silver_domain_emperor
asked on
cisco 2620 bundling two Verizon frame T1s
I have a cisco 2620 router with (2) WIC cards, ready for (2) verizon frame T1s.
Verizon sent a basic script, I added what I could but the rest gave me errors:
Here is the Basic Script Verizon Sent:
--------------------------
Sample config:
controller T1 1/0
framing esf
linecode b8zs
channel-group 0 timeslots 1-24 speed 64
!
controller T1 1/1
framing esf
linecode b8zs
channel-group 0 timeslots 1-24 speed 64
!
interface MFR 1
description :MLFR:NxT1
mtu 4470
bandwidth 3072
no ip address
no ip redirect
no ip directed-broadcast
no ip proxy-arp
no ip mroute-cache
no arp frame-relay
load-interval 30
encapsulation frame-relay ietf
frame-relay intf-type dte
frame-relay lmi-type ansi
frame-relay multilink bid
interface MFR 1.500 point-to-point
ip address 64.65.155.110 255.255.255.252
no ip redirects
no ip directed-broadcast
no ip proxy-arp
no arp frame-relay
no cdp enable
frame-relay interface-dlci 500 ietf
interface Serial1/0:0
description:MLFR:NxT1
mtu 4470
bandwidth 1536
no ip address
no ip redirects
no ip directed-broadcast
no ip proxy-arp
encapsulation frame-relay MFR 1
no arp frame-relay
no shut
!
interface Serial1/1:0
description :MLFR:NxT1
mtu 4470
bandwidth 1536
no ip address
no ip redirects
no ip directed-broadcast
no ip proxy-arp
encapsulation frame-relay MFR 1
no arp frame-relay
no shut
!
interface FastEthernet 0/0
ip address 64.211.219.217 255.255.255.248
!
ip route 0.0.0.0 0.0.0.0 64.65.155.109
--------------------------
here is my current configuration: the router includes some old configuration related to NAT and port forwarding, I plan on using the same IP scheme (206.180.19.0) and keep the same port forward for my web/mail servers. 144.232.191.126 was our old public IP ( I will change later)
--------------------------
User Access Verification
Password:
sl-hunte1>enable
Password:
sl-hunte1#show run
Building configuration...
Current configuration : 3039 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname sl-hunte1
!
boot system tftp c2600-is-mz.122-11.T.bin 192.168.1.5
boot system flash
no logging console
enable secret 5 $1$Cwof$HFywsLSFqJo/iI5IC8
enable password 7 05080F1C2243
!
username word
username admin
ip subnet-zero
!
!
ip name-server 198.6.1.3
!
frame-relay switching
!
!
voice call carrier capacity active
!
!
!
!
!
!
!
!
!
mta receive maximum-recipients 0
!
!
!
!
interface MFR1
description :MLFR:NxT1
mtu 4470
bandwidth 3072
no ip address
no ip redirects
no ip proxy-arp
no ip mroute-cache
load-interval 30
no arp frame-relay
frame-relay lmi-type ansi
!
interface MFR1.500 point-to-point
ip address 64.65.155.110 255.255.255.252
no ip redirects
no ip proxy-arp
no arp frame-relay
no cdp enable
frame-relay interface-dlci 500 IETF
!
interface FastEthernet0/0
ip address 206.180.19.251 255.255.255.0
ip nat inside
speed auto
full-duplex
!
interface Serial0/0
description :MLFR:NxT1
mtu 4470
bandwidth 1536
no ip address
ip access-group 100 in
ip access-group 101 out
no ip redirects
no ip proxy-arp
ip nat outside
encapsulation frame-relay MFR1
no arp frame-relay
!
interface Serial0/1
description :MLFR:NxT1
mtu 4470
bandwidth 1536
no ip address
no ip redirects
no ip proxy-arp
encapsulation frame-relay MFR1
no arp frame-relay
!
ip nat inside source list 1 interface Serial0/0 overload
ip nat inside source list 10 interface Serial0/0 overload
ip nat inside source static tcp 206.180.19.104 25 144.232.191.126 25 extendable
ip nat inside source static tcp 206.180.19.104 110 144.232.191.126 110 extendable
ip nat inside source static tcp 206.180.19.2 443 144.232.191.126 443 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
ip route 0.0.0.0 0.0.0.0 64.65.155.109
no ip http server
ip pim bidir-enable
!
