CALLING IOS Experts 857W config help needed

Discussion in 'Cisco' started by sparticle, Aug 28, 2007.

  1. sparticle

    sparticle Guest

    Hi,

    Please see below config for my 857W. The basic topology is that I have
    one cisco857W and various servers and internal wired and wireless
    clients on the 192.168.0.1 255.255.255.0 network. There are a number of
    services running on the local lan, DNS and DHCP is also provided by a
    local server on the same subnet as the router.

    The router sits on 192.168.0.254 and needs to act as the local gateway
    for both wired and wireless clients. With this config, the wireless
    clients can connect and authenticate get DHCP'd from the local network
    server and are good to go. However I cannot get any packets out of
    either the lan or wifi clients. I can ping the outside public address
    xxx.xxx.xxx.xxx and also the router from any client, but cannot get any
    packets out.

    I also need to poke holes in the firewall for 3 services see config.

    Any help would be really appreciated, I have now come to the limit of my
    ability and read as much as I can about this.

    Cheers
    Spart

    !This is the show startup-config output of the router: show startup-config
    !----------------------------------------------------------------------------

    Using 6903 out of 131072 bytes
    !
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname fred
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200 warnings
    enable secret 5
    !
    no aaa new-model
    !
    resource policy
    !
    clock timezone PCTime 0
    clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
    ip dhcp excluded-address 10.10.10.1
    !
    !
    ip cef
    ip inspect name SDM_LOW cuseeme
    ip inspect name SDM_LOW dns
    ip inspect name SDM_LOW ftp
    ip inspect name SDM_LOW h323
    ip inspect name SDM_LOW https
    ip inspect name SDM_LOW icmp
    ip inspect name SDM_LOW imap
    ip inspect name SDM_LOW pop3
    ip inspect name SDM_LOW rcmd
    ip inspect name SDM_LOW realaudio
    ip inspect name SDM_LOW rtsp
    ip inspect name SDM_LOW esmtp
    ip inspect name SDM_LOW sqlnet
    ip inspect name SDM_LOW streamworks
    ip inspect name SDM_LOW tftp
    ip inspect name SDM_LOW tcp
    ip inspect name SDM_LOW udp
    ip inspect name SDM_LOW vdolive
    ip domain name localdomain
    ip name-server 192.168.0.1
    !
    !
    crypto pki trustpoint TP-self-signed-1133152170
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-1133152170
    revocation-check none
    rsakeypair TP-self-signed-1133152170
    !
    !
    crypto pki certificate chain TP-self-signed-1133152170
    certificate self-signed 01 nvram:IOS-Self-Sig#3005.cer
    username ourusername privilege 15 secret 5
    !
    !
    !
    bridge irb
    !
    !
    interface ATM0
    no ip address
    no atm ilmi-keepalive
    dsl operating-mode auto
    !
    interface ATM0.1 point-to-point
    no snmp trap link-status
    pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface Dot11Radio0
    no ip address
    ip access-group 100 in
    ip nat inside
    ip virtual-reassembly
    !
    encryption key 1 size 40bit 0 xxxxxxxxxx transmit-key
    encryption mode wep mandatory
    !
    ssid ouroffice
    authentication open
    guest-mode
    !
    speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0
    basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
    station-role root
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 spanning-disabled
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    !
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
    no ip address
    ip access-group 100 in
    ip nat inside
    ip virtual-reassembly
    ip tcp adjust-mss 1452
    bridge-group 1
    !
    interface Dialer0
    description $FW_OUTSIDE$
    ip address xxx.xxx.xxx.xxx 255.255.255.248
    ip access-group 102 in
    ip inspect SDM_LOW out
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication chap callin
    ppp chap hostname ourhostname
    ppp chap password 0 ourpassword
    !
    interface BVI1
    description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
    ip address 192.168.0.254 255.255.255.0
    ip access-group 100 in
    ip tcp adjust-mss 1452
    !
    ip route 0.0.0.0 0.0.0.0 Dialer0
    !
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source list 1 interface Dialer0 overload
    ip nat inside source static tcp 192.168.0.1 1000 interface Dialer0 3000
    ip nat inside source static tcp 192.168.0.1 2000 interface Dialer0 2500
    ip nat inside source static tcp 192.168.0.1 143 interface Dialer0 143
    !
    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit 192.168.0.0 0.0.0.255
    access-list 23 remark SDM_ACL Category=16
    access-list 23 permit 192.168.0.0 0.0.0.255
    access-list 100 remark Auto generated by SDM Management Access feature
    access-list 100 remark SDM_ACL Category=1
    access-list 100 deny ip xxx.xxx.xxx.xxx 0.0.0.7 any
    access-list 100 deny ip host 255.255.255.255 any
    access-list 100 deny ip 127.0.0.0 0.255.255.255 any
    access-list 100 permit udp 192.168.0.0 0.0.0.255 eq domain any
    access-list 100 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.254 eq
    telnet
    access-list 100 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.254 eq 22
    access-list 100 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.254 eq www
    access-list 100 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.254 eq 443
    access-list 100 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.254 eq cmd
    access-list 100 deny tcp any host 192.168.0.254 eq telnet
    access-list 100 deny tcp any host 192.168.0.254 eq 22
    access-list 100 deny tcp any host 192.168.0.254 eq www
    access-list 100 deny tcp any host 192.168.0.254 eq 443
    access-list 100 deny tcp any host 192.168.0.254 eq cmd
    access-list 100 deny udp any host 192.168.0.254 eq snmp
    access-list 100 permit ip any any
    access-list 101 remark SDM_ACL Category=1
    access-list 101 permit ip 192.168.0.0 0.0.0.255 any
    access-list 101 remark SDM_ACL Category=1
    access-list 101 permit tcp any any eq 143
    access-list 102 remark auto generated by SDM firewall configuration
    access-list 102 remark SDM_ACL Category=1
    access-list 102 deny ip 192.168.0.0 0.0.0.255 any
    access-list 102 remark Allow worldclient Access
    access-list 102 permit tcp any eq 1000 any eq 1000
    access-list 102 permit tcp any eq 2000 any eq 2000
    access-list 102 permit tcp any eq 143 any eq 143
    access-list 102 permit icmp any host xxx.xxx.xxx.xxx echo-reply
    access-list 102 permit icmp any host xxx.xxx.xxx.xxx time-exceeded
    access-list 102 permit icmp any host xxx.xxx.xxx.xxx unreachable
    access-list 102 deny ip 10.0.0.0 0.255.255.255 any
    access-list 102 deny ip 172.16.0.0 0.15.255.255 any
    access-list 102 deny ip 192.168.0.0 0.0.255.255 any
    access-list 102 deny ip 127.0.0.0 0.255.255.255 any
    access-list 102 deny ip host 255.255.255.255 any
    access-list 102 deny ip host 0.0.0.0 any
    access-list 102 deny ip any any log
    dialer-list 1 protocol ip permit
    !
    control-plane
    !
    bridge 1 protocol ieee
    bridge 1 route ip
    banner login ^CCC
    -----------------------------------------------------------------------
    Cisco Router and Security Device Manager (SDM) is installed on this device.
    This feature requires the one-time use of the username "cisco"
    with the password "cisco". The default username and password have a
    privilege level of 15.

