Solved

640K MSN DSL, Cisco 806 router and a VPN

Posted on 2003-11-06
19
458 Views
Last Modified: 2012-06-27
As of right now, I have an MSN (Arescom NetDSL 800 DSL: ND860VUE-MSNV1.92) line networked to two computers using a PC with Windows Server 2003 as a router.  I've tried to configure my Cisco 802 router (IOS Version 12.2) to work with the DSL line, but to no avail.  I believe that the NAT IP address is 63.227.169.70  I have a CCNA certification, so I know my way around the Cisco IOS, but for the life of my, I can't get it to work.  If anyone has some tips I would really appreciate it.  Also, I do a lot of work away from home and would like to set up a VPN connection so I can access my LAN from school.  I don't know if I need port address translation in the DSL modem or not.  Any help there also would be great.  Thanks
0
Comment
Question by:jjt187
  • 9
  • 7
19 Comments
 
LVL 1

Expert Comment

by:rogue_phoenix
ID: 9698380
where is it failing? between the cisco & the ISP, between the win2k3 router, or between the clients & the router? hint: try pinging outbound from each to somewhere that you know will return pings.



0
 

Author Comment

by:jjt187
ID: 9698421
Cisco Router
E0(LAN): 192.168.0.1
E1(WAN): 192.168.1.2

DSL Modem
LAN: 192.168.1.1
WAN: 63.227.169.70

Host A: 192.168.0.2
Host B: 192.168.0.3
Host C: 192.168.0.4

I can ping from each host to E0, E1 and nat address on the modem, but not to the public address.  I can't ping from the router to all the hosts and the nat address on the modem but not to the public.  So it's failing somewhere between the WAN port on the router and the WAN port on the modem.  I think it might have something to do with the NAT in the modem, but I'm not sure
0
 
LVL 9

Expert Comment

by:svenkarlsen
ID: 9698488
Why do you want to have the router on in the first place, - wouldn't a switch be ok ?

...never mind:

1. Is your problem that you can't get through to the internet or is it that you can't ping your public IP ?
2. is the problem only present with the Cisco box on (can you use a pc up against the modem without problems)?
3. how about turning NAT of on the Cisco box and using it as bridge (changing IPs on private LAN modems subnet) ?
0
 

Author Comment

by:jjt187
ID: 9698535
on either the router, or any host, the farthest I can ping is the lan side of the modem. 192.168.1.1  I can't ping my or any other public address.

I have to use a router because the LAN side of the modem is subnetted 255.255.255.252  That only allows for 192.168.1.1 and 1.2 so just using a switch won't work.  There no way to reconfigure the modem.

I don't have NAT on my router because the modem uses NAT so by the time an address would hit my router, it would have already been translated.  Since the modem's configuration isn't changable, the WAN port on my router has to be 192.168.1.x and any other private address subnet on the LAN side.
0
 
LVL 9

Expert Comment

by:svenkarlsen
ID: 9698624
OK, just one answer missing: does it work with a pc connected directly to the modem?

The fact that you can't ping through from the router is the catch. If a pc connected directly to the router is able to do so, then we should probably suspect your ISP of being so restrictive that he has configured the modem to watch for routers on the private side (I don't know how, but I've had a few guys with your problem).

And since my suggestion in last comment was to turn NAT of on the router,
I will now suggest that you turn it on instead ;-)


Regards,
Sven
0
 
LVL 9

Expert Comment

by:svenkarlsen
ID: 9698650
How is the Win server configured against the modem, - is it set to use DHCP, then: have you tried setting your router to DHCP on the WAN-side ?
0
 

Author Comment

by:jjt187
ID: 9698659
Yeah, it works great with just a pc plugged into the modem.  Right now I have two pc's connected to a switch, the switch connected to the first nic in my server, and the modem connected to the other nic in my server.  So right now, the server is also acting as a router using Internet Connection Sharing with Windows Server 2003 Enterprise and everything is working fine.  when I replace the server with the cisco router is when I get into trouble.  

