Solved

Cisco 1801 router - how to configure next hop to allow interfaces to access "outside"

Posted on 2008-10-22
5
1,132 Views
Last Modified: 2008-10-31
Using a Cisco 1801 router - see config below concerning interfaces and access-list.
I have the PPP (Dialer1, outside) up and working, happily ping external IP's on the Web.
Using FastEthernet0 as my "inside" IP 192.168.34.254  and have configured VLAN100 IP address 192.168.35.230 and added FastEthernet1-8 to this VLAN100 . My clients connected in FastEthernet1-8 have Def Gateway set to 192.168.35.230.
I have added ip route 0.0.0.0 0.0.0.0 Dialer1 thinking this should provide my next hop. I dont seem to get any traffic from the VLAN100 going out. I have posted the config in relation to interfaces and access-lists below.

interface FastEthernet0
 ip address 192.168.34.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 speed 100
 full-duplex
 vlan-id dot1q 10
  exit-vlan-config
 !
 vlan-id dot1q 1
  exit-vlan-config
 !
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
!
interface FastEthernet1
 switchport access vlan 100
 duplex full
 speed 100
 vlan-id dot1q 1
  exit-vlan-config
interface ATM0
 no ip address
 no atm ilmi-keepalive
 pvc 0/38
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface Virtual-PPP1
 no ip address
 no cdp enable
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$
 no ip address
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface Vlan100
 ip address 192.168.35.230 255.255.255.0
!
interface Dialer1
 description internet dialer
 ip address xxx.xxx.xxx.xxx 255.255.255.240
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap chap callin
 ppp chap hostname xxxxx7@hg39.btclick.com
 ppp chap password 0 xxxxx01
 ppp pap sent-username xxxxxxx7@hg39.btclick.com password 0 xxxxxx01
 ppp ipcp dns request
 ppp ipcp wins request
 crypto map intamap
!
interface Dialer2
 no ip address
 shutdown
 no cdp enable

ip route 0.0.0.0 0.0.0.0 Dialer1
ip nat inside source list 1 interface Dialer1 overload
access-list 1 permit 192.168.34.0 0.0.0.255
access-list 1 permit 192.168.35.0 0.0.0.255
dialer-list 1 protocol ip permit

0
Comment
Question by:ccfcfc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 16

Expert Comment

by:btassure
ID: 22775284
Can you post a show ip route please?
0
 

Author Comment

by:ccfcfc
ID: 22775396
See output below :-
ntamac-dev-backup#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
     217.41.207.0/32 is subnetted, 1 subnets
C       217.41.207.73 is directly connected, Dialer1
     217.41.116.0/28 is subnetted, 1 subnets
C       217.41.116.224 is directly connected, Dialer1
C    192.168.35.0/24 is directly connected, Vlan100
S*   0.0.0.0/0 is directly connected, Dialer1
intamac-dev-backup#
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 22775533
You need to specify the VLAN 100 interface as a NAT inside interface.

conf t
interface Vlan100
ip nat inside
0
 

Author Comment

by:ccfcfc
ID: 22776266
Excellent, but although i have enabled DNS and when on the router it used DNS, do I need toset the servers to what IP/interface to utilsie DNS on the PPP link ?
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 22776328
Yes, if the servers are static IP addressed, you need to use your ISP's DNS servers for DNS resolution assuming you don't have internal DNS servers of your own.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
home router to use as repeater  (signal extender) 10 110
Viber-Only Restriction 6 94
VOIP gateways - feedback 23 123
Configure BGP 22 57
In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question