dubeaukb
asked on
Configuring a Cisco 851 W
My office just switched from DSL to T1.
I cannot get my Cisco 851W to see the outside world
I have contacted the ISP, there end is fine. I can hook my laptop up directly to the T1 router (Cisco IAD 2400) and ping anywhere, internet works great.
Currently my router is back online utilizing the DSL connection till I can figure out the T1 issue.
I configured FE04 (WAN) with my static IP provided and the class 29 mask.
I configured the firewall to allow traffic from the new NS servers provided.
I reconfigured all the NAT.
any suggestions?
I cannot paste a running config as stated my router is currently running the DSL config. I wont beable to try again till we are "closed" at 6pmEST.
I cannot get my Cisco 851W to see the outside world
I have contacted the ISP, there end is fine. I can hook my laptop up directly to the T1 router (Cisco IAD 2400) and ping anywhere, internet works great.
Currently my router is back online utilizing the DSL connection till I can figure out the T1 issue.
I configured FE04 (WAN) with my static IP provided and the class 29 mask.
I configured the firewall to allow traffic from the new NS servers provided.
I reconfigured all the NAT.
any suggestions?
I cannot paste a running config as stated my router is currently running the DSL config. I wont beable to try again till we are "closed" at 6pmEST.
ASKER
The default route remained the same just utilizing FE04.
Do you think I may need to add the T1 router as a hop?
I don't believe there are any access lists.
I will reconfigure later tonight and post the actual running config.
Do you think I may need to add the T1 router as a hop?
I don't believe there are any access lists.
I will reconfigure later tonight and post the actual running config.
If your next hop is out the serial interface, then you need to change your default route.
ASKER
I am coming out of FE04 on the 851W and going into FE05 on the IAD 2400.
I misread that, sorry. Yes a sanitized running config would be helpful.
ASKER
Okay.
I can now ping my default gateway but still nothing beyond that.
nslookup will not resolve the dns server.
I opened the firewall up completely.
If I simply change FE04 to my DSL Ipconfigurations and Plug in the modem it works fine.
When I change it to the T1 Static IP and mask it does not work.
Could it be because the T1 requires a 255.255.255.248 mask?
Like previously stated I can configure my laptop to T1's static address and ping the world.
I apologize I still haven't copied the running config.
I can now ping my default gateway but still nothing beyond that.
nslookup will not resolve the dns server.
I opened the firewall up completely.
If I simply change FE04 to my DSL Ipconfigurations and Plug in the modem it works fine.
When I change it to the T1 Static IP and mask it does not work.
Could it be because the T1 requires a 255.255.255.248 mask?
Like previously stated I can configure my laptop to T1's static address and ping the world.
I apologize I still haven't copied the running config.
ASKER
Here is the current Running Config with the DSL connections.
The only difference is the T1 would be 72.xx.xxx.xxx with 255.255.255.248 mask
Could the LAN being 192.10.0.xxx affect this? (don't know why it's not 192.168.xxx.xx)
I think i am going to just wipe the router, not knowing how much SDM actually put on this router.
Using command syntax would appear much cleaner. I am now 100% against SDM. anyhow.
aaa authentication login local_authen local
aaa authorization exec local_author local
!
aaa session-id common
!
resource policy
!
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
ip subnet-zero
no ip source-route
!
!
ip cef
ip inspect alert-off
ip inspect name DEFAULT100 appfw DEFAULT100
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 https
ip inspect name DEFAULT100 dns
ip inspect name DEFAULT100 pptp
ip inspect name DEFAULT100 l2tp
ip inspect name DEFAULT100 gtpv0
ip inspect name DEFAULT100 gtpv1
ip inspect name DEFAULT100 pop3
ip inspect name DEFAULT100 smtp
ip inspect name DEFAULT100 pop3s
ip inspect name sdm_ins_out_100 appfw DEFAULT100
ip inspect name sdm_ins_out_100 h323
ip inspect name sdm_ins_out_100 icmp
ip inspect name sdm_ins_out_100 rcmd
ip inspect name sdm_ins_out_100 sqlnet
ip inspect name sdm_ins_out_100 tcp
ip inspect name sdm_ins_out_100 udp
ip inspect name sdm_ins_out_100 https
ip inspect name sdm_ins_out_100 dns
ip inspect name sdm_ins_out_100 pptp
ip inspect name sdm_ins_out_100 l2tp
ip inspect name sdm_ins_out_100 gtpv0
ip inspect name sdm_ins_out_100 gtpv1
ip inspect name sdm_ins_out_100 pop3
ip inspect name sdm_ins_out_100 smtp
ip inspect name sdm_ins_out_100 pop3s
ip inspect name sdm_ins_out_100 802-11-iapp
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip tcp synwait-time 10
no ip bootp server
ip domain name energyelectric.org
ip name-server 66.189.0.30
ip name-server 192.10.0.2
ip name-server 66.189.0.29
ip ssh time-out 60
ip ssh authentication-retries 2
!
