We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Cisco 1811 configuration help

BDoellefeld
BDoellefeld asked
on
Medium Priority
400 Views
Last Modified: 2012-05-07
Hello. I need help with a basic configuration on a Cisco 1811 for use as a guest/backup Internet connection. This is replacing a flaky Netgear ProSafe. The router was configured using Cisco SDM but the more I use it the more I am not liking SDM. This router is different from the other Cisco routers I have here so I thought I would try out SDM.

At this point, from the router I can ping outside. When I connect a PC with a static IP in the 192.168.123.x range, with this router as the gateway, and valid DNS, I get no Internet. I included a sanitized config.
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname FC_Outside_2
!
boot-start-marker
boot-end-marker
!
enable secret 5 *****************************
enable password 7 *****************************
!
no aaa new-model
!
resource policy
!
no ip routing
!
!
no ip cef
!
!
ip name-server 216.17.128.2
ip name-server 192.168.123.4
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
!
!
!
!
!
!
!
!
!
interface FastEthernet0
 description $ETH-LAN$$FW_OUTSIDE$
 ip address 77.19.142.226 255.255.255.240
 ip access-group 101 in
 ip nat outside
 ip inspect SDM_LOW out
 ip virtual-reassembly
 no ip route-cache
 duplex auto
 speed auto
!
interface FastEthernet1
 description $FW_INSIDE$
 ip address 192.168.123.2 255.255.252.0
 ip access-group 100 in
 ip nat inside
 ip virtual-reassembly
 no ip route-cache
 duplex auto
 speed auto
!
interface FastEthernet2
 shutdown
!
interface FastEthernet3
 shutdown
!
interface FastEthernet4
 shutdown
!
interface FastEthernet5
 shutdown
!
interface FastEthernet6
 shutdown
!
interface FastEthernet7
 shutdown
!
interface FastEthernet8
 shutdown
!
interface FastEthernet9
 shutdown
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Async1
 no ip address
 encapsulation slip
 no ip route-cache
!
ip route 0.0.0.0 0.0.0.0 77.19.142.225
!
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0 overload
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.120.0 0.0.3.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip 77.19.142.224 0.0.0.15 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp any eq domain host X.19.142.226
access-list 101 deny   ip 192.168.120.0 0.0.3.255 any
access-list 101 permit icmp any host 77.19.142.226 echo-reply
access-list 101 permit icmp any host 77.19.142.226 time-exceeded
access-list 101 permit icmp any host 77.19.142.226 unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any log
snmp-server community tobacco RO
!
!
!
!
!
!
control-plane
!
!
line con 0
 privilege level 15
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
line vty 0 4
 password 7 *****************************
 login
!
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end
 
FC_Outside_2#

Open in new window

Comment
Watch Question

CERTIFIED EXPERT

Commented:
First, add the line:  ip inspect name SDM_LOW http

Next, try a traceroute 4.2.2.2.

Author

Commented:
Added the insoect on http and did a trace. Here is the result
FC_Outside_2#traceroute 4.2.2.2
 
Type escape sequence to abort.
Tracing the route to vnsc-bak.sys.gtei.net (4.2.2.2)
 
  1 225-142-19-77.skybeam.com (77.19.142.225) 4 msec 4 msec 8 msec
  2 197-253-73-208.skybeam.com (208.73.253.197) 12 msec 8 msec 12 msec
  3 193-253-73-208.skybeam.com (208.73.253.193) 8 msec 8 msec 8 msec
  4 2-253-73-208.skybeam.com (208.73.253.2) 12 msec 8 msec 8 msec
  5  *  *  *
  6 vnsc-bak.sys.gtei.net (4.2.2.2) 8 msec 8 msec 20 msec
FC_Outside_2#

Open in new window

CERTIFIED EXPERT

Commented:
I'm sorry, I meant run a trace from the PC.

Author

Commented:
I should have guessed that is what you meant :)

Trace was successful, in addition to being able to browse now.

Was adding ip inspect name SDM_LOW http the missing key I'm wondering? Other than adding that, the only other thing I did was power down, move the router, and power it back up.

Unless I find something else in the next 20 minutes or so I think I'm good to go.

 
CERTIFIED EXPERT
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
I appreciate you guidance asavener, thank you!
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.