!
access-list 1 permit 206.180.19.0 0.0.0.255
access-list 10 permit 206.180.19.0 0.0.0.255
access-list 100 deny ip 10.0.0.0 0.255.255.255 any
access-list 100 deny ip 172.16.0.0 0.15.255.255 any
access-list 100 deny ip 192.168.0.0 0.0.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 deny ip 224.0.0.0 31.255.255.255 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip host 0.0.0.0 any
access-list 100 deny icmp any any redirect
access-list 100 deny icmp any any administratively-prohibite
access-list 100 permit icmp any any echo
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any packet-too-big
access-list 100 permit icmp any any traceroute
access-list 100 permit icmp any any unreachable
access-list 100 permit icmp any any time-exceeded
access-list 100 permit ip any any
access-list 100 permit tcp any any eq smtp
!
no call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
line con 0
password 7 121F041B1E185E132325302D21
login
line aux 0
line vty 0 4
access-class 1 in
password 7 13151601181B0B382F
login
!
!
end
sl-hunte1#
--------------------------
to refresh: I want both Verizon T1s to work together (bundle) on my NAT network (one public IP for many private ips).
Currently, I can ping the outside only from within the router (telnet)
NAT, port forwarding are not working, nor can I use the router as an internet gateway.
Thank you.
Verizon sent a basic script, I added what I could but the rest gave me errors:
Here is the Basic Script Verizon Sent:
--------------------------
Sample config:
controller T1 1/0
framing esf
linecode b8zs
channel-group 0 timeslots 1-24 speed 64
!
controller T1 1/1
framing esf
linecode b8zs
channel-group 0 timeslots 1-24 speed 64
!
interface MFR 1
description :MLFR:NxT1
mtu 4470
bandwidth 3072
no ip address
no ip redirect
no ip directed-broadcast
no ip proxy-arp
no ip mroute-cache
no arp frame-relay
load-interval 30
encapsulation frame-relay ietf
frame-relay intf-type dte
frame-relay lmi-type ansi
frame-relay multilink bid
interface MFR 1.500 point-to-point
ip address 64.65.155.110 255.255.255.252
no ip redirects
no ip directed-broadcast
no ip proxy-arp
no arp frame-relay
no cdp enable
frame-relay interface-dlci 500 ietf
interface Serial1/0:0
description:MLFR:NxT1
mtu 4470
bandwidth 1536
no ip address
no ip redirects
no ip directed-broadcast
no ip proxy-arp
encapsulation frame-relay MFR 1
no arp frame-relay
no shut
!
interface Serial1/1:0
description :MLFR:NxT1
mtu 4470
bandwidth 1536
no ip address
no ip redirects
no ip directed-broadcast
no ip proxy-arp
encapsulation frame-relay MFR 1
no arp frame-relay
no shut
!
interface FastEthernet 0/0
ip address 64.211.219.217 255.255.255.248
!
ip route 0.0.0.0 0.0.0.0 64.65.155.109
--------------------------
here is my current configuration: the router includes some old configuration related to NAT and port forwarding, I plan on using the same IP scheme (206.180.19.0) and keep the same port forward for my web/mail servers. 144.232.191.126 was our old public IP ( I will change later)
--------------------------
User Access Verification
Password:
sl-hunte1>enable
Password:
sl-hunte1#show run
Building configuration...
Current configuration : 3039 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname sl-hunte1
!
boot system tftp c2600-is-mz.122-11.T.bin 192.168.1.5
boot system flash
no logging console
enable secret 5 $1$Cwof$HFywsLSFqJo/iI5IC8
enable password 7 05080F1C2243
!
username word
username admin
ip subnet-zero
!
!
ip name-server 198.6.1.3
!
frame-relay switching
!
!
voice call carrier capacity active
!
!
!
!
!
!
!
!
!
mta receive maximum-recipients 0
!
!
!
!
interface MFR1
description :MLFR:NxT1
mtu 4470
bandwidth 3072
no ip address
no ip redirects
no ip proxy-arp
no ip mroute-cache
load-interval 30
no arp frame-relay
frame-relay lmi-type ansi
!
interface MFR1.500 point-to-point
ip address 64.65.155.110 255.255.255.252
no ip redirects
no ip proxy-arp
no arp frame-relay
no cdp enable
frame-relay interface-dlci 500 IETF
!
interface FastEthernet0/0
ip address 206.180.19.251 255.255.255.0
ip nat inside
speed auto
full-duplex
!
interface Serial0/0
description :MLFR:NxT1
mtu 4470
bandwidth 1536
no ip address
ip access-group 100 in
ip access-group 101 out
no ip redirects
no ip proxy-arp
ip nat outside
encapsulation frame-relay MFR1
no arp frame-relay
!
