[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details

Cisco ADSL 857 Router

Asked by adriankillops in Network Routers, Networking Hardware Firewalls, Network Software Firewalls

I have just configured this router for internet access but it doesn't appear to be allowing traffic. I am also unable to ping this router once it is powered on and plugged in.

Can someone please check the configuration and tell me whats wrong?

I am looking to allow all traffic out (this will be controlled via another firewall) and deny all traffic in.

LAN is connected to FE0
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:
225:
226:
227:
228:
229:
230:
231:
232:
233:
234:
235:
236:
237:
238:
239:
240:
241:
242:
243:
244:
245:
246:
247:
248:
249:
250:
251:
252:
253:
254:
255:
256:
257:
258:
259:
260:
261:
262:
263:
264:
265:
266:
267:
268:
269:
270:
271:
272:
273:
274:
275:
276:
277:
278:
279:
280:
281:
282:
283:
284:
285:
286:

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2009.04.20 11:55:43 =~=~=~=~=~=~=~=~=~=~=~=
sh run
Building configuration...
 
Current configuration : 9579 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname XXXXXX
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 informational
logging console critical
enable secret 5 XXXXXXX
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-867665501
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-867665501
 revocation-check none
 rsakeypair TP-self-signed-867665501
!
!
crypto pki certificate chain TP-self-signed-867665501
 certificate self-signed 01
  30820250 308201B9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 38363736 36353530 31301E17 0D303230 33303130 30303830 
  325A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3836 37363635 
  35303130 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 
  B4EB1394 23590B94 A91B09AF E281ECB5 7E682343 A04BB2BA DCEC6074 12B93CA0 
  B4875A8B E74B3D93 A959519D D7CCC364 36F6137F 68770D4B C88F7E2B 7A7529CA 
  965CB2D7 0B25FE42 491D5F18 2E5D9018 06AA0E5B AEFD9999 B1AF5137 A156789A 
  AE5B0AEB A750250D 385647AF DB718BCF 145A2ECA EDA5330F E27E6011 A4D5745D 
  02030100 01A37A30 78300F06 03551D13 0101FF04 05300301 01FF3025 0603551D 
  11041E30 1C821A42 75646765 7449522E 61642E62 75646765 74656D65 612E6E65 
  74301F06 03551D23 04183016 80144405 DB84B7FD 096E27DE CF5D9716 156627C4 
  2033301D 0603551D 0E041604 144405DB 84B7FD09 6E27DECF 5D971615 6627C420 
  33300D06 092A8648 86F70D01 01040500 03818100 53998683 31396C88 80950EF7 
  A96C12A3 C8F44AA0 32CF753A A2760B0E E614E3D5 19BA764D D82E8E82 822C6173 
  64B56496 FDD3381D 8C721B6C ED96FFED E37D6774 B6771CB7 4E840BF4 8A7A1EB8 
  7F5E9903 50515F11 3320452F BAF1E0B2 759D2A33 B2749A89 C8374C0B F43B82E2 
  F5CEB2A5 186779D9 06E6EA21 9249A576 C57D2071
  	quit
dot11 syslog
no ip source-route
!
!
ip cef
ip inspect name HQ ftp timeout 3600
ip inspect name HQ smtp timeout 3600
ip inspect name HQ tftp timeout 3600
ip inspect name HQ udp timeout 3600
ip inspect name HQ tcp timeout 3600
ip inspect name HQ h323 timeout 3600
no ip bootp server
ip domain name ad.budgetemea.net
ip name-server 212.139.132.43
ip name-server 212.139.132.44
!
parameter-map type regex sdm-regex-nonascii
pattern [^\x00-\x80]
 
