kane77573
asked on
Configuring Cisco 2611 for SBC DSL via PPPOE using 2 ethernet ports 10 mbit
Equipment is a cisco 2611 with 64mb dram/16mb flash
ios
ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
ROM: C2600 Software (C2600-IK9O3S3-M), Version 12.3(18), RELEASE SOFTWARE (fc3)
Router uptime is 4 hours, 17 minutes
System returned to ROM by power-on
System image file is "flash:c2600-ik9o3s3-mz.12
cisco 2611 (MPC860) processor (revision 0x203) with 61440K/4096K bytes of memory
.
Processor board ID JAD03401479 (4229118108)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
I have configured the router to dial up to sbc via vpdn and successfully connect and create a virtual access 1 and get a public ip.
And i have configured dhcp on eth0/0, eth 0/1 is connected to a dsl modem.
so eth0/0 is connected to my cisco 2900xl switch and my pc plugs in there,
anyways i had my pc connecte directly to the router lan port and i got an ip and all the info, how ever i was unable to ping the gateway and dns was not working, even from within the router i was unable to ping the gateway or any websites.
I have my current config located here
http://notechlimit.com/cisco/2611_DSL.txt
I have a log of the dialer 1 interface connected.
http://notechlimit.com/cisco/dsl.txt
Not sure how or what to do to specify the dns server for the ip dhcp pool LANPOOL, i called sbc and got the dns servers that use and tried that in the dhcp pool dns-server line and that did nothing,
is there a way to get the dns servers that dialer 1 grabs, I cannot find out how to view the info beside sh int dial1.
I also set up an access list.
Any help will be greatly appreciated.
400 points for this.
ios
ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
ROM: C2600 Software (C2600-IK9O3S3-M), Version 12.3(18), RELEASE SOFTWARE (fc3)
Router uptime is 4 hours, 17 minutes
System returned to ROM by power-on
System image file is "flash:c2600-ik9o3s3-mz.12
cisco 2611 (MPC860) processor (revision 0x203) with 61440K/4096K bytes of memory
.
Processor board ID JAD03401479 (4229118108)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)
I have configured the router to dial up to sbc via vpdn and successfully connect and create a virtual access 1 and get a public ip.
And i have configured dhcp on eth0/0, eth 0/1 is connected to a dsl modem.
so eth0/0 is connected to my cisco 2900xl switch and my pc plugs in there,
anyways i had my pc connecte directly to the router lan port and i got an ip and all the info, how ever i was unable to ping the gateway and dns was not working, even from within the router i was unable to ping the gateway or any websites.
I have my current config located here
http://notechlimit.com/cisco/2611_DSL.txt
I have a log of the dialer 1 interface connected.
http://notechlimit.com/cisco/dsl.txt
Not sure how or what to do to specify the dns server for the ip dhcp pool LANPOOL, i called sbc and got the dns servers that use and tried that in the dhcp pool dns-server line and that did nothing,
is there a way to get the dns servers that dialer 1 grabs, I cannot find out how to view the info beside sh int dial1.
I also set up an access list.
Any help will be greatly appreciated.
400 points for this.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You are on the right trick, for the said ports you only need the following statements
ip nat inside source static tcp 192.168.1.3 80 interface Dialer1 80
ip nat inside source static tcp 192.168.1.3 1494 interface Dialer1 1494
ip nat inside source static udp 192.168.1.3 1604 interface Dialer1 1604
If you are not getting static IP address, you will need some king of resolution to connect.
ip http server opens Web Interface for the router, it is always more secure to disable it if not being used.
no ip http server
ip nat inside source static tcp 192.168.1.3 80 interface Dialer1 80
ip nat inside source static tcp 192.168.1.3 1494 interface Dialer1 1494
ip nat inside source static udp 192.168.1.3 1604 interface Dialer1 1604
If you are not getting static IP address, you will need some king of resolution to connect.
ip http server opens Web Interface for the router, it is always more secure to disable it if not being used.
no ip http server
ASKER
yeh the ip is not static
192.168.1.3 is my server and is running a static ip
so what would work here
cuz i wana use my citrix servers which r port 80 1494 tcp and port 1604 udp to hit 192.168.1.3
thanks again
192.168.1.3 is my server and is running a static ip
so what would work here
cuz i wana use my citrix servers which r port 80 1494 tcp and port 1604 udp to hit 192.168.1.3
thanks again
The three translation I posted earlier are good, so they will work. Give it a try by connecting from outside.
