• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3810
  • Last Modified:

Configuring Cisco 2611 for SBC DSL via PPPOE using 2 ethernet ports 10 mbit

Equipment is a cisco 2611 with 64mb dram/16mb flash
ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
ROM: C2600 Software (C2600-IK9O3S3-M), Version 12.3(18), RELEASE SOFTWARE (fc3)

Router uptime is 4 hours, 17 minutes
System returned to ROM by power-on
System image file is "flash:c2600-ik9o3s3-mz.123-18.bin"

cisco 2611 (MPC860) processor (revision 0x203) with 61440K/4096K bytes of memory
Processor board ID JAD03401479 (4229118108)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
16384K bytes of processor board System flash (Read/Write)

I have configured the router to dial up to sbc via vpdn and successfully connect and create a virtual access 1 and get a public ip.
And i have configured dhcp on eth0/0, eth 0/1 is connected to a dsl modem.
so eth0/0 is connected to my cisco 2900xl switch and my pc plugs in there,
anyways i had my pc connecte directly to the router lan port and i got an ip and all the info, how ever i was unable to ping the gateway and dns was not working, even from within the router i was unable to ping the gateway or any websites.
I have my current config located here
I have a log of the dialer 1 interface connected.
Not sure how or what to do to specify the dns server for the ip dhcp pool LANPOOL, i called sbc and got the dns servers that use and tried that in the dhcp pool dns-server line and that did nothing,
is there a way to get the dns servers that dialer 1 grabs, I cannot find out how to view the info beside sh int dial1.
I also set up an access list.
Any help will be greatly appreciated.
400 points for this.

  • 5
  • 5
1 Solution
Few things.

Login to the router
config term
no ip nat inside source list NAT interface Ethernet0/1 overload
ip nat inside source list NAT interfaceinterface Dialer1 overload

Also change your DHCP setting

ip dhcp pool LANPOOL
   domain-name KANE-LAN.COM
   dns-server ThisShouldBeTheDNSProvidedBySBC
   lease 3

Also add the following

ip route dialer 1

Try again and post your results. Try to ping from router somthing like and then try the same from a workstation. You will need to renew the DHCP on workstation before it works.
kane77573Author Commented:
its working now, thanks alot
one more question.
im trying to to hit my citrix server from the public ip
the lan ip is port 1494 tcp and port 1604 udp
also port 80
and do i confugre it the dialer 1 or the eth interface
here is what i have so far.

ip nat inside source list NAT interface Dialer1 overload
ip nat inside source static tcp 80 interface Ethernet0/0 80
ip nat inside source static tcp 1494 interface Dialer1 1494
ip nat inside source static tcp 5901 interface Dialer1 5901
ip nat inside source static tcp 5900 interface Dialer1 5900
ip nat inside source static tcp 21 interface Dialer1 21
ip nat inside source static udp 1604 interface Dialer1 1604
ip http server
no ip http secure-server
ip classless
ip route Dialer1
You are on the right trick, for the said ports you only need the following statements

ip nat inside source static tcp 80 interface Dialer1 80
ip nat inside source static tcp 1494 interface Dialer1 1494
ip nat inside source static udp 1604 interface Dialer1 1604

If you are not getting static IP address, you will need some king of resolution to connect.

ip http server opens Web Interface for the router, it is always more secure to disable it if not being used.

no ip http server

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

kane77573Author Commented:
yeh the ip is not static is my server and is running a static ip
so what would work here

cuz i wana use my citrix servers which r port 80 1494 tcp and port 1604 udp to hit
thanks again
The three translation I posted earlier are good, so they will work. Give it a try by connecting from outside.

Dynamic IP Address; you may want to use Dynamic DNS to solve this problem, a good site to start with is dyndns.org; just register a domain with them (which is free for basic), install a small client on your Citrix Server, which will keep your IP Address updated. I do not know how often your DNS server will change, but normally with high speed Internet connections, the lease time is over 30 days.
kane77573Author Commented:
if i enable crypto will it cause major delay or lag
is there a upside and downside to it
i d have 64mb of dram and 16 mb flash
i wanna encrpt thnigs but not slow things down or overwork the cpu on the router.
you get 400 points
thanks alo
im just starting school for ccna ccnp cisco security and cisco wireless certs
crypto is for encryption only on the VPN traffic, you will need to setup VPN on the router and on the clients before you can use it. Enabling crypto will not do anything untill the VPN is setup and complete.

You can read more about VPN in the following link:


kane77573Author Commented:
o so it only applies to vpn connections not lan or anything nated or any thing on an interface?
That is correct. For LAN, if you are using Citrix or Web Server, you will need to setup SSL on the Server itself for the encryption OR you can setup VPN tunnels between client and Cisco Router.

If you have few clients like 2-3, VPN setup on the Cisco router will be cheaper, if you have more users, SSL on the server will be a better option.

SSL needs to be setup on the server ONLY, no configuration is required on the clients, with VPN, no configuration is required on the server, but you will have to configure the router and each client.

NAT: same thing, if they are accessing SSL or secure websites, information is secure, for other like IM, HTTP, FTP etc. it will not be.
kane77573Author Commented:
understood, jsut wasnt sure if it applied to all data going through it or not, thanks alot
i had a pain searching for any helpo unless it was a adsl wic card
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now