• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1275
  • Last Modified:

Need Help with a Cisco 1841 Router Configuration

Here is my current config:

ciscorouter#show run
Building configuration...

Current configuration : 1795 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ciscorouter
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip domain lookup
ip domain name **************
!
username ************* privilege 15 secret 5 ***********
!
!
!
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$
 ip address 192.168.23.254 255.255.255.0
 ip policy route-map Internal
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description $ES_LAN$
 ip address 192.168.1.254 255.255.255.0
 ip policy route-map Internet
 duplex auto
 speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.23.10
!
ip http server
ip http authentication local
ip http timeout-policy idle 5 life 86400 requests 10000
!
access-list 101 permit tcp any any eq 3389
access-list 101 permit tcp any any eq www
access-list 101 permit tcp any any eq ftp
access-list 101 permit tcp any any eq 1433
access-list 101 permit tcp any any eq 2725
access-list 101 permit tcp any any eq 2393
access-list 101 permit tcp any any eq 2394
access-list 199 permit ip any any
route-map Internal permit 10
 match ip address 101
 match interface FastEthernet0/1
!
route-map Internet permit 11
 match ip address 101
 match interface FastEthernet0/0
!
route-map Internet permit 20
 match ip address 199
 set ip next-hop 192.168.1.10
!
!
control-plane
!
!
end

Here is my problem.  I am trying to use the ports specified, including RDP (3389), to be able to to go back and forth between the two subnets.  I can access RDP and WWW from the .1 subnet to the .23 subnet just fine, but when I try to RDP from .23 to the .1 subnet not only does it not work, but it also prevents me from going from .1 to .23 until I log into the router and run a few commands, like show run, and then log out.  After that it starts working normal again.  Can someone help?

Thanks
Chris
0
ATBChrisW
Asked:
ATBChrisW
  • 3
  • 3
  • 2
  • +1
1 Solution
 
mikefalconeCommented:
what are you trying to acomplish with route map Internet?


Also could you post a sh ip route
0
 
ATBChrisWAuthor Commented:
The route map was there from when we had to send certain traffic to different PIX firewalls to different T1 lines.  Now they all just go to the 192.168.23.10 PIX.  I will update with a sh ip route when I get a chance.
0
 
mikefalconeCommented:
try to remove that routemap, since it doesn't do anything right now. It could be causing your problem
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
ctrlescCommented:
I am not sure about the  route map Internet statements - I just don't have experience with them.

But looking over your config something does stand out. First the .1.254 address is assigned to fa0/1 as is the ACL 199 and .23.254 is assigned to fa0/0 with ACL 101 (these are mapped in the route-map statements.). So ACL 199 allows any traffic while 101 (on .23) allows only the stated TCP traffic, remember there is an explicit deny at the end of the ACL so as it is written only TCP traffic destined for one of the named ports are allowed and everything else would be denied.
So I could see you being able to ping from .1 and not .23. Don't know if this is the issue, but its the only thing I can think of from what I see.

Another thing I don't see is the routing protocal. Is it configured? Or did I just miss that?

I will be looking forward to seeing that sh ip route as well.

~z~
0
 
ctrlescCommented:
I agree with mikefalcone - i would remove the route map internet statements if they are not needed.

It's always a good idea to clean up thoes configs.

~z~
0
 
mikefalconeCommented:
Just remove the routemap internet, that is your problem
0
 
ATBChrisWAuthor Commented:
Thanks fo rthe info guys.  I don't have access until next week to the router but I set up a Lab and confirmed what you guys are saying.  It looks like I was just over complicating things.  I will make sure to give the points after I am able to make the change next week.  Thanks.

Chris
0
 
calvinetterCommented:
The ACLs used for route maps work like this: the ACLs are evaluated & if a match is found, the traffic is sent via whatever interface or next-hop IP is specified in the route map.  If a match isn't found, the traffic is sent via normal paths based on destination, ie, either based on dynamic routes or through your default gateway.  Route map ACLs don't "permit" or "deny" traffic, they simply match conditions & tell the router how to handle the traffic.

  If you're sure you don't need the route maps anymore, remove them from each interface.  eg:
int f0/0
no ip policy route-map Internet

cheers
0
 
ATBChrisWAuthor Commented:
Mike,

I just wanted to let you know that removing the routemaps did the trick.  Thanks.

Chris
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 3
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now