when sdm trying to ping the dsn server it fails there saying problem with exiting interface ?

    - I tried pinging through the hyperterminal and it does not ping
    - I tried pinging through SDM it does not.
    However there was a point where I was able to ping outside through hyperterminal, not through any internal host. So I was playing around with it and now even I cannot ping outside through hyperterminal, unfortunately I did not backup the config at the time I was able to ping.

    One more thing when I ping through any internal host, I can see in the hyperterminal log says denied by one of the rule.
    Thanks in advance.
    Roshan

    =======
    Thanks for the reply... here is my config. sorry for the long list.
    ===========
    router#show config
    Using 5330 out of 131072 bytes
    !
    version 12.3
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime localtime
    service timestamps log datetime localtime
    service password-encryption
    !
    hostname router
    !
    boot-start-marker
    boot-end-marker
    !
    no logging buffered
    enable secret 5 $1$ycBw$tytreOW0eQGW3fSLAm.hNPKV990
    enable password 7 021520320530A085E32444C081B1C
    !
    no aaa new-model
    ip subnet-zero
    no ip source-route
    no ip routing
    ip domain name local
    ip name-server 206.10.10.10
    ip name-server 206.10.20.10
    ip dhcp excluded-address 10.1.4.1 10.1.4.100
    ip dhcp excluded-address 10.1.4.1
    ip dhcp excluded-address 10.1.4.1 10.1.4.120
    ip dhcp excluded-address 10.1.4.254
    !
    ip dhcp pool dhcppool
    import all
    network 10.0.0.0 255.0.0.0
    default-router 10.1.4.1
    update arp
    !
    !
    no ip bootp server
    ip inspect name SDM_LOW cuseeme
    ip inspect name SDM_LOW ftp
    ip inspect name SDM_LOW h323
    ip inspect name SDM_LOW icmp
    ip inspect name SDM_LOW netshow
    ip inspect name SDM_LOW rcmd
    ip inspect name SDM_LOW realaudio
    ip inspect name SDM_LOW rtsp
    ip inspect name SDM_LOW esmtp
    ip inspect name SDM_LOW sqlnet
    ip inspect name SDM_LOW streamworks
    ip inspect name SDM_LOW tftp
    ip inspect name SDM_LOW tcp
    ip inspect name SDM_LOW udp
    ip inspect name SDM_LOW vdolive
    ip inspect name firewall tcp
    ip inspect name firewall udp
    ip inspect name firewall cuseeme
    ip inspect name firewall h323
    ip inspect name firewall rcmd
    ip inspect name firewall realaudio
    ip inspect name firewall streamworks
    ip inspect name firewall vdolive
    ip inspect name firewall sqlnet
    ip inspect name firewall tftp
    ip inspect name firewall ftp
    ip inspect name firewall icmp
    ip inspect name firewall sip
    ip inspect name firewall esmtp
    ip inspect name firewall fragment maximum 256 timeout 1
    ip inspect name firewall netshow
    ip inspect name firewall rtsp
    ip inspect name firewall skinny
    ip inspect name Dialer_0 tcp
    ip inspect name Dialer_0 udp
    ip inspect name Dialer_0 cuseeme
    ip inspect name Dialer_0 ftp
    ip inspect name Dialer_0 h323
    ip inspect name Dialer_0 rcmd
    ip inspect name Dialer_0 realaudio
    ip inspect name Dialer_0 streamworks
    ip inspect name Dialer_0 vdolive
    ip inspect name Dialer_0 sqlnet
    ip inspect name Dialer_0 tftp
    ip audit po max-events 100
    ip audit name intrusion info action alarm
    ip audit name intrusion attack action alarm drop reset
    vpdn enable
    !
    vpdn-group pptp
    ! Default PPTP VPDN group
    accept-dialin
    protocol pptp
    virtual-template 1
    !
    no ftp-server write-enable
    !
    !
    username xxxxx privilege 15 password 7 xxxxxx
    !
    !
    no crypto isakmp enable
    !
    !
    !