!
!
username XXXXXXX privilege 15 view root secret 5 XXXXXXXXX
! 
!
archive
 log config
  hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
zone security Inbound
zone security Outbound
!
!
!
interface Null0
 no ip unreachables
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 no atm ilmi-keepalive
 dsl operating-mode auto 
!
interface ATM0.2 point-to-point
 description $FW_OUTSIDE$$ES_WAN$
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 2
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 10.16.232.40 255.255.255.0
 ip access-group 160 out
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
!
interface Dialer1
 description $FW_OUTSIDE$
 ip address negotiated
 ip access-group 150 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip inspect HQ out
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 2
 dialer-group 2
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname XXXXXXXX
 ppp chap password 7 XXXXXXXX
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
access-list 1 remark Auto generated by SDM Management Access feature
access-list 1 remark SDM_ACL Category=1
access-list 1 permit 10.16.234.0 0.0.0.255
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark SDM_ACL Category=128
access-list 101 permit ip host 255.255.255.255 any
access-list 101 permit ip 127.0.0.0 0.255.255.255 any
access-list 102 remark SDM_ACL Category=128
access-list 102 permit ip host 255.255.255.255 any
access-list 102 permit ip 127.0.0.0 0.255.255.255 any
access-list 103 remark SDM_ACL Category=128
access-list 103 permit ip host 255.255.255.255 any
access-list 103 permit ip 127.0.0.0 0.255.255.255 any
access-list 104 remark SDM_ACL Category=128
access-list 104 permit ip host 255.255.255.255 any
access-list 104 permit ip 127.0.0.0 0.255.255.255 any
access-list 105 remark SDM_ACL Category=128
access-list 105 permit ip host 255.255.255.255 any
access-list 105 permit ip 127.0.0.0 0.255.255.255 any
access-list 106 remark SDM_ACL Category=128
access-list 106 permit ip host 255.255.255.255 any
access-list 106 permit ip 127.0.0.0 0.255.255.255 any
access-list 107 remark SDM_ACL Category=128
access-list 107 permit ip host 255.255.255.255 any
access-list 107 permit ip 127.0.0.0 0.255.255.255 any
access-list 108 remark Auto generated by SDM Management Access feature
access-list 108 remark SDM_ACL Category=1
access-list 108 permit tcp 10.16.234.0 0.0.0.255 host 10.16.232.40 eq 22
access-list 108 permit tcp 10.16.234.0 0.0.0.255 host 10.16.232.40 eq www
access-list 108 permit tcp 10.16.234.0 0.0.0.255 host 10.16.232.40 eq cmd
access-list 108 remark Management
access-list 108 permit ip 10.0.0.0 0.255.255.255 host 10.16.232.40
access-list 108 deny   tcp any host 10.16.232.40 eq telnet
access-list 108 deny   tcp any host 10.16.232.40 eq 22
access-list 108 deny   tcp any host 10.16.232.40 eq www
access-list 108 deny   tcp any host 10.16.232.40 eq 443
access-list 108 deny   tcp any host 10.16.232.40 eq cmd
access-list 108 deny   udp any host 10.16.232.40 eq snmp
access-list 108 permit ip any any
access-list 109 remark Auto generated by SDM Management Access feature
access-list 109 remark SDM_ACL Category=1
access-list 109 permit ip 10.16.234.0 0.0.0.255 any
access-list 109 permit ip 10.16.232.0 0.0.0.255 any
access-list 110 remark SDM_ACL Category=128
access-list 110 permit ip host 255.255.255.255 any
access-list 110 permit ip 127.0.0.0 0.255.255.255 any
access-list 111 remark SDM_ACL Category=128
access-list 111 permit ip host 255.255.255.255 any
access-list 111 permit ip 127.0.0.0 0.255.255.255 any
access-list 112 remark SDM_ACL Category=128
access-list 112 permit ip host 255.255.255.255 any
access-list 112 permit ip 127.0.0.0 0.255.255.255 any
access-list 113 remark SDM_ACL Category=128
access-list 113 permit ip host 255.255.255.255 any
access-list 113 permit ip 127.0.0.0 0.255.255.255 any
access-list 114 remark SDM_ACL Category=128
access-list 114 permit ip host 255.255.255.255 any
access-list 114 permit ip 127.0.0.0 0.255.255.255 any
access-list 115 remark SDM_ACL Category=128
access-list 115 permit ip host 255.255.255.255 any
access-list 115 permit ip 127.0.0.0 0.255.255.255 any
access-list 116 remark SDM_ACL Category=128
access-list 116 permit ip host 255.255.255.255 any
access-list 116 permit ip 127.0.0.0 0.255.255.255 any
access-list 117 remark SDM_ACL Category=128
access-list 117 permit ip host 255.255.255.255 any
access-list 117 permit ip 127.0.0.0 0.255.255.255 any
access-list 150 remark Inbound Traffic Deny
access-list 150 remark SDM_ACL Category=17
access-list 150 permit udp host 212.139.132.43 eq domain any
access-list 150 deny   ip any any
access-list 150 permit udp host 212.139.132.44 eq domain any
access-list 160 remark SDM_ACL Category=17
access-list 160 permit ip 10.16.234.0 0.0.0.255 any log
access-list 160 permit ip 10.16.233.0 0.0.0.255 any
access-list 160 permit ip 10.16.232.0 0.0.0.255 any
dialer-list 2 protocol ip permit
no cdp run
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
 
Cisco Router and Security Device Manager (SDM) is installed on this device and 
it provides the default username "cisco" for  one-time use. If you have already 
used the username "cisco" to login to the router and your IOS image supports the 
"one-time" user option, then this username has already expired. You will not be 
able to login to the router with this username after you exit this session.
 
It is strongly suggested that you create a new username with a privilege level 
of 15 using the following command.
 
username <myuser> privilege 15 secret 0 <mypassword>
 
Replace <myuser> and <mypassword> with the username and password you want to 
use.
 
-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 no modem enable
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 access-class 109 in
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
sntp server 10.16.224.206
sntp source-interface Vlan1
end
[+][-]04/20/09 04:45 AM, ID: 24183605Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]04/20/09 04:56 AM, ID: 24183664Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04/20/09 05:32 AM, ID: 24183897Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04/20/09 05:35 AM, ID: 24183924Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]04/20/09 06:14 AM, ID: 24184199Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]04/20/09 06:15 AM, ID: 24184214Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091111-EE-VQP-92 - Hierarchy / EE_QW_3_20080625