Our ISP providing an Adtran 600 which is giving us an Internet T1. When we connect it directly to our laptop we can get on the Internet fine, however when we connect it to our Cisco 2811 on the FastEthernet 0/1 connection and configure the FastEthernet0/0 LAN we can't get the Internet to work. I can tracert the IP Address ok, but when I ping it says destination host unreachable. We will also have 3 Serial Interface Point-to-Point T1's connected but not operational yet. I tried accessing it through the SDM browser to see if I missed anything but can't tell.
Please HELP!!!
Here is my configuration:
User Access Verification ip 127.0.0.0 0.255.255.
Username:
Username: admin
Password:access-li
MainSite#show running-config
Building configuration...to generated by SDM firew
Current configuration : 11250 bytes
!
version 12.4ess-list 104
service timestamps debug datetime msec
!
boot-start-marker
access-list
boot-end-marker0.10.254.8 0.0.
!3
logging buffered 51200 warnings
access-li
!
no aaa new-model.168.10.0 0.0.0.
!5
resource policy
!
ip subnet-zero
access
!i
!
ip cefmit ic
ip inspect name SDM_LOW cuseemereply
ip inspect name SDM_LOW dns
access-list 104 pe
ip inspect name SDM_LOW ftp06.51 time-exceeded
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW httpsny host 216.204.106.51 unreac
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imapermit tcp any host 216.204.1
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshowmit tcp any host 216.204.106.50
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW sqlnet
access-list 104 permit
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftppermit ip 192.168.0.0 0.0.25
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udpit ip 127.0.0.0 0.255.255.2
ip inspect name SDM_LOW vdolive
acc
!s
!i
ip domain name ns0.lightship.net.255 any
ip name-server 216.204.102.10ess-list 104 permit ip host 0
ip name-server 216.204.0.33
ac
ip name-server 216.204.0.35any log
!
!
!
crypto pki trustpoint TP-self-signed-3478444500y
SDM firewall configuration
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
cate-
crypto pki certificate chain TP-self-signed-3478444500
certificate self-signed 01ost 216.204.102.10 eq domai
30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030ist 105 permit ip 10.10.254.0 0.0.0.3 any
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
access-list 105 permit ip 216.
69666963 6174652D 33343738 34343435 3030301E 170D3036 30393235 32313132
access-list 105 permit ip 10.10.254.8 0.0.0.3 any
35325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649any
access-list 105 per
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 34373834
access-list 105 permit ip any
access-list 106 deny ip 192.168.10.0 0.0.0.255 any
F98FDE4C 44050150 EFC0B520 6A6BCD6C C78FCE76 D22B0A0C BAD0B8F4 ED7EF68C255.255.255 any
access-
E85D0203 010001A3 7A307830 0F060355 1D130101 FF040530 030101FF 30250603
access-list 106 permit ip any any
551D1104 1E301C82 1A4D6169 6E536974 652E6E73 302E6C69 67687473 686970l configur
access-list 107 de
A7C5F93B EB3B966B 473F2257 6D7F438A 1F19974B 0B94E1A1 16298015 1171F0B1
access-list 107 deny ip 10.10.254.4 0.0.0.3 any
B4EB87FE C43795AC C860E048 1F2077BD 0692D955 1BDDC87D 37D590D0 694A7C28.0.3 any
access-list 107
5C506E17 DD72D186 9BA1AD7F 13CFE180 A79DCBB3 0A5A
quit
!
!
interface FastEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-
FE 0/0$$ETH-LAN$$FW_INSIDE$bl
e
ip address 192.168.10.253 255.255.255.010.254 host 216.204.106.51 eq 443
ip access-group 105 in
ip nat inside
access-li
ip virtual-reassembly192.168.
10.254 host 21
duplex autoeq 22
speed auto
!
interface FastEthernet0/1
access-list
description $FW_OUTSIDE$$ETH-LAN$ host 216.204.106.51 eq cmd
ip address 216.204.106.51 255.255.255.248
access-list 107 de
ip access-group 107 in55.255 any
ip access-group sdm_fastethernet0/1_out outs-list 107 deny ip 172.16.0.0 0.15.255.255
ip verify unicast rever
ip virtual-reassembly255.255.
255 any
duplex auto
speed auto
a
!e
interface Serial0/0/0host 255.255.255.255
description $FW_INSIDE$
ip address 10.10.254.1 255.255.255.2520.0 any
ip access-group 106 in07 deny ip any any lo
ip nat inside
ip virtual-reassembly-plane
!
encapsulation pppDO NOT ATTEMPT TO
!C
interface Serial0/1/0S YOU ARE
description $FW_INSIDE$
ip address 10.10.254.9 255.255.255.252
--------------------------
-----
ip access-group 102 in----------------
ip nat inside
ip virtual-reassembly
Cisco Rou
encapsulation pppvice Manager (SDM)
!s
interface Serial0/2/0ice.
description $FW_INSIDE$
ip address 10.10.254.5 2
!
router ospf 100
Please chang
log-adjacency-changesiniti
al credentials us
redistribute connected
passive-interface Serial0/0/0
Her
passive-interface Serial0/1/0
passive-interface Serial0/2/015 secret 0 <mypassword>
network 10.10.254.0 0.0.0.255 area 0
no username cisco
default-information originatemypassword> with the username
!d
ip classless want to use
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 permanent
.