    interface Loopback0
    ip address 10.1.5.254 255.0.0.0
    !
    interface Ethernet0
    description $ETH-LAN$$FW_INSIDE$
    ip address 10.1.4.1 255.0.0.0
    ip access-group 102 in
    ip nat inside
    no ip route-cache
    ip tcp adjust-mss 1412
    hold-queue 100 out
    !
    interface ATM0
    no ip address
    no ip route-cache
    no atm ilmi-keepalive
    dsl operating-mode auto
    !
    interface ATM0.2 point-to-point
    no ip route-cache
    pvc 0/35
    oam-pvc manage
    pppoe-client dial-pool-number 1
    !
    !
    interface Virtual-Template1
    ip unnumbered Loopback0
    peer default ip address pool pptp
    ppp encrypt mppe 40
    ppp authentication ms-chap
    !
    interface Dialer1
    ip address x.x.x.x 255.255.255.0
    ip access-group 101 in
    ip mtu 1452
    ip nat outside
    ip inspect Dialer_0 out
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    ppp authentication pap callin
    ppp pap sent-username abc@abc.com password 7 0258095F4F041E0019
    !
    ip local pool pptp 192.168.3.1 192.168.3.253
    ip classless
    ip route 0.0.0.0 0.0.0.0 a.b.c.d (my isp gatway)
    ip route 0.0.0.0 0.0.0.0 Dialer1
    ip route 0.0.0.0 0.0.0.0 ATM0
    ip route 0.0.0.0 0.0.0.0 ATM0.2
    ip route 0.0.0.0 0.0.0.0 Ethernet0
    ip http server
    ip http authentication local
    ip http secure-server
    ip nat inside source list 1 interface Dialer0 overload
    !
    !
    ip access-list extended Temp
    remark SDM_ACL Category=1
    permit tcp any any
    access-list 1 remark The local LAN.
    access-list 1 permit 10.1.4.0 0.0.0.255
    access-list 2 remark Where management can be done from.
    access-list 2 permit 10.1.4.0 0.0.0.255
    access-list 100 remark auto generated by SDM firewall configuration
    access-list 100 remark SDM_ACL Category=1
    access-list 100 deny ip host 255.255.255.255 any
    access-list 100 deny ip 127.0.0.0 0.255.255.255 any
    access-list 100 permit ip any any
    access-list 103 remark auto generated by SDM firewall configuration
    access-list 103 remark SDM_ACL Category=1
    access-list 103 deny ip 10.1.4.0 0.0.0.255 any
    access-list 103 permit icmp any any echo-reply
    access-list 103 permit icmp any any time-exceeded
    access-list 103 permit icmp any any unreachable
    access-list 103 deny ip 10.0.0.0 0.255.255.255 any
    access-list 103 deny ip 172.16.0.0 0.15.255.255 any
    access-list 103 deny ip 192.168.0.0 0.0.255.255 any
    access-list 103 deny ip 127.0.0.0 0.255.255.255 any
    access-list 103 deny ip host 255.255.255.255 any
    access-list 103 deny ip host 0.0.0.0 any
    access-list 103 deny ip any any log
    dialer-list 1 protocol ip permit
    !
    control-plane
    !
    !
    line con 0
    no modem enable
    transport preferred all
    transport output all
    line aux 0
    transport preferred all
    transport output all
    line vty 0 4
    access-class 1 in
    privilege level 15
    password 7 152145536030D0A7B382C2A32373B
    login local
    transport preferred all
    transport input telnet ssh
    transport output none
    !
    scheduler max-task-time 5000
    !
    end
    ===============
    Thanks again.
     
    Last edited: Sep 9, 2007
    azzaams, Sep 8, 2007
    #1
    1. Advertising

  2. azzaams

    jpaulhamus

    Joined:
    Sep 8, 2007
    Messages:
    1
    please post your config - it would be much more helpful to troubleshoot.
     
    jpaulhamus, Sep 8, 2007
    #2
    1. Advertising

  3. azzaams

    azzaams

    Joined:
    Sep 6, 2007
    Messages:
    2
    Thanks for your reply jpaulhamus

    Here is the config from my router, My apology for the long config. because I tried this with sample configs.

