Hardware

General discussion

Gravatar
0 Votes
Locked

Cisco Newbie

By Manthax ·
Hi all,
I have a Cisco Soho ** wich I want to connect to a DSL line. I cannot connect to the Internet.

Can someone help me figure out what am I doing wrong or missing?. I am posting the router configuration. Thanks.
===========================================

Current configuration : 2522 bytes
!
version 12.3
!
hostname Router1
!
logging console notifications
enable password 7 082D734F0D140C19
!
no aaa new-model
ip subnet-zero
no ip domain lookup
ip name-server 216.X.X.50
ip name-server 216.X.X.59
!
!

interface Ethernet0
description "Local Network"
ip address 10.10.10.1 255.255.255.0
ip access-group 102 in
ip nat inside
no cdp enable
!
interface Ethernet1
description "Internet Link"
ip address 65.X.X.218 255.255.255.248
ip access-group 100 in
ip nat outside
duplex auto
no cdp enable
!
ip nat pool DSl.net 65.X.X.219 65.X.X.220 netmask 255.255.255.248
ip nat inside source list 1 pool Net overload
ip classless
ip route 0.0.0.0 0.0.0.0 65.X.X.217
ip http server
no ip http secure-server
!
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 100 permit icmp any any echo
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any packet-too-big
access-list 100 permit icmp any any time-exceeded
access-list 100 permit icmp any any traceroute
access-list 100 permit icmp any any unreachable
access-list 100 permit gre any any
access-list 100 permit ip 10.10.10.0 0.0.0.255 any
access-list 100 permit tcp any any established
access-list 100 deny ip any any
access-list 102 deny tcp any any eq 137
access-list 102 deny tcp any any eq 138
access-list 102 deny tcp any any eq 139
access-list 102 deny tcp any any eq finger
access-list 102 permit ip any any
no cdp run
!
line con 0
no modem enable
line aux 0
line vty 0 4
exec-timeout 30 0
password 7 020A3B5A0F0B062F
login
!
scheduler max-task-time 5000
!
end
========================================

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

gravatar
Collapse -

by CG IT In reply to Cisco Newbie

disable your access list then see if you can connect. Basic troubleshooting parameters for access routers: if there is an access list and theres connectivity problems, chances are its the access list.

gravatar
Collapse -

by CG IT In reply to

ip access lists 102 deny statements on the interior interface. heres a test. try disabling IP access list 102 on e0 and leave access list 101 on e1 enabled. do a host ping on the lan to your ISP DNS server to verify outbound ICMP traffic from e0 through e1 and back. make sure ICMP echo requests on e1 allow any in access list 101.

gravatar
Collapse -

by BFilmFan In reply to Cisco Newbie

Check your NAT and Ethernet1 IP addresses. They are NOT the same...

gravatar
Collapse -

by BFilmFan In reply to

And also check you IP route address. You are showing 218,217 and 219 as addresses. Which one is it?

gravatar
Collapse -

by Manthax In reply to Cisco Newbie

I have 4 public IPs 65.X.X.218 65.X.X.222
Router IP Address: 65.X.X.219
IP route: 65.X.X 217 (default gateway to ISP)
IP name-server 216.175.203.50 216.175.203.59
I want to use two public IPs 65.X.X 219 and 65.X.X.220 to be able to user Terminal services with two servers.

If I use the default configuration on the router, I can connect no problem. I want to become more familiar with Cisco IOS, so this is why I am trying to setup from scratch.

Thanks for all the help!

gravatar
Collapse -

by Manthax In reply to Cisco Newbie

I have tried to submit my comments, but wne I get to the next page my comments to your answers are gone!. What am I missing?

gravatar
Collapse -

by CG IT In reply to Cisco Newbie

ah ok if you disable the access list you can connect [ your comment using default settings you can connect ].

note: there is an implicit deny at the end of any defined access list so if it isn't listed its denied [which is why if you disable the access list, you get a connection]. I'll look at your running config and post again.

gravatar
Collapse -

by CG IT In reply to

note: verify you have an acutal public pool of 4 public addresses from your ISP [costly]. what public access do you actualy have? ATM,DSL,T1 leased? [won't ask ISDN]. note: your not specifing a DNS server to use. an access router needs a DNS server for name resolution [preferably a public DNS server or your ISP DNS which will query a public DNS]. Without name resolution http requests get dropped.

gravatar
Collapse -

by CG IT In reply to

when I say not using a DNS the ones specified appear internal which any DNS requests will be routered there by the router. you'll go into a loop because requests will just go round and round and not out on e1.

gravatar
Collapse -

by CG IT In reply to

last thing is you have access lists 100 and 102 in but no out so only in traffic works on the interfaces no out. remember access lists are processes in order and the last one processes is the deny any [even if you don't see it, its there] so with allow in with not corresponding out traffic is one way. if you use tcp syntax on a line then you need to specify a port as the syntax tcp is a filter

Back to Hardware Forum

Start or search

Related Discussions

Related Forums