Configuration Check

Discussion in 'Cisco' started by Kevin, Oct 27, 2003.

  1. Kevin

    Kevin Guest

    My company paid a consultant to configure a router (Cisco 17xx) at one
    of our branch offices for DSL. Everything worked well, except
    external access to the servers on the inside of the router. The
    consultant knew about our issue for about 8-10 weeks and could never
    solve it. I stumbled on the solution by going through the
    configuration line-by-line and trying to understand what he was doing.
    Here is the configuration that the consultant setup (with the names
    changed to protect the innocent, of course) :

    Using 2353 out of 29688 bytes
    !
    version 12.2
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname XXXXXXXX
    !
    enable secret 5 XXXXXXXXXX
    !
    username XXXXXXXX password 0 XXXXXXXX
    username XXXXXXXX password 0 XXXXXXXX
    username XXXXXXXX password 0 XXXXXXXX
    username XXXXXXXX password 0 XXXXXXXX
    memory-size iomem 25
    ip subnet-zero
    !
    !
    ip domain name XXXXXXXX.com
    ip dhcp excluded-address 192.168.1.1
    ip dhcp excluded-address 192.168.1.2
    !
    ip dhcp pool localdhcp
    network 192.168.1.0 255.255.255.0
    default-router 192.168.1.1
    dns-server XXX.XXX.XXX.254 XXX.XXX.XXX.235
    !
    vpdn enable
    vpdn logging
    !
    vpdn-group pppoe
    request-dialin
    protocol pppoe
    !
    !
    !
    !
    !
    !
    interface ATM0
    no ip address
    no atm ilmi-keepalive
    bundle-enable
    dsl operating-mode auto
    !
    interface ATM0.1 point-to-point
    pvc 8/35
    pppoe-client dial-pool-number 1
    !
    !
    interface Ethernet0
    no ip address
    ip nat inside
    shutdown
    full-duplex
    !
    interface FastEthernet0
    ip address 192.168.1.1 255.255.255.0
    ip nat inside
    speed auto
    !
    interface Dialer1
    mtu 1492
    ip address negotiated
    ip nat outside
    encapsulation ppp
    dialer pool 1
    ppp chap hostname
    ppp chap password 0 XXXXXXXX
    ppp pap sent-username password 0 XXXXXXXX
    !
    ip nat inside source list 1 interface Dialer1 overload
    ip nat inside source static tcp 192.168.1.6 4899 XX.XXX.XXX.XXX 4899
    extendable
    ip nat inside source static tcp 192.168.1.6 1723 XX.XXX.XXX.XXX 1723
    extendable
    ip nat inside source static tcp 192.168.1.9 80 XX.XXX.XXX.XXX 80
    extendable
    ip nat inside source static tcp 192.168.1.72 81 XX.XXX.XXX.XXX 81
    extendable
    ip nat inside source static tcp 192.168.1.107 5800 XX.XXX.XXX.XXX 5800
    extendable
    ip nat inside source static tcp 192.168.1.1 23 XX.XXX.XXX.XXX 23
    extendable
    ip classless
    ip route 0.0.0.0 0.0.0.0 192.168.1.254 5
    ip route 0.0.0.0 0.0.0.0 Dialer1 10
    ip route XXX.XXX.0.0 255.0.0.0 192.168.1.150
    ip route XXX.XXX.0.0 255.0.0.0 Dialer1 10
    ip route XXX.XXX.0.0 255.0.0.0 192.168.1.254 20
    ip route XXX.XXX.0.0 255.255.0.0 Dialer1 10
    ip route XXX.XXX.0.0 255.255.0.0 192.168.1.254 20
    no ip http server
    !
    !
    access-list 1 permit 192.168.1.0 0.0.0.255
    access-list 1 permit 10.1.0.0 0.0.255.255
    !
    !
    line con 0
    line aux 0
    line vty 0 4
    password XXXXXX
    login local
    !
    end

    I added the following line to make it function:

    ip route 0.0.0.0 0.0.0.0 65.XXX.XXX.1

    The IP address I used was the first hop when doing a traceroute from
    inside the office. I had read that configuring 0.0.0.0 directly to an
    interface (with a low admin distance) could cause performance issues.

    Is there anything wrong with what I've done? Is there a better
    approach to fix this? Any insight would be appreciated.

    KM
     
    Kevin, Oct 27, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. bigal
    Replies:
    8
    Views:
    1,714
    unholy
    Oct 12, 2005
  2. jester
    Replies:
    1
    Views:
    1,819
    Vivek
    Dec 20, 2005
  3. Replies:
    0
    Views:
    818
  4. Your name

    Can't Open RAR files - PAR check ok, SFV check ok

    Your name, May 9, 2005, in forum: Computer Support
    Replies:
    3
    Views:
    8,446
  5. alpha
    Replies:
    2
    Views:
    2,877
    alpha
    Mar 27, 2007
Loading...

Share This Page