    ============

    router#show config
    Using 5330 out of 131072 bytes
    !
    version 12.3
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime localtime
    service timestamps log datetime localtime
    service password-encryption
    !
    hostname router
    !
    boot-start-marker
    boot-end-marker
    !
    no logging buffered
    enable secret 5 $1$ycBw$tytreOW0eQGW3fSLAm.hNPKV990
    enable password 7 021520320530A085E32444C081B1C
    !
    no aaa new-model
    ip subnet-zero
    no ip source-route
    no ip routing
    ip domain name local
    ip name-server 206.10.10.10
    ip name-server 206.10.20.10
    ip dhcp excluded-address 10.1.4.1 10.1.4.100
    ip dhcp excluded-address 10.1.4.1
    ip dhcp excluded-address 10.1.4.1 10.1.4.120
    ip dhcp excluded-address 10.1.4.254
    !
    ip dhcp pool dhcppool
    import all
    network 10.0.0.0 255.0.0.0
    default-router 10.1.4.1
    update arp
    !
    !
    no ip bootp server
    ip inspect name SDM_LOW cuseeme
    ip inspect name SDM_LOW ftp
    ip inspect name SDM_LOW h323
    ip inspect name SDM_LOW icmp
    ip inspect name SDM_LOW netshow
    ip inspect name SDM_LOW rcmd
    ip inspect name SDM_LOW realaudio
    ip inspect name SDM_LOW rtsp
    ip inspect name SDM_LOW esmtp
    ip inspect name SDM_LOW sqlnet
    ip inspect name SDM_LOW streamworks
    ip inspect name SDM_LOW tftp
    ip inspect name SDM_LOW tcp
    ip inspect name SDM_LOW udp
    ip inspect name SDM_LOW vdolive
    ip inspect name firewall tcp
    ip inspect name firewall udp
    ip inspect name firewall cuseeme
    ip inspect name firewall h323
    ip inspect name firewall rcmd
    ip inspect name firewall realaudio
    ip inspect name firewall streamworks
    ip inspect name firewall vdolive
    ip inspect name firewall sqlnet
    ip inspect name firewall tftp
    ip inspect name firewall ftp
    ip inspect name firewall icmp
    ip inspect name firewall sip
    ip inspect name firewall esmtp
    ip inspect name firewall fragment maximum 256 timeout 1
    ip inspect name firewall netshow
    ip inspect name firewall rtsp
    ip inspect name firewall skinny
    ip inspect name Dialer_0 tcp
    ip inspect name Dialer_0 udp
    ip inspect name Dialer_0 cuseeme
    ip inspect name Dialer_0 ftp
    ip inspect name Dialer_0 h323
    ip inspect name Dialer_0 rcmd
    ip inspect name Dialer_0 realaudio
    ip inspect name Dialer_0 streamworks
    ip inspect name Dialer_0 vdolive
    ip inspect name Dialer_0 sqlnet
    ip inspect name Dialer_0 tftp
    ip audit po max-events 100
    ip audit name intrusion info action alarm
    ip audit name intrusion attack action alarm drop reset
    vpdn enable
    !
    vpdn-group pptp
    ! Default PPTP VPDN group
    accept-dialin
    protocol pptp
    virtual-template 1
    !
    no ftp-server write-enable
    !
    !
    username xxxxx privilege 15 password 7 xxxxxx
    !
    !
    no crypto isakmp enable
    !
    !
    !
    interface Loopback0
    ip address 10.1.5.254 255.0.0.0
    !
    interface Ethernet0
    description $ETH-LAN$$FW_INSIDE$
    ip address 10.1.4.1 255.0.0.0
    ip access-group 102 in
    ip nat inside
    no ip route-cache
    ip tcp adjust-mss 1412
    hold-queue 100 out
    !
    interface ATM0
    no ip address
    no ip route-cache
    no atm ilmi-keepalive
    dsl operating-mode auto
    !
    interface ATM0.2 point-to-point
    no ip route-cache
    pvc 0/35