    Please change these publicly known initial credentials using SDM or the
    IOS CLI.
    Here are the Cisco IOS commands.

    username <myuser> privilege 15 secret 0 <mypassword>
    no username cisco

    Replace <myuser> and <mypassword> with the username and password you
    want to use.

    For more information about SDM please follow the instructions in the
    QUICK START
    GUIDE for your router or go to http://www.cisco.com/go/sdm
    -----------------------------------------------------------------------
    ^C
    !
    line con 0
    password ourpassword
    login
    no modem enable
    line aux 0
    line vty 0 4
    access-class 101 in
    privilege level 15
    password ourpassword
    login
    transport input telnet ssh
    !
    scheduler max-task-time 5000
    end
     
    sparticle, Aug 28, 2007
    #1
    1. Advertisements

  2. sparticle

    Merv Guest

    Based on your comments I assume that the wired and wirelless client
    access issues have beend addressed.

    Please confirm that you current difficulty is with the ISP access ?

    BTW what ISP are you connected to ?

    There are a variety of ADSL troubleshooting docs on Cisco CCO.


    Posting the following output may help responders to assist you:


    config t
    int ATM0
    dsl operating-mode auto
    dsl enable-training-log
    end
    wri mem


    show version


    clear counters


    sh ip int br


    sh ip route


    show interface atm 0


    show atm interface atm0


    show dsl int atm 0


    ping <outside IP address>


    ! enable ATM debugs


    debug atm errors


    debug atm events


    debug ppp


    ! unplug ADSL cable and then reconnect


    debug icmp


    ping 62.6.197.138


    sh int acc


    sh ip traffic
     
    Merv, Aug 30, 2007
    #2
    1. Advertisements

  3. sparticle

    Merv Guest

    debug ppp neg
     
    Merv, Aug 30, 2007
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.