Not connection through Cisco 857 Router
We have a Cisco 857 configured to log onto our ISP and provied straight through access to our network. An ISA Server is the only internal connection to the router.
The problem we have, is that we get no external access at all. The router is connecting to our ISP as after monitoring the connection through the console, we are connecting to their gateway and we are recieving our IP Address from our ISP. The router is saying that a route has been established to the ISP's gateway.
But, when we check our SDM it is saying that our WAN Connection is down whilst when we check through a terminal session to the router it is saying it is up.
This is starting to drive me mad as, not being a cisco person, cannot figure our why it's not working, even after looking through all the troubleshooting tips from Cisco.
Our Running Config is:
Building configuration...
Current configuration : 2687 bytes
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable secret 5 $XXXXXXXXXXXXXXXXXXXXXXX.
!
username ************ privilege 15 secret 5 XXXXXXXXXXXXXXXXX.
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
no aaa new-model
ip subnet-zero
no ip source-route
!
!
ip cef
ip tcp synwait-time 10
no ip bootp server
no ip domain lookup
ip domain name yourdomain.com
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
!
!
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
no ip address
no cdp enable
!
interface FastEthernet1
no ip address
no cdp enable
!
interface FastEthernet2
no ip address
no cdp enable
!
interface FastEthernet3
no ip address
no cdp enable
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname *********************
ppp chap password 7 XXXXXXXXXXXXXX
ppp pap sent-username *************** password 7 XXXXXXXXXXXXXX
!
ip classless
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
!
ip access-list extended PERMITNAT101
remark SDM_ACL Category=2
permit tcp any any
permit udp any any
permit icmp any any
permit ip any any
!
logging trap debugging
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport preferred all
transport output telnet
line aux 0
login local
transport preferred all
transport output telnet
line vty 0 4
privilege level 15
login local
transport preferred all
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
Any help would be appreciated
The problem we have, is that we get no external access at all. The router is connecting to our ISP as after monitoring the connection through the console, we are connecting to their gateway and we are recieving our IP Address from our ISP. The router is saying that a route has been established to the ISP's gateway.
But, when we check our SDM it is saying that our WAN Connection is down whilst when we check through a terminal session to the router it is saying it is up.
This is starting to drive me mad as, not being a cisco person, cannot figure our why it's not working, even after looking through all the troubleshooting tips from Cisco.
Our Running Config is:
Building configuration...
Current configuration : 2687 bytes
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable secret 5 $XXXXXXXXXXXXXXXXXXXXXXX.
!
username ************ privilege 15 secret 5 XXXXXXXXXXXXXXXXX.
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
no aaa new-model
ip subnet-zero
no ip source-route
!
!
ip cef
ip tcp synwait-time 10
no ip bootp server
no ip domain lookup
ip domain name yourdomain.com
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
!
!
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
no ip address
no cdp enable
!
interface FastEthernet1
no ip address
no cdp enable
!
interface FastEthernet2
no ip address
no cdp enable
!
interface FastEthernet3
no ip address
no cdp enable
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname *********************
ppp chap password 7 XXXXXXXXXXXXXX
ppp pap sent-username *************** password 7 XXXXXXXXXXXXXX
!
ip classless
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
!
ip access-list extended PERMITNAT101
remark SDM_ACL Category=2
permit tcp any any
permit udp any any
permit icmp any any
permit ip any any
!
logging trap debugging
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport preferred all
transport output telnet
line aux 0
login local
transport preferred all
transport output telnet
line vty 0 4
privilege level 15
login local
transport preferred all
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
Any help would be appreciated
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
To lrmoore:
Ah, yes please. forgot about them.
I'll try those config options out and report back if anything else crops us.
Ah, yes please. forgot about them.
I'll try those config options out and report back if anything else crops us.
ASKER
Thats great guys, we can now get external access.
Thanks for that, i'll divvy the points up between you both.
From one problem to another. We also host an exchange server with Webmail, Active sync and Blackberry enterprise server.
Connecting via active sync is horrifically slow and the other two just time out. is there a way to speed up access to these services without compromising the security of the router?
Thanks for that, i'll divvy the points up between you both.
From one problem to another. We also host an exchange server with Webmail, Active sync and Blackberry enterprise server.
Connecting via active sync is horrifically slow and the other two just time out. is there a way to speed up access to these services without compromising the security of the router?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Lrmoore,
Would the command be something like:
IP nat inside source static tcp [External adderss] 25 [internal address] 25?
Is that the correct syntax for the command?
Would the command be something like:
IP nat inside source static tcp [External adderss] 25 [internal address] 25?
Is that the correct syntax for the command?
ASKER
Can I use the command in the following form:
ip nat inside source static tcp 192.168.1.2 25 interface dialer 0 25
or will I have to use IP address to create the NAT between them?
ip nat inside source static tcp 192.168.1.2 25 interface dialer 0 25
or will I have to use IP address to create the NAT between them?
ASKER
I have done the commands to no joy. This time I can't even get a response from the router via an external connection.
I should've added to the previous comment, our set up is as follows:
Cisco 857 --> ISA 2004 ---> Exchange Server.
The ISA is the gateway for the network and has 2 static addresses of 192.168.1.10 for external and 192.168.0.1 for internal.
192.168.0.1 is the gateway IP address.
The routers internal IP is 192.168.1.1 and we have a static IP address for our wan connection.
the command, ip nat inside source static tcp 192.168.1.2 80 x.x.x.x 80 doesn't seem to work.
Am I missing something? My config hasn't changed since I introduced the above command for external access.
I should've added to the previous comment, our set up is as follows:
Cisco 857 --> ISA 2004 ---> Exchange Server.
The ISA is the gateway for the network and has 2 static addresses of 192.168.1.10 for external and 192.168.0.1 for internal.
192.168.0.1 is the gateway IP address.
The routers internal IP is 192.168.1.1 and we have a static IP address for our wan connection.
the command, ip nat inside source static tcp 192.168.1.2 80 x.x.x.x 80 doesn't seem to work.
Am I missing something? My config hasn't changed since I introduced the above command for external access.
ASKER
Problem solved. my Dialer0 wasn't being used as the primary external connection for allowing traffic to come from outside to inside.
How can I divvy the points up between two people?
How can I divvy the points up between two people?
Use the Split Points link right above the comment box
Glad you've figured it out!
Glad you've figured it out!
ip route 0.0.0.0 0.0.0.0 dialer0