Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Cisco 2600 as a home DSL router - problems

Posted on 2003-03-11
6
Medium Priority
?
392 Views
Last Modified: 2010-03-19
I'm trying to configure my 2600 as a router for my home LAN to my DSL service provider. After upgrading the IOS I am now able to pickup a DHCP address from my service provider. I can ping from my router and resolve domain names, I can also ping the 2 windows XP PC's on my home LAN. I can't get my PC's to ping past my outside interface on my router however, e0/0. I know that my service provider arn't blocking ICMP because I have asked them, and I can ping from my router. I am sure, that it's something small like NAT or an access list. I have posted one question on this and after much effort we couldn't get it to work.

Please help. The previous question was, it might help you understand what we tried : http://www.experts-exchange.com/Networking/Broadband/DSL_Cable/Q_20525298.html 

My current router config is:

Current configuration : 1064 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router
!
enable password 7 094D5B1B100216
!
ip subnet-zero
!
ip domain round-robin
!
no call rsvp-sync
!
interface Ethernet0/0
description outside DHCP DSL interface
mac-address 0002.a560.b487
ip address dhcp
ip access-group 100 in
ip nat outside
no ip mroute-cache
no keepalive
half-duplex
no cdp enable
!
interface Ethernet0/1
description Inside static Interface to my LAN
ip address 192.168.0.254 255.255.255.0
ip nat inside
half-duplex
!
router rip
version 2
passive-interface Ethernet0/0
network 192.168.1.0
no auto-summary
!
ip nat inside source list 1 interface Ethernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
ip route 0.0.0.0 255.255.255.0 10.64.0.1 permanent
no ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip any any
!
dial-peer cor custom
!
line con 0
line aux 0
line vty 0 4
password 7 13040200020B05
login
!
end

any help would be appreciated
0
Comment
Question by:jbartosik
  • 2
  • 2
  • 2
6 Comments
 
LVL 18

Expert Comment

by:chicagoan
ID: 8113123
ip route 0.0.0.0 255.255.255.0 10.64.0.1 permanent

What's 10.64.0.1? if you're on DHCP from your ISP you ought to need only

ip route 0.0.0.0 0.0.0.0 Ethernet0/0

Any packet destined for a subnet other than 192.168.0.X will be put on E0/0...
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 8113156
oops, just noticed this as well...
One would think a simple static default route to E0/0 should suffice.

Where did this idea come from?
router rip
version 2
passive-interface Ethernet0/0
network 192.168.1.0
no auto-summary
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 1200 total points
ID: 8113539
The problem could be in your access-list 1
Your internal clients are 192.168.0.x
You have defined 192.168.1.x to use nat

>CURRENT:
interface Ethernet0/1
description Inside static Interface to my LAN
ip address 192.168.0.254 255.255.255.0

access-list 1 permit 192.168.1.0 0.0.0.255


FIX:
no access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.0.0 0.0.0.255


Suggest that you use something other than subnet zero, or 1, this is way too common today and causes issues later on if you want to connect to another lan (like at the office) that is also on the same subnet.
Suggest a higher number, i.e. 192.168.222.x
Scans starting at 192.168.0.0 take longer to find you at 192.168.222.x, and you can generally determine that a scan is taking place long before they find you this way.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 

Author Comment

by:jbartosik
ID: 8118277
Chigocan and lrmoore, thanks for your help, as soon as deleted the other stuff and put in access-list 1 permit 192.168.0.0 0.0.0.255 it started to work. We tried all kinds of things in the other question, but that made it work. I will change my subnet as you suggest. Thanks for your help, my working config is now:

Current configuration : 900 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router
!
enable password 7 094D5B1B100216
!
ip subnet-zero
!
!
ip domain round-robin
!
no call rsvp-sync
!
!
!
interface Ethernet0/0
 description outside DHCP DSL interface
 mac-address 0002.a560.b487
 ip address dhcp
 ip access-group 100 in
 ip nat outside
 no ip mroute-cache
 no keepalive
 half-duplex
 no cdp enable
!
interface Ethernet0/1
 description Inside static Interface to my LAN
 ip address 192.168.0.254 255.255.255.0
 ip nat inside
 half-duplex
!
ip nat inside source list 1 interface Ethernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
no ip http server
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 permit ip any any
!
dial-peer cor custom
!
!
!
!
line con 0
line aux 0
line vty 0 4
 password 7 13040200020B05
 login
!
end

0
 

Author Comment

by:jbartosik
ID: 8118284
Thanks very much for getting this working, fantastic.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8118891
You're welcome.
Now, follow the Cisco Router guides here to make it secure:

http://www.nsa.gov/snac/index.html
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
This applies to Dell but may also apply to other manufacturers as well. We ran across a few machines that just dropped recently it trust relationship with the server. After doing the basic removing and joining the domain again, it changed to No logo…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question