Help needed on this 857W config. Repost to be clearer what the problemsare and the help needed

Discussion in 'Cisco' started by sparticle, Aug 30, 2007.

  1. sparticle

    sparticle Guest

    Hi,

    Please see below config for my 857W. The basic topology is that I have
    one cisco857W and various servers and internal wired and wireless
    clients on the 192.168.0.0 255.255.255.0 network. There are a number of
    services running on the local lan, DNS and DHCP is also provided by a
    local server on the same subnet as the router.

    The 857W router sits on address 192.168.0.254 and needs to act as the
    local gateway for both wired and wireless clients. With this config
    booted on the router, the wireless clients can connect and authenticate
    and get allocated the correct DHCP information and look like all is well.

    PROBLEM 1
    However I cannot get any internet access at all through the router from
    either the lan or the wifi clients.

    I can ping the outside public address xxx.xxx.xxx.xxx and also the
    inside router address 192.168.0.254 from any client, but cannot get any
    internet access out.

    PROBLEM 2
    I also need to host 3 services on the local lan that need to be
    accessible to outside clients. These services are all hosted on one lan
    server with a local address of 192.168.0.1. I do not want to assign this
    machine an outside address because it provides the same services to the
    inside lan. I expected to be able to do this using some form of port
    forwarding for the specified ports on the public ip address
    xxx.xxx.xxx.xxx to the internal 192.168.0.1 ports.

    Example config commands

    First allow the traffic in on Access list 102
    access-list 102 permit tcp any eq 1000 any eq 1000
    access-list 102 permit tcp any eq 2000 any eq 2000
    access-list 102 permit tcp any eq 143 any eq 143

    Then setup a route for it
    ip nat inside source static tcp 192.168.0.1 1000 interface Dialer0 1000
    ip nat inside source static tcp 192.168.0.1 2000 interface Dialer0 2000
    ip nat inside source static tcp 192.168.0.1 143 interface Dialer0 143

    Please see config.

    Any help would be really appreciated, I have now come to the limit of my
    ability and read as much as I can about this.

    Cheers
    Spart

    !This is the show startup-config output of the router: show startup-config
    !----------------------------------------------------------------------------