interface Serial0/1
description :MLFR:NxT1
mtu 4470
bandwidth 1536
no ip address
no ip redirects
no ip proxy-arp
encapsulation frame-relay MFR1
no arp frame-relay
!
ip nat inside source list 1 interface Serial0/0 overload
ip nat inside source list 10 interface Serial0/0 overload
ip nat inside source static tcp 206.180.19.104 25 144.232.191.126 25 extendable
ip nat inside source static tcp 206.180.19.104 110 144.232.191.126 110 extendable
ip nat inside source static tcp 206.180.19.2 443 144.232.191.126 443 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
ip route 0.0.0.0 0.0.0.0 64.65.155.109
no ip http server
ip pim bidir-enable
!
!
access-list 1 permit 206.180.19.0 0.0.0.255
access-list 10 permit 206.180.19.0 0.0.0.255
access-list 100 deny ip 10.0.0.0 0.255.255.255 any
access-list 100 deny ip 172.16.0.0 0.15.255.255 any
access-list 100 deny ip 192.168.0.0 0.0.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 deny ip 224.0.0.0 31.255.255.255 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip host 0.0.0.0 any
access-list 100 deny icmp any any redirect
access-list 100 deny icmp any any administratively-prohibite
access-list 100 permit icmp any any echo
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any packet-too-big
access-list 100 permit icmp any any traceroute
access-list 100 permit icmp any any unreachable
access-list 100 permit icmp any any time-exceeded
access-list 100 permit ip any any
access-list 100 permit tcp any any eq smtp
!
no call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
line con 0
password 7 121F041B1E185E132325302D21
login
line aux 0
line vty 0 4
access-class 1 in
password 7 13151601181B0B382F
login
!
!
end
sl-hunte1#
--------------------------
to refresh: I want both Verizon T1s to work together (bundle) on my NAT network (one public IP for many private ips).
Currently, I can ping the outside only from within the router (telnet)
NAT, port forwarding are not working, nor can I use the router as an internet gateway.
Thank you.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Oops, I meant 2800K down, 2300k up
>Do I need both these lines? or can I get by with just one?
Just one. List 1 and list 10 are the same, so pick one.
>the current config is showing this line:
" ip route 0.0.0.0 0.0.0.0 Serial0/0 "
do I need to make changes, if interface serial0/0 does not have an assign IP? or should I have it read;
" ip route 0.0.0.0 0.0.0.0 MFR1.500 "
Absolutely! I suggest using the upstream IP address instead of the interface
ip route 0.0.0.0 0.0.0.0 64.65.155.109
2800k vs 3000k is pretty darn close. Fix the default route and it may improve some.
Just one. List 1 and list 10 are the same, so pick one.
>the current config is showing this line:
" ip route 0.0.0.0 0.0.0.0 Serial0/0 "
do I need to make changes, if interface serial0/0 does not have an assign IP? or should I have it read;
" ip route 0.0.0.0 0.0.0.0 MFR1.500 "
Absolutely! I suggest using the upstream IP address instead of the interface
ip route 0.0.0.0 0.0.0.0 64.65.155.109
2800k vs 3000k is pretty darn close. Fix the default route and it may improve some.
ASKER
Thank you, I have accepted your answer.
Just one last question, using the last posted config, is there something wrong with my config that is preventing port 80 to be routed to machine xx.xx.xx.40?
I remember it worked two years ago, do I need to take an extra step to make it work now that we are using bundle T1s?
Just one last question, using the last posted config, is there something wrong with my config that is preventing port 80 to be routed to machine xx.xx.xx.40?
I remember it worked two years ago, do I need to take an extra step to make it work now that we are using bundle T1s?
>is there something wrong with my config that is preventing port 80 to be routed to machine xx.xx.xx.40?
>ip nat inside source static tcp 206.180.19.40 80 64.65.155.110 80 extendable
This, and the required access-list entry, which you have covered with
access-list 100 permit ip any any
That should be all you need. Is the Default Gateway correct on the www server?
>ip nat inside source static tcp 206.180.19.40 80 64.65.155.110 80 extendable
This, and the required access-list entry, which you have covered with
access-list 100 permit ip any any
That should be all you need. Is the Default Gateway correct on the www server?
ASKER
Thank you, for some reason it did not work from my computer, which is by the way, where I am running the test web server. I went to another pc and it work correctly.
Thank you.
Thank you.