Dynamic IP Address; you may want to use Dynamic DNS to solve this problem, a good site to start with is dyndns.org; just register a domain with them (which is free for basic), install a small client on your Citrix Server, which will keep your IP Address updated. I do not know how often your DNS server will change, but normally with high speed Internet connections, the lease time is over 30 days.
Dynamic IP Address; you may want to use Dynamic DNS to solve this problem, a good site to start with is dyndns.org; just register a domain with them (which is free for basic), install a small client on your Citrix Server, which will keep your IP Address updated. I do not know how often your DNS server will change, but normally with high speed Internet connections, the lease time is over 30 days.
ASKER
k
if i enable crypto will it cause major delay or lag
is there a upside and downside to it
i d have 64mb of dram and 16 mb flash
i wanna encrpt thnigs but not slow things down or overwork the cpu on the router.
you get 400 points
thanks alo
im just starting school for ccna ccnp cisco security and cisco wireless certs
if i enable crypto will it cause major delay or lag
is there a upside and downside to it
i d have 64mb of dram and 16 mb flash
i wanna encrpt thnigs but not slow things down or overwork the cpu on the router.
you get 400 points
thanks alo
im just starting school for ccna ccnp cisco security and cisco wireless certs
crypto is for encryption only on the VPN traffic, you will need to setup VPN on the router and on the clients before you can use it. Enabling crypto will not do anything untill the VPN is setup and complete.
You can read more about VPN in the following link:
http://www.cisco.com/en/US/tech/tk583/tsd_technology_support_category_home.html
You can read more about VPN in the following link:
http://www.cisco.com/en/US/tech/tk583/tsd_technology_support_category_home.html
ASKER
o so it only applies to vpn connections not lan or anything nated or any thing on an interface?
That is correct. For LAN, if you are using Citrix or Web Server, you will need to setup SSL on the Server itself for the encryption OR you can setup VPN tunnels between client and Cisco Router.
If you have few clients like 2-3, VPN setup on the Cisco router will be cheaper, if you have more users, SSL on the server will be a better option.
SSL needs to be setup on the server ONLY, no configuration is required on the clients, with VPN, no configuration is required on the server, but you will have to configure the router and each client.
NAT: same thing, if they are accessing SSL or secure websites, information is secure, for other like IM, HTTP, FTP etc. it will not be.
If you have few clients like 2-3, VPN setup on the Cisco router will be cheaper, if you have more users, SSL on the server will be a better option.
SSL needs to be setup on the server ONLY, no configuration is required on the clients, with VPN, no configuration is required on the server, but you will have to configure the router and each client.
NAT: same thing, if they are accessing SSL or secure websites, information is secure, for other like IM, HTTP, FTP etc. it will not be.
ASKER
understood, jsut wasnt sure if it applied to all data going through it or not, thanks alot
i had a pain searching for any helpo unless it was a adsl wic card
i had a pain searching for any helpo unless it was a adsl wic card
ASKER
one more question.
im trying to to hit my citrix server from the public ip
the lan ip is 192.168.1.3 port 1494 tcp and port 1604 udp
also port 80
and do i confugre it the dialer 1 or the eth interface
here is what i have so far.
ip nat inside source list NAT interface Dialer1 overload
ip nat inside source static tcp 192.168.1.3 80 interface Ethernet0/0 80
ip nat inside source static tcp 192.168.1.3 1494 interface Dialer1 1494
ip nat inside source static tcp 192.168.1.3 5901 interface Dialer1 5901
ip nat inside source static tcp 192.168.1.3 5900 interface Dialer1 5900
ip nat inside source static tcp 192.168.1.3 21 interface Dialer1 21
ip nat inside source static udp 192.168.1.3 1604 interface Dialer1 1604
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1