For more informa
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0ions in the QUICK START
!
ip http server
ip http authentication local
GUIDE for your router or
ip http secure-servero.com/go/sdm
ip http timeout-policy idle 5 life 86400
remark SDM_ACL Category=1
!
schedul
permit ip host 216.204.106.51 host 192.168.10.253 logend
MainSite#
MainSite#DO NOT ATTEMPT TO
!C
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.254.8 0.0.0.3
--------------------------
access-list 1 permit 10.10.254.4 0.0.0.3----
access-list 1 permit 10.10.254.0 0.0.0.3 Router and Security Device Manager (SDM
access-list 100 remark auto generat
Usernam
access-list 101 deny ip 10.10.254.8 0.0.0.3 anye#show running-config
access-list 101 deny ip 192.168.10.0 0.0.0.255 anyCurrent configuration : 11250 bytes
access-list 101 deny ip host 255.255.255.255 anyice timestamps debug datetime msec
access-list 101 deny ip 127.0.0.0 0.255.255.255 any msec
no service
access-list 101 permit ip any any
!
hostname MainS
access-list 101 permit ip 192.168.10.0 0.0.0.255 any
boot-end-marker
!
logging buff
access-list 101 permit ip 192.168.12.0 0.0.0.255 any
no aaa new-model
!
resource policy
access-list 101 permit ip 10.0.0.0 0.255.255.255 any
ip cef
ip inspect name SDM_LOW cuseeme
ip domain nam
access-list 103 deny ip 10.10.254.0 0.0.0.3 any
ip name-server 216.204.102.10
access-list 103 deny ip 216.204.106.48 0.0.0.7 any
ip name-server 216.204.0.35
access-list 103 deny ip 10.10.254.8 0.0.0.3 any-self-signed-3478444500
access-list 103 deny ip 192.168.10.0 0.0.0.255 any
subject-name cn=IOS-Self-Signed-Certi
access-list 103 deny ip host 255.255.255.255 any
revocation-check none
access-list 103 deny ip 127.0.0.0 0.255.255.255 any
!
!
crypto pk
access-list 103 permit ip any any-3478444500
access-list 104 remark auto generated by SDM firewall configuration
30820252 308201BB A0030201 02020101 300D0609
access-list 104 remark SDM_ACL Category=1
access-list 104 permit ip 172.16.0.0 0.15.255.255 any
E85D0203 010001A3 7A307830 0F0
access-list 104 permit ip 192.168.0.0 0.0.255.255 any
access-list 104 permit ip 127.0.0.0 0.255.255.255 any 302E6C69 67687473 6869702E
access-list 104 permit ip host 255.255.255.255 anyE657430 1F060355 1D230418 30168014 6D291358 94B6F6
access-list 104 permit ip host 0.0.0.0 any
access-list 104 permit ip any any log1604146D 29135894 B6F6BAA2 E51221E8 E
access-list 105 remark auto generated by SDM firewall configuration
B2DF0E30 0D06092A 864886F7 0D010104 05000381 8100124
access-list 105 remark SDM_ACL Category=1
access-list 105 permit udp host 216.204.102.10 eq domain any B4EB87FE C43795AC C860E048 1F2077BD 0692D955 1BDDC87D 37D5
access-list 105 permit ip 10.10.254.0 0.0.0.3 any
5C506E17 D
access-list 105 permit ip 10.10.254.4 0.0.0.3 any
quit
access-list 105 permit ip 216.204.106.48 0.0.0.7 any
use
access-list 105 permit ip 10.10.254.8 0.0.0.3 any
!
!
!
!
!
access-list 105 permit ip host 255.255.255.255 any description $ETH-SW-LAUNCH$$INTF-INFO-
FE 0/0$$ETH
access-list 105 permit ip 127.0.0.0 0.255.255.255 any
ip address 192.168.10.2
access-list 105 permit ip any
encapsu
access-list 107 permit ip host 216.204.106.51 host 192.168.10.253
description $FW_INSIDE$
ip add
access-list 107 permit udp host 216.204.0.35 eq domain any
ip access-group 102 in
access-list 107 permit udp host 216.204.0.33 eq domain any
encapsulation ppp
!
i
access-list 107 permit udp host 216.204.102.10 eq domain anySIDE$
ip address 10.10.254.5 255.25
access-list 107 deny ip 10.10.254.0 0.0.0.3 anyip access-group 103 in
ip
access-list 107 deny ip 10.10.254.4 0.0.0.3 any
encapsulation ppp
access-list 107 deny ip 10.10.254.8 0.0.0.3 anyjacency-changes
redistribu
access-list 107 permit ip 192.168.10.0 0.0.0.255 host 216.204.106.51
passive-interface Serial0/1/0
access-list 107 deny ip host 0.0.0.0 anyit 10.10.254.8 0.0.0.3go/sdm
access-list 107 deny ip any any logmit 10.10.254.4 0.0.0.3--------------
!-
!-
control-plane------
access
!i
!
banner login ^CDO NOT ATTEMPT TO ACCESS THIS NETWORK UNLESS YOU ARE
access-list 100 remark auto generated by SDM firewall configuratio
AN AUTORIZED USER!!!
Username:
--------------------------
----------
----------
----------
----------
-----runni
ng-config
access-list 100 permit ip 10.10.
Cisco Router and Security Device Manager (SDM) is installed on this device.st 100 permit ip 10.10.254.4 0.0.0.3 any
service timestamps debug dat
Please change these publicly known initial credentials using SDM or the IOS CLI.d 51200 warnings
access-list 100 permit ip 127.0.0.
Here are the Cisco IOS commands.
!
ip subnet-zero
username <myuser> privilege 15 secret 0 <mypassword>
access-list 101 remark auto genera
no username ciscol configurationip
^C
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
MainSite#
MainSite#
Start Free Trial