ASKER
I made the changes you posted, and I can now access the internet from my PC.(thank you)
my IP scheme is 206.180.19.0 (I know they are illegal address, but a while back chrysler had us use this scheme, we were using satellite at that time, and so we kept it, we're too lazy to change, and it has not cause any trouble, even with NAT enable)
144.232.191.126 is the public address used when this router was in production(2 years ago), please disregard, I will change it to the current one, once everything else is up and running.
Current Config after changes:
--------------------------
User Access Verification
Password:
sl-hunte1>enable
Password:
sl-hunte1#show run
Building configuration...
Current configuration : 3089 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname sl-hunte1
!
boot system tftp c2600-is-mz.122-11.T.bin 192.168.1.5
boot system flash
no logging console
enable secret 5 $1$Cwof$HFywsLSFqJo/iI5IC8
enable password 7 05080F1C2243
!
username word
username admin
ip subnet-zero
!
!
ip name-server 198.6.1.3
!
frame-relay switching
!
!
voice call carrier capacity active
!
!
!
!
!
!
!
!
!
mta receive maximum-recipients 0
!
!
!
!
interface MFR1
description :MLFR:NxT1
mtu 4470
bandwidth 3072
no ip address
no ip redirects
no ip proxy-arp
no ip mroute-cache
load-interval 30
no arp frame-relay
frame-relay lmi-type ansi
!
interface MFR1.500 point-to-point
ip address 64.65.155.110 255.255.255.252
ip access-group 100 in
no ip redirects
no ip proxy-arp
ip nat outside
no arp frame-relay
no cdp enable
frame-relay interface-dlci 500 IETF
!
interface FastEthernet0/0
ip address 206.180.19.251 255.255.255.0
ip nat inside
speed auto
full-duplex
!
interface Serial0/0
description :MLFR:NxT1
mtu 4470
bandwidth 1536
no ip address
no ip redirects
no ip proxy-arp
encapsulation frame-relay MFR1
no arp frame-relay
!
interface Serial0/1
description :MLFR:NxT1
mtu 4470
bandwidth 1536
no ip address
no ip redirects
no ip proxy-arp
encapsulation frame-relay MFR1
no arp frame-relay
!
ip nat inside source list 1 interface MFR1.500 overload
ip nat inside source list 10 interface MFR1.500 overload
ip nat inside source static tcp 206.180.19.104 25 144.232.191.126 25 extendable
ip nat inside source static tcp 206.180.19.104 110 144.232.191.126 110 extendable
ip nat inside source static tcp 206.180.19.2 443 144.232.191.126 443 extendable
ip nat inside source static tcp 206.180.19.40 80 64.65.155.110 80 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
ip route 0.0.0.0 0.0.0.0 64.65.155.109
no ip http server
ip pim bidir-enable
!
!
access-list 1 permit 206.180.19.0 0.0.0.255
access-list 10 permit 206.180.19.0 0.0.0.255
access-list 100 deny ip 10.0.0.0 0.255.255.255 any
access-list 100 deny ip 172.16.0.0 0.15.255.255 any
access-list 100 deny ip 192.168.0.0 0.0.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 deny ip 224.0.0.0 31.255.255.255 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip host 0.0.0.0 any
access-list 100 deny icmp any any redirect
access-list 100 deny icmp any any administratively-prohibite
access-list 100 permit icmp any any echo
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any packet-too-big
access-list 100 permit icmp any any traceroute
access-list 100 permit icmp any any unreachable
access-list 100 permit icmp any any time-exceeded
access-list 100 permit ip any any
access-list 100 permit tcp any any eq smtp
!
no call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
line con 0
password 7 121F041B1E185E132325302D21
login
line aux 0
line vty 0 4
access-class 1 in
password 7 13151601181B0B382F
login
!
!
end
sl-hunte1#
--------------------------
two questions:
Do I need both these lines? or can I get by with just one?
ip nat inside source list 1 interface MFR1.500 overload ?
ip nat inside source list 10 interface MFR1.500 overload ?
--------------------------
I add 206.180.19.40 and port forward 80 to this pc, but It does not seem to work, am I missing something?
--------------------------
the current config is showing this line:
" ip route 0.0.0.0 0.0.0.0 Serial0/0 "
do I need to make changes, if interface serial0/0 does not have an assign IP? or should I have it read;
" ip route 0.0.0.0 0.0.0.0 MFR1.500 " (if possible)
--------------------------
last question:
I tested my connection speed at 2800k UP/ 2300k Down.. it' suppose to be around 3000k/3000k
is there anything I can do to the configuration to bring it up to par?
--------------------------
Thank you in advance