    Using 6903 out of 131072 bytes
    !
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname fred
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200 warnings
    enable secret 5
    !
    no aaa new-model
    !
    resource policy
    !
    clock timezone PCTime 0
    clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
    ip dhcp excluded-address 10.10.10.1
    !
    !
    ip cef
    ip inspect name SDM_LOW cuseeme
    ip inspect name SDM_LOW dns
    ip inspect name SDM_LOW ftp
    ip inspect name SDM_LOW h323
    ip inspect name SDM_LOW https
    ip inspect name SDM_LOW icmp
    ip inspect name SDM_LOW imap
    ip inspect name SDM_LOW pop3
    ip inspect name SDM_LOW rcmd
    ip inspect name SDM_LOW realaudio
    ip inspect name SDM_LOW rtsp
    ip inspect name SDM_LOW esmtp
    ip inspect name SDM_LOW sqlnet
    ip inspect name SDM_LOW streamworks
    ip inspect name SDM_LOW tftp
    ip inspect name SDM_LOW tcp
    ip inspect name SDM_LOW udp
    ip inspect name SDM_LOW vdolive
    ip domain name localdomain
    ip name-server 192.168.0.1
    !
    !
    crypto pki trustpoint TP-self-signed-1133152170
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-1133152170
    revocation-check none
    rsakeypair TP-self-signed-1133152170
    !
    !
    crypto pki certificate chain TP-self-signed-1133152170
    certificate self-signed 01 nvram:IOS-Self-Sig#3005.cer
    username ourusername privilege 15 secret 5
    !
    !
    !
    bridge irb
    !
    !
    interface ATM0
    no ip address
    no atm ilmi-keepalive
    dsl operating-mode auto
    !
    interface ATM0.1 point-to-point
    no snmp trap link-status
    pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface Dot11Radio0
    no ip address
    ip access-group 100 in
    ip nat inside
    ip virtual-reassembly
    !
    encryption key 1 size 40bit 0 xxxxxxxxxx transmit-key
    encryption mode wep mandatory
    !
    ssid ouroffice
    authentication open
    guest-mode
    !
    speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0
    basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
    station-role root
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 spanning-disabled
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    !
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
    no ip address
    ip access-group 100 in
    ip nat inside
    ip virtual-reassembly
    ip tcp adjust-mss 1452
    bridge-group 1
    !
    interface Dialer0
    description $FW_OUTSIDE$
    ip address xxx.xxx.xxx.xxx 255.255.255.248
    ip access-group 102 in
    ip inspect SDM_LOW out
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication chap callin
    ppp chap hostname ourhostname
    ppp chap password 0 ourpassword
    !
    interface BVI1
    description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
    ip address 192.168.0.254 255.255.255.0
    ip access-group 100 in
    ip tcp adjust-mss 1452
    !
    ip route 0.0.0.0 0.0.0.0 Dialer0
    !
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source list 1 interface Dialer0 overload
    ip nat inside source static tcp 192.168.0.1 1000 interface Dialer0 1000
    ip nat inside source static tcp 192.168.0.1 2000 interface Dialer0 2000
    ip nat inside source static tcp 192.168.0.1 143 interface Dialer0 143
    !
    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit 192.168.0.0 0.0.0.255
    access-list 23 remark SDM_ACL Category=16
    access-list 23 permit 192.168.0.0 0.0.0.255
    access-list 100 remark Auto generated by SDM Management Access feature
    access-list 100 remark SDM_ACL Category=1
    access-list 100 deny ip xxx.xxx.xxx.xxx 0.0.0.7 any
    access-list 100 deny ip host 255.255.255.255 any
    access-list 100 deny ip 127.0.0.0 0.255.255.255 any
    access-list 100 permit udp 192.168.0.0 0.0.0.255 eq domain any
    access-list 100 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.254 eq
    telnet
    access-list 100 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.254 eq 22
    access-list 100 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.254 eq www
    access-list 100 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.254 eq 443
    access-list 100 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.254 eq cmd
    access-list 100 deny tcp any host 192.168.0.254 eq telnet
    access-list 100 deny tcp any host 192.168.0.254 eq 22
    access-list 100 deny tcp any host 192.168.0.254 eq www
    access-list 100 deny tcp any host 192.168.0.254 eq 443
    access-list 100 deny tcp any host 192.168.0.254 eq cmd
    access-list 100 deny udp any host 192.168.0.254 eq snmp
    access-list 100 permit ip any any
    access-list 101 remark SDM_ACL Category=1
    access-list 101 permit ip 192.168.0.0 0.0.0.255 any
    access-list 101 remark SDM_ACL Category=1
    access-list 101 permit tcp any any eq 143
    access-list 102 remark auto generated by SDM firewall configuration
    access-list 102 remark SDM_ACL Category=1
    access-list 102 deny ip 192.168.0.0 0.0.0.255 any
    access-list 102 remark Allow worldclient Access
    access-list 102 permit tcp any eq 1000 any eq 1000
    access-list 102 permit tcp any eq 2000 any eq 2000
    access-list 102 permit tcp any eq 143 any eq 143
    access-list 102 permit icmp any host xxx.xxx.xxx.xxx echo-reply
    access-list 102 permit icmp any host xxx.xxx.xxx.xxx time-exceeded
    access-list 102 permit icmp any host xxx.xxx.xxx.xxx unreachable
    access-list 102 deny ip 10.0.0.0 0.255.255.255 any
    access-list 102 deny ip 172.16.0.0 0.15.255.255 any
    access-list 102 deny ip 192.168.0.0 0.0.255.255 any
    access-list 102 deny ip 127.0.0.0 0.255.255.255 any
    access-list 102 deny ip host 255.255.255.255 any
    access-list 102 deny ip host 0.0.0.0 any
    access-list 102 deny ip any any log
    dialer-list 1 protocol ip permit
    !
    control-plane
    !
    bridge 1 protocol ieee
    bridge 1 route ip
    banner login ^CCC
    -----------------------------------------------------------------------
    Cisco Router and Security Device Manager (SDM) is installed on this device.
    This feature requires the one-time use of the username "cisco"
    with the password "cisco". The default username and password have a
    privilege level of 15.