appfw policy-name DEFAULT100
application im aol
service default action reset
service text-chat action reset
server deny name login.oscar.aol.com
server deny name toc.oscar.aol.com
server deny name oam-d09a.blue.aol.com
application im msn
service default action reset
service text-chat action reset
server deny name messenger.hotmail.com
server deny name gateway.messenger.hotmail. com
server deny name webmessenger.msn.com
application http
port-misuse im action reset alarm
application im yahoo
service default action reset
service text-chat action reset
server deny name scs.msg.yahoo.com
server deny name scsa.msg.yahoo.com
server deny name scsb.msg.yahoo.com
server deny name scsc.msg.yahoo.com
server deny name scsd.msg.yahoo.com
server deny name messenger.yahoo.com
server deny name cs16.msg.dcn.yahoo.com
server deny name cs19.msg.dcn.yahoo.com
server deny name cs42.msg.dcn.yahoo.com
server deny name cs53.msg.dcn.yahoo.com
server deny name cs54.msg.dcn.yahoo.com
server deny name ads1.vip.scd.yahoo.com
server deny name radio1.launch.vip.dal.yaho o.com
server deny name in1.msg.vip.re2.yahoo.com
server deny name data1.my.vip.sc5.yahoo.com
server deny name address1.pim.vip.mud.yahoo .com
server deny name edit.messenger.yahoo.com
server deny name http.pager.yahoo.com
server deny name privacy.yahoo.com
server deny name csa.yahoo.com
server deny name csb.yahoo.com
server deny name csc.yahoo.com
!
!
crypto pki trustpoint TP-self-signed-3751714289
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi cate-37517 14289
revocation-check none
rsakeypair TP-self-signed-3751714289
!
!
crypto pki certificate chain TP-self-signed-3751714289
certificate self-signed 01 nvram:IOS-Self-Sig#3902.ce r
username xadmin privilege 15 secret 5 $1$kE25$SyB1PsKIBo8WZJNQwK nSF/
!
!
!
bridge irb
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$$ETH-W AN$
ip address 66.189.82.252 255.255.255.0
ip access-group sdm_fastethernet4_in in
ip access-group sdm_fastethernet4_out_100 out
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect DEFAULT100 in
ip inspect sdm_ins_out_100 out
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
!
ssid EEC WILAN
authentication open
!
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 b
asic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
station-role root
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO- HWIC 4ESW$$FW_INSIDE$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
!
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 192.10.0.1 255.255.255.0
ip access-group 100 in
ip access-group 101 out
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat source static tcp 192.10.0.49 65530 interface BVI1 65530
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 192.10.0.2 4125 interface FastEthernet4 4125
ip nat inside source static tcp 192.10.0.2 3389 interface FastEthernet4 3389
ip nat inside source static tcp 192.10.0.2 443 interface FastEthernet4 443
ip nat inside source static tcp 192.10.0.2 80 interface FastEthernet4 80
ip nat inside source static udp 192.10.0.34 7100 interface FastEthernet4 7100
ip nat inside source static tcp 192.10.0.34 7100 interface FastEthernet4 7100
ip nat inside source static tcp 192.10.0.2 110 interface FastEthernet4 110
ip nat inside source static tcp 192.10.0.2 143 interface FastEthernet4 143
ip nat inside source static tcp 192.10.0.101 8100 66.189.82.252 8100 extendable
ip nat inside source static tcp 192.10.0.29 58928 66.189.82.252 58928 extendable
ip nat inside source static udp 192.10.0.29 58928 66.189.82.252 58928 extendable
!
