Solved

Cisco 1801 router - how to configure next hop to allow interfaces to access "outside"

Posted on 2008-10-22
5
1,119 Views
Last Modified: 2008-10-31
Using a Cisco 1801 router - see config below concerning interfaces and access-list.
I have the PPP (Dialer1, outside) up and working, happily ping external IP's on the Web.
Using FastEthernet0 as my "inside" IP 192.168.34.254  and have configured VLAN100 IP address 192.168.35.230 and added FastEthernet1-8 to this VLAN100 . My clients connected in FastEthernet1-8 have Def Gateway set to 192.168.35.230.
I have added ip route 0.0.0.0 0.0.0.0 Dialer1 thinking this should provide my next hop. I dont seem to get any traffic from the VLAN100 going out. I have posted the config in relation to interfaces and access-lists below.

interface FastEthernet0
 ip address 192.168.34.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 speed 100
 full-duplex
 vlan-id dot1q 10
  exit-vlan-config
 !
 vlan-id dot1q 1
  exit-vlan-config
 !
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
!
interface FastEthernet1
 switchport access vlan 100
 duplex full
 speed 100
 vlan-id dot1q 1
  exit-vlan-config
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface Virtual-PPP1
 no ip address
 no cdp enable
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$
 no ip address
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface Vlan100
 ip address 192.168.35.230 255.255.255.0
!
interface Dialer1
 description internet dialer
 ip address xxx.xxx.xxx.xxx 255.255.255.240
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap chap callin
 ppp chap hostname xxxxx7@hg39.btclick.com
 ppp chap password 0 xxxxx01
 ppp pap sent-username xxxxxxx7@hg39.btclick.com password 0 xxxxxx01
 ppp ipcp dns request
 ppp ipcp wins request
 crypto map intamap
!
interface Dialer2
 no ip address
 shutdown
 no cdp enable

ip route 0.0.0.0 0.0.0.0 Dialer1
ip nat inside source list 1 interface Dialer1 overload
access-list 1 permit 192.168.34.0 0.0.0.255
access-list 1 permit 192.168.35.0 0.0.0.255
dialer-list 1 protocol ip permit

0
Comment
Question by:ccfcfc
  • 2
  • 2
5 Comments
 
LVL 16

Expert Comment

by:btassure
ID: 22775284
Can you post a show ip route please?
0
 

Author Comment

by:ccfcfc
ID: 22775396
See output below :-
ntamac-dev-backup#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
     217.41.207.0/32 is subnetted, 1 subnets
C       217.41.207.73 is directly connected, Dialer1
     217.41.116.0/28 is subnetted, 1 subnets
C       217.41.116.224 is directly connected, Dialer1
C    192.168.35.0/24 is directly connected, Vlan100
S*   0.0.0.0/0 is directly connected, Dialer1
intamac-dev-backup#
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 22775533
You need to specify the VLAN 100 interface as a NAT inside interface.

conf t
interface Vlan100
ip nat inside
0
 

Author Comment

by:ccfcfc
ID: 22776266
Excellent, but although i have enabled DNS and when on the router it used DNS, do I need toset the servers to what IP/interface to utilsie DNS on the PPP link ?
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22776328
Yes, if the servers are static IP addressed, you need to use your ISP's DNS servers for DNS resolution assuming you don't have internal DNS servers of your own.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco Routing with 2 ISP connection 5 61
Multicast in a layer 2 to layer 3 migration 1 52
Error on login Cisco RV016 1 33
Cisco iWAN 8 71
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now