I've tried configuring NAT on the router also, but that doesn't work either.  I don't belive that it needs NAT because NAT in configured inside the modem.  I don't think I would have to translate address twice.  
0
 

Author Comment

by:jjt187
ID: 9698673
yeah, I have ICS configured for DHCP so all my host have dynamic addresses.  The modem also uses DHCP.  Right now I have the nic connected to modem set to get an address dynamicly; the address is 192.168.1.2    The DHCP server in the modem is 1.1  I've tried setting a static address of 192.168.1.2,  1.1  and DHCP on wan port of the router.  Still nothing
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:jjt187
ID: 9698709
here's my running config
                   
Cisco806#sh run                                                                          
Building configuration...                        

Current configuration : 599 bytes                                
!
version 12.2            
no parser cache              
no service single-slot-reload-enable                                    
no service pad              
service timestamps debug uptime                              
service timestamps log uptime                            
no service password-encryption                              
!
hostname Cisco806                
!
logging rate-limit console 10 except errors                                          
enable password class                    
!
ip subnet-zero              
!
no ip dhcp-client network-discovery                                  
lcp max-session-s                
lcp max-session-s                
!
!
interface Ethernet0
 ip address 192.168.0.1 255.255.255.0
!
interface Ethernet1
 ip address dhcp
!
ip classless
ip http server
!
!
line con 0
 password cisco
 login
 stopbits 1
line vty 0 4
 password cisco
 login
!
scheduler max-task-time 5000
end
0
 
LVL 9

Expert Comment

by:svenkarlsen
ID: 9698782
Sorry, - I'm no wizard on Cisco, but isn't eth0 the WAN-side ?
0
 

Author Comment

by:jjt187
ID: 9698788
E1 is the wan port
0
 
LVL 9

Expert Comment

by:svenkarlsen
ID: 9698814
Would be nice with some standard, - it's the other way round on the PIX'es  ;-)
0
 
LVL 9

Expert Comment

by:svenkarlsen
ID: 9698828
well, I'm not sure it's the cause, but there's no route in your config (you should still be able to ping the modem though?).
0
 

Author Comment

by:jjt187
ID: 9698835
I'll try a static route to the modem and see what happens
0
 
LVL 9

Accepted Solution

by:
svenkarlsen earned 400 total points
ID: 9698908
When you've tested the router, have you just swapped the cable from the server to the router without releasing the DHCP-lease from the server first ? In that case there will be a possible conflict .

0
 

Author Comment

by:jjt187
ID: 9699039
I just noticed that I CANNOT ping from my hosts thourgh the router to the LAN port on my modem (192.168.1.1) but I CAN ping that address from both router interfaces.  That might change when I add static route into the routing table, but I'll have to think about the syntax of the command.  I think it's  #ip route (destination network) (subnet mask) (next hop ip)   but I'm not sure what addresses to use.
0
 

Author Comment

by:jjt187
ID: 9727700
I figured it out.  I didn't have the ip name-servers (DNS) configured on the router...here is the working config

no parser cache
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption

hostname Cisco806

logging rate-limit console 10 except errors
enable password class

ip subnet-zero
ip name-server 207.255.0.1
ip name-server 209.181.12.1
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.2

ip dhcp pool CLIENT
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
   dns-server 207.255.0.1 209.181.12.1

no ip dhcp-client network-discovery
lcp max-session-starts 0



interface Ethernet0
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 no ip mroute-cache
 no cdp enable
 hold-queue 32 in

interface Ethernet1
 ip address 192.168.1.2 255.255.255.252
 ip nat outside
 no ip mroute-cache
 no cdp enable

ip nat inside source list 102 interface Ethernet1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
no ip http server

access-list 102 permit ip 10.10.10.0 0.0.0.255 any
no cdp run

line con 0
 password cisco
 login
 stopbits 1
line vty 0 4
 password cisco
 login

scheduler max-task-time 5000
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Some time ago I was asked to set up a web portal PC to put at our entrance. When customers arrive, they could see a webpage 'promoting' our company. So I tried to set up a windows 7 PC as a kiosk PC.......... I will spare you all the annoyances I…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now