    oam-pvc manage
    pppoe-client dial-pool-number 1
    !
    !
    interface Virtual-Template1
    ip unnumbered Loopback0
    peer default ip address pool pptp
    ppp encrypt mppe 40
    ppp authentication ms-chap
    !
    interface Dialer1
    ip address x.x.x.x 255.255.255.0
    ip access-group 101 in
    ip mtu 1452
    ip nat outside
    ip inspect Dialer_0 out
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    ppp authentication pap callin
    ppp pap sent-username abc@abc.com password 7 0258095F4F041E0019
    !
    ip local pool pptp 192.168.3.1 192.168.3.253
    ip classless
    ip route 0.0.0.0 0.0.0.0 a.b.c.d (my isp gatway)
    ip route 0.0.0.0 0.0.0.0 Dialer1
    ip route 0.0.0.0 0.0.0.0 ATM0
    ip route 0.0.0.0 0.0.0.0 ATM0.2
    ip route 0.0.0.0 0.0.0.0 Ethernet0
    ip http server
    ip http authentication local
    ip http secure-server
    ip nat inside source list 1 interface Dialer0 overload
    !
    !
    ip access-list extended Temp
    remark SDM_ACL Category=1
    permit tcp any any
    access-list 1 remark The local LAN.
    access-list 1 permit 10.1.4.0 0.0.0.255
    access-list 2 remark Where management can be done from.
    access-list 2 permit 10.1.4.0 0.0.0.255
    access-list 100 remark auto generated by SDM firewall configuration
    access-list 100 remark SDM_ACL Category=1
    access-list 100 deny ip host 255.255.255.255 any
    access-list 100 deny ip 127.0.0.0 0.255.255.255 any
    access-list 100 permit ip any any
    access-list 103 remark auto generated by SDM firewall configuration
    access-list 103 remark SDM_ACL Category=1
    access-list 103 deny ip 10.1.4.0 0.0.0.255 any
    access-list 103 permit icmp any any echo-reply
    access-list 103 permit icmp any any time-exceeded
    access-list 103 permit icmp any any unreachable
    access-list 103 deny ip 10.0.0.0 0.255.255.255 any
    access-list 103 deny ip 172.16.0.0 0.15.255.255 any
    access-list 103 deny ip 192.168.0.0 0.0.255.255 any
    access-list 103 deny ip 127.0.0.0 0.255.255.255 any
    access-list 103 deny ip host 255.255.255.255 any
    access-list 103 deny ip host 0.0.0.0 any
    access-list 103 deny ip any any log
    dialer-list 1 protocol ip permit
    !
    control-plane
    !
    !
    line con 0
    no modem enable
    transport preferred all
    transport output all
    line aux 0
    transport preferred all
    transport output all
    line vty 0 4
    access-class 1 in
    privilege level 15
    password 7 152145536030D0A7B382C2A32373B
    login local
    transport preferred all
    transport input telnet ssh
    transport output none
    !
    scheduler max-task-time 5000
    !
    end
    ===================================

    Please have a look at the above config and help me on this issue. Many thanks in advance
     
    azzaams, Sep 9, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Suppa Lamah
    Replies:
    8
    Views:
    1,680
  2. paul_tomlin@hotmail.com

    837 ADSL Router No NAT Configuration

    paul_tomlin@hotmail.com, Nov 10, 2005, in forum: Cisco
    Replies:
    3
    Views:
    5,843
    paul_tomlin@hotmail.com
    Nov 16, 2005
  3. lyvicro@hotmail.com
    Replies:
    4
    Views:
    4,247
    lyvicro@hotmail.com
    Dec 15, 2005
  4. HUDSON
    Replies:
    4
    Views:
    3,471
    Martin Kayes
    Apr 4, 2006
  5. Jason
    Replies:
    3
    Views:
    2,118
    Jason
    Dec 21, 2008
Loading...

Share This Page