ip access-list extended sdm_fastethernet4_in
remark auto generated by Cisco SDM Express firewall configuration
remark SDM_ACL Category=1
permit udp host 66.189.0.29 eq domain any
permit udp host 66.189.0.30 eq domain any
permit icmp any any
permit ip any any
permit udp any any
permit tcp any any
ip access-list extended sdm_fastethernet4_out
remark SDM_ACL Category=1
permit tcp any any
permit udp any any
ip access-list extended sdm_fastethernet4_out_100
remark SDM_ACL Category=1
permit icmp any any
permit udp any any
permit tcp any any
permit ip any any
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.10.0.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.10.0.0 0.0.0.255
access-list 2 deny any
access-list 100 remark auto generated by Cisco SDM Express firewall configuratio
n
access-list 100 remark SDM_ACL Category=1
access-list 100 permit udp host 192.10.0.2 eq domain any
access-list 100 permit icmp any any
access-list 100 permit tcp any any
access-list 100 permit udp any any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuratio
n
access-list 101 remark SDM_ACL Category=1
access-list 101 permit ip any any
access-list 101 permit icmp any any
access-list 101 permit udp any any
access-list 101 permit tcp any any
access-list 102 remark VTY Access-class list
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip 192.10.0.0 0.0.0.255 any
access-list 102 deny ip any any
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 deny ip 72.248.185.240 0.0.0.7 any
access-list 103 deny ip host 255.255.255.255 any
access-list 103 deny ip 127.0.0.0 0.255.255.255 any
access-list 103 permit ip any any
access-list 104 remark auto generated by SDM firewall configuration
access-list 104 remark SDM_ACL Category=1
access-list 104 permit tcp any host 72.248.185.242 eq www
access-list 104 permit udp any host 72.248.185.242 eq 58928
access-list 104 permit tcp any host 72.248.185.242 eq 58928
access-list 104 permit tcp any host 72.248.185.242 eq 8100
access-list 104 permit tcp any host 72.248.185.242 eq 143
access-list 104 permit tcp any host 72.248.185.242 eq pop3
access-list 104 permit tcp any host 72.248.185.242 eq 7100
access-list 104 permit udp any host 72.248.185.242 eq 7100
access-list 104 permit tcp any host 72.248.185.242 eq 443
access-list 104 permit tcp any host 72.248.185.242 eq 3389
access-list 104 permit tcp any host 72.248.185.242 eq 4125
access-list 104 permit udp host 64.65.223.6 eq domain host 72.248.185.242
access-list 104 permit udp host 64.65.208.6 eq domain host 72.248.185.242
access-list 104 deny ip 192.10.0.0 0.0.0.255 any
access-list 104 permit icmp any host 72.248.185.242 echo-reply
access-list 104 permit icmp any host 72.248.185.242 time-exceeded
access-list 104 permit icmp any host 72.248.185.242 unreachable
access-list 104 deny ip 10.0.0.0 0.255.255.255 any
access-list 104 deny ip 172.16.0.0 0.15.255.255 any
access-list 104 deny ip 192.168.0.0 0.0.255.255 any
access-list 104 deny ip 127.0.0.0 0.255.255.255 any
access-list 104 deny ip host 255.255.255.255 any
access-list 104 deny ip host 0.0.0.0 any
access-list 104 deny ip any any log
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login authentication local_authen
no modem enable
transport output telnet
line aux 0
login authentication local_authen
transport output telnet
line vty 0 4
access-class 102 in
authorization exec local_author
login authentication local_authen
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
The only difference is the T1 would be 72.xx.xxx.xxx with 255.255.255.248 mask
Could the LAN being 192.10.0.xxx affect this? (don't know why it's not 192.168.xxx.xx)
I think i am going to just wipe the router, not knowing how much SDM actually put on this router.
Using command syntax would appear much cleaner. I am now 100% against SDM. anyhow.
aaa authentication login local_authen local
aaa authorization exec local_author local
!
aaa session-id common
!
resource policy
!
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
ip subnet-zero
no ip source-route
!
!
ip cef
ip inspect alert-off
ip inspect name DEFAULT100 appfw DEFAULT100
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 https
ip inspect name DEFAULT100 dns
ip inspect name DEFAULT100 pptp
ip inspect name DEFAULT100 l2tp
ip inspect name DEFAULT100 gtpv0
ip inspect name DEFAULT100 gtpv1
ip inspect name DEFAULT100 pop3
ip inspect name DEFAULT100 smtp
ip inspect name DEFAULT100 pop3s
ip inspect name sdm_ins_out_100 appfw DEFAULT100
ip inspect name sdm_ins_out_100 h323
ip inspect name sdm_ins_out_100 icmp
ip inspect name sdm_ins_out_100 rcmd
ip inspect name sdm_ins_out_100 sqlnet
ip inspect name sdm_ins_out_100 tcp
ip inspect name sdm_ins_out_100 udp
ip inspect name sdm_ins_out_100 https
ip inspect name sdm_ins_out_100 dns
ip inspect name sdm_ins_out_100 pptp
ip inspect name sdm_ins_out_100 l2tp
ip inspect name sdm_ins_out_100 gtpv0
ip inspect name sdm_ins_out_100 gtpv1
ip inspect name sdm_ins_out_100 pop3
ip inspect name sdm_ins_out_100 smtp
ip inspect name sdm_ins_out_100 pop3s
ip inspect name sdm_ins_out_100 802-11-iapp
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip tcp synwait-time 10
no ip bootp server
ip domain name energyelectric.org
ip name-server 66.189.0.30
ip name-server 192.10.0.2
ip name-server 66.189.0.29
ip ssh time-out 60
ip ssh authentication-retries 2
!
appfw policy-name DEFAULT100
application im aol
service default action reset
service text-chat action reset
server deny name login.oscar.aol.com
server deny name toc.oscar.aol.com
server deny name oam-d09a.blue.aol.com
application im msn
service default action reset
service text-chat action reset
server deny name messenger.hotmail.com
server deny name gateway.messenger.hotmail.
server deny name webmessenger.msn.com
application http
port-misuse im action reset alarm
application im yahoo
service default action reset
service text-chat action reset
server deny name scs.msg.yahoo.com
server deny name scsa.msg.yahoo.com
server deny name scsb.msg.yahoo.com
server deny name scsc.msg.yahoo.com
server deny name scsd.msg.yahoo.com
server deny name messenger.yahoo.com
server deny name cs16.msg.dcn.yahoo.com
server deny name cs19.msg.dcn.yahoo.com
server deny name cs42.msg.dcn.yahoo.com
server deny name cs53.msg.dcn.yahoo.com
server deny name cs54.msg.dcn.yahoo.com
server deny name ads1.vip.scd.yahoo.com
server deny name radio1.launch.vip.dal.yaho
server deny name in1.msg.vip.re2.yahoo.com
server deny name data1.my.vip.sc5.yahoo.com
server deny name address1.pim.vip.mud.yahoo
server deny name edit.messenger.yahoo.com
server deny name http.pager.yahoo.com
server deny name privacy.yahoo.com
server deny name csa.yahoo.com
server deny name csb.yahoo.com
server deny name csc.yahoo.com
!
!
crypto pki trustpoint TP-self-signed-3751714289
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-3751714289
!
!
crypto pki certificate chain TP-self-signed-3751714289
certificate self-signed 01 nvram:IOS-Self-Sig#3902.ce
username xadmin privilege 15 secret 5 $1$kE25$SyB1PsKIBo8WZJNQwK
!
!
!
bridge irb
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$$ETH-W
ip address 66.189.82.252 255.255.255.0
ip access-group sdm_fastethernet4_in in
ip access-group sdm_fastethernet4_out_100 out
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect DEFAULT100 in
ip inspect sdm_ins_out_100 out
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
!
ssid EEC WILAN
authentication open
!
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 b
asic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
station-role root
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-
no ip address
ip tcp adjust-mss 1452
bridge-group 1
!
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 192.10.0.1 255.255.255.0
ip access-group 100 in
ip access-group 101 out
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat source static tcp 192.10.0.49 65530 interface BVI1 65530
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 192.10.0.2 4125 interface FastEthernet4 4125
ip nat inside source static tcp 192.10.0.2 3389 interface FastEthernet4 3389
ip nat inside source static tcp 192.10.0.2 443 interface FastEthernet4 443
ip nat inside source static tcp 192.10.0.2 80 interface FastEthernet4 80
ip nat inside source static udp 192.10.0.34 7100 interface FastEthernet4 7100
ip nat inside source static tcp 192.10.0.34 7100 interface FastEthernet4 7100
ip nat inside source static tcp 192.10.0.2 110 interface FastEthernet4 110
ip nat inside source static tcp 192.10.0.2 143 interface FastEthernet4 143
ip nat inside source static tcp 192.10.0.101 8100 66.189.82.252 8100 extendable
ip nat inside source static tcp 192.10.0.29 58928 66.189.82.252 58928 extendable
ip nat inside source static udp 192.10.0.29 58928 66.189.82.252 58928 extendable
!
ip access-list extended sdm_fastethernet4_in
remark auto generated by Cisco SDM Express firewall configuration
remark SDM_ACL Category=1
permit udp host 66.189.0.29 eq domain any
permit udp host 66.189.0.30 eq domain any
permit icmp any any
permit ip any any
permit udp any any
permit tcp any any
ip access-list extended sdm_fastethernet4_out
remark SDM_ACL Category=1
permit tcp any any
permit udp any any
ip access-list extended sdm_fastethernet4_out_100
remark SDM_ACL Category=1
permit icmp any any
permit udp any any
permit tcp any any
permit ip any any
!