    Please change these publicly known initial credentials using SDM or the
    IOS CLI.
    Here are the Cisco IOS commands.

    username <myuser> privilege 15 secret 0 <mypassword>
    no username cisco

    Replace <myuser> and <mypassword> with the username and password you
    want to use.

    For more information about SDM please follow the instructions in the
    QUICK START
    GUIDE for your router or go to http://www.cisco.com/go/sdm
    -----------------------------------------------------------------------
    ^C
    !
    line con 0
    password ourpassword
    login
    no modem enable
    line aux 0
    line vty 0 4
    access-class 101 in
    privilege level 15
    password ourpassword
    login
    transport input telnet ssh
    !
    scheduler max-task-time 5000
    end
     
    sparticle, Aug 30, 2007
    #1
    1. Advertising

  2. sparticle

    Merv Guest

    Re: Help needed on this 857W config. Repost to be clearer what the problems are and the help needed

    Suggestion at how to drill down on first problem.

    OBTW there are a variety of ADSL troubleshooting docs on Cisco CCO.

    Capturing and posting the following output may help responders in
    assisting you:

    config t

    logging buffered 51200 debugging

    int ATM0
    dsl operating-mode auto
    dsl enable-training-log
    end
    wri mem

    show version

    clear counters

    sh ip int br

    sh ip route

    show interface atm 0

    show atm interface atm0

    show dsl int atm 0

    ping <outside IP address>

    ! enable ATM debugs

    debug atm errors

    debug atm events

    debug ppp neg

    debug ip icmp


    ! unplug ADSL cable and then reconnect


    ping 62.6.197.138

    sh int acc

    sh ip traffic


    Capturing and
     
    Merv, Aug 30, 2007
    #2
    1. Advertising

  3. sparticle

    Merv Guest

    Re: Help needed on this 857W config. Repost to be clearer what the problems are and the help needed

    also try

    config t
    int vlan 1
    no ip nat inside

    int bvi 1
    ip nat inside
    end

    wri mem
     
    Merv, Aug 30, 2007
    #3
  4. sparticle

    Merv Guest

    Re: Help needed on this 857W config. Repost to be clearer what the problems are and the help needed

    On Aug 30, 10:45 am, Merv <> wrote:
    > also try
    >
    > config t
    > int vlan 1
    > no ip nat inside
    >
    > int bvi 1
    > ip nat inside
    > end
    >
    > wri mem




    And of course, check that translations are occurring:


    show ip nat translations

    show ip nat statistics
     
    Merv, Aug 30, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Chris UK
    Replies:
    4
    Views:
    980
  2. Mtco

    Zoom in and make clearer like they do on TV

    Mtco, Mar 28, 2005, in forum: Digital Photography
    Replies:
    60
    Views:
    1,880
    Big Bill
    Apr 2, 2005
  3. sparticle
    Replies:
    2
    Views:
    1,053
  4. os4mike
    Replies:
    0
    Views:
    3,590
    os4mike
    Jan 9, 2008
  5. Doug McIntyre

    Re: IPV6 and cisco 857W

    Doug McIntyre, Nov 4, 2011, in forum: Cisco
    Replies:
    0
    Views:
    1,047
    Doug McIntyre
    Nov 4, 2011
Loading...

Share This Page