640K MSN DSL, Cisco 806 router and a VPN

As of right now, I have an MSN (Arescom NetDSL 800 DSL: ND860VUE-MSNV1.92) line networked to two computers using a PC with Windows Server 2003 as a router.  I've tried to configure my Cisco 802 router (IOS Version 12.2) to work with the DSL line, but to no avail.  I believe that the NAT IP address is 63.227.169.70  I have a CCNA certification, so I know my way around the Cisco IOS, but for the life of my, I can't get it to work.  If anyone has some tips I would really appreciate it.  Also, I do a lot of work away from home and would like to set up a VPN connection so I can access my LAN from school.  I don't know if I need port address translation in the DSL modem or not.  Any help there also would be great.  Thanks
jjt187Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rogue_phoenixCommented:
where is it failing? between the cisco & the ISP, between the win2k3 router, or between the clients & the router? hint: try pinging outbound from each to somewhere that you know will return pings.



jjt187Author Commented:
Cisco Router
E0(LAN): 192.168.0.1
E1(WAN): 192.168.1.2

DSL Modem
LAN: 192.168.1.1
WAN: 63.227.169.70

Host A: 192.168.0.2
Host B: 192.168.0.3
Host C: 192.168.0.4

I can ping from each host to E0, E1 and nat address on the modem, but not to the public address.  I can't ping from the router to all the hosts and the nat address on the modem but not to the public.  So it's failing somewhere between the WAN port on the router and the WAN port on the modem.  I think it might have something to do with the NAT in the modem, but I'm not sure
svenkarlsenCommented:
Why do you want to have the router on in the first place, - wouldn't a switch be ok ?

...never mind:

1. Is your problem that you can't get through to the internet or is it that you can't ping your public IP ?
2. is the problem only present with the Cisco box on (can you use a pc up against the modem without problems)?
3. how about turning NAT of on the Cisco box and using it as bridge (changing IPs on private LAN modems subnet) ?
SolarWinds® VoIP and Network Quality Manager(VNQM)

WAN and VoIP monitoring tools that can help with troubleshooting via an intuitive web interface. Review quality of service data, including jitter, latency, packet loss, and MOS. Troubleshoot call performance and correlate call issues with WAN performance for Cisco and Avaya calls

jjt187Author Commented:
on either the router, or any host, the farthest I can ping is the lan side of the modem. 192.168.1.1  I can't ping my or any other public address.

I have to use a router because the LAN side of the modem is subnetted 255.255.255.252  That only allows for 192.168.1.1 and 1.2 so just using a switch won't work.  There no way to reconfigure the modem.

I don't have NAT on my router because the modem uses NAT so by the time an address would hit my router, it would have already been translated.  Since the modem's configuration isn't changable, the WAN port on my router has to be 192.168.1.x and any other private address subnet on the LAN side.
svenkarlsenCommented:
OK, just one answer missing: does it work with a pc connected directly to the modem?

The fact that you can't ping through from the router is the catch. If a pc connected directly to the router is able to do so, then we should probably suspect your ISP of being so restrictive that he has configured the modem to watch for routers on the private side (I don't know how, but I've had a few guys with your problem).

And since my suggestion in last comment was to turn NAT of on the router,
I will now suggest that you turn it on instead ;-)


Regards,
Sven
svenkarlsenCommented:
How is the Win server configured against the modem, - is it set to use DHCP, then: have you tried setting your router to DHCP on the WAN-side ?
jjt187Author Commented:
Yeah, it works great with just a pc plugged into the modem.  Right now I have two pc's connected to a switch, the switch connected to the first nic in my server, and the modem connected to the other nic in my server.  So right now, the server is also acting as a router using Internet Connection Sharing with Windows Server 2003 Enterprise and everything is working fine.  when I replace the server with the cisco router is when I get into trouble.  

I've tried configuring NAT on the router also, but that doesn't work either.  I don't belive that it needs NAT because NAT in configured inside the modem.  I don't think I would have to translate address twice.  
jjt187Author Commented:
yeah, I have ICS configured for DHCP so all my host have dynamic addresses.  The modem also uses DHCP.  Right now I have the nic connected to modem set to get an address dynamicly; the address is 192.168.1.2    The DHCP server in the modem is 1.1  I've tried setting a static address of 192.168.1.2,  1.1  and DHCP on wan port of the router.  Still nothing
jjt187Author Commented:
here's my running config
                   
Cisco806#sh run                                                                          
Building configuration...                        

Current configuration : 599 bytes                                
!
version 12.2            
no parser cache              
no service single-slot-reload-enable                                    
no service pad              
service timestamps debug uptime                              
service timestamps log uptime                            
no service password-encryption                              
!
hostname Cisco806                
!
logging rate-limit console 10 except errors                                          
enable password class                    
!
ip subnet-zero              
!
no ip dhcp-client network-discovery                                  
lcp max-session-s                
lcp max-session-s                
!
!
interface Ethernet0
 ip address 192.168.0.1 255.255.255.0
!
interface Ethernet1
 ip address dhcp
!
ip classless
ip http server
!
!
line con 0
 password cisco
 login
 stopbits 1
line vty 0 4
 password cisco
 login
!
scheduler max-task-time 5000
end
svenkarlsenCommented:
Sorry, - I'm no wizard on Cisco, but isn't eth0 the WAN-side ?
jjt187Author Commented:
E1 is the wan port
svenkarlsenCommented:
Would be nice with some standard, - it's the other way round on the PIX'es  ;-)
svenkarlsenCommented:
well, I'm not sure it's the cause, but there's no route in your config (you should still be able to ping the modem though?).
jjt187Author Commented:
I'll try a static route to the modem and see what happens
svenkarlsenCommented:
When you've tested the router, have you just swapped the cable from the server to the router without releasing the DHCP-lease from the server first ? In that case there will be a possible conflict .

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jjt187Author Commented:
I just noticed that I CANNOT ping from my hosts thourgh the router to the LAN port on my modem (192.168.1.1) but I CAN ping that address from both router interfaces.  That might change when I add static route into the routing table, but I'll have to think about the syntax of the command.  I think it's  #ip route (destination network) (subnet mask) (next hop ip)   but I'm not sure what addresses to use.
jjt187Author Commented:
I figured it out.  I didn't have the ip name-servers (DNS) configured on the router...here is the working config

no parser cache
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption

hostname Cisco806

logging rate-limit console 10 except errors
enable password class

ip subnet-zero
ip name-server 207.255.0.1
ip name-server 209.181.12.1
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.2

ip dhcp pool CLIENT
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
   dns-server 207.255.0.1 209.181.12.1

no ip dhcp-client network-discovery
lcp max-session-starts 0



interface Ethernet0
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 no ip mroute-cache
 no cdp enable
 hold-queue 32 in

interface Ethernet1
 ip address 192.168.1.2 255.255.255.252
 ip nat outside
 no ip mroute-cache
 no cdp enable

ip nat inside source list 102 interface Ethernet1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
no ip http server

access-list 102 permit ip 10.10.10.0 0.0.0.255 any
no cdp run

line con 0
 password cisco
 login
 stopbits 1
line vty 0 4
 password cisco
 login

scheduler max-task-time 5000
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.