logging trap debugging
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.10.0.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.10.0.0 0.0.0.255
access-list 2 deny any
access-list 100 remark auto generated by Cisco SDM Express firewall configuratio
n
access-list 100 remark SDM_ACL Category=1
access-list 100 permit udp host 192.10.0.2 eq domain any
access-list 100 permit icmp any any
access-list 100 permit tcp any any
access-list 100 permit udp any any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuratio
n
access-list 101 remark SDM_ACL Category=1
access-list 101 permit ip any any
access-list 101 permit icmp any any
access-list 101 permit udp any any
access-list 101 permit tcp any any
access-list 102 remark VTY Access-class list
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip 192.10.0.0 0.0.0.255 any
access-list 102 deny ip any any
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 deny ip 72.248.185.240 0.0.0.7 any
access-list 103 deny ip host 255.255.255.255 any
access-list 103 deny ip 127.0.0.0 0.255.255.255 any
access-list 103 permit ip any any
access-list 104 remark auto generated by SDM firewall configuration
access-list 104 remark SDM_ACL Category=1
access-list 104 permit tcp any host 72.248.185.242 eq www
access-list 104 permit udp any host 72.248.185.242 eq 58928
access-list 104 permit tcp any host 72.248.185.242 eq 58928
access-list 104 permit tcp any host 72.248.185.242 eq 8100
access-list 104 permit tcp any host 72.248.185.242 eq 143
access-list 104 permit tcp any host 72.248.185.242 eq pop3
access-list 104 permit tcp any host 72.248.185.242 eq 7100
access-list 104 permit udp any host 72.248.185.242 eq 7100
access-list 104 permit tcp any host 72.248.185.242 eq 443
access-list 104 permit tcp any host 72.248.185.242 eq 3389
access-list 104 permit tcp any host 72.248.185.242 eq 4125
access-list 104 permit udp host 64.65.223.6 eq domain host 72.248.185.242
access-list 104 permit udp host 64.65.208.6 eq domain host 72.248.185.242
access-list 104 deny ip 192.10.0.0 0.0.0.255 any
access-list 104 permit icmp any host 72.248.185.242 echo-reply
access-list 104 permit icmp any host 72.248.185.242 time-exceeded
access-list 104 permit icmp any host 72.248.185.242 unreachable
access-list 104 deny ip 10.0.0.0 0.255.255.255 any
access-list 104 deny ip 172.16.0.0 0.15.255.255 any
access-list 104 deny ip 192.168.0.0 0.0.255.255 any
access-list 104 deny ip 127.0.0.0 0.255.255.255 any
access-list 104 deny ip host 255.255.255.255 any
access-list 104 deny ip host 0.0.0.0 any
access-list 104 deny ip any any log
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login authentication local_authen
no modem enable
transport output telnet
line aux 0
login authentication local_authen
transport output telnet
line vty 0 4
access-class 102 in
authorization exec local_author
login authentication local_authen
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
ASKER
I know the firewall is wide open right now.
Can you post a copy of the router config?
If you re-IP FE04 on the 851 and FE05 on the router, can you ping FE04 from the router?
And, are you public IPs being announced upstream from your T1?
If you re-IP FE04 on the 851 and FE05 on the router, can you ping FE04 from the router?
And, are you public IPs being announced upstream from your T1?
ASKER
jesper,
I am currently waiting for the employees to vacate the building.
I am going to wipe the router. reconfigure for the T1 (for a fourth time).
I will let you know how I make out and post the revised running config (851 W).
I cannot access the cisco !AD 2500 as it belongs to the ISP and all attempts to gain access have failed.
thank you for all your assistance so far.
I am currently waiting for the employees to vacate the building.
I am going to wipe the router. reconfigure for the T1 (for a fourth time).
I will let you know how I make out and post the revised running config (851 W).
I cannot access the cisco !AD 2500 as it belongs to the ISP and all attempts to gain access have failed.
thank you for all your assistance so far.
ASKER
can someone provide a config for this?
I am having zero luck and now my network is down hard. I have been booted by th DSL ISP and need to bring this T1 up.
Router: Cisco 851W
FastEthernet04 needs to be 72.248.185.242 (WAN ISP) 255.255.255.248 (29 bit mask)
LAN is 192.10.0.x 255.255.255.0 (24 bit mask)
DHCP Server is 192.10.0.2
DNS is 65.64.208.6 and 65.64.223.6
tcp NAT (FE04)
143
5892
4125
7100
443
3389
UDP NAT (FE04)
5892
7100
Low Security Firewall
Thank you.
I am having zero luck and now my network is down hard. I have been booted by th DSL ISP and need to bring this T1 up.
Router: Cisco 851W
FastEthernet04 needs to be 72.248.185.242 (WAN ISP) 255.255.255.248 (29 bit mask)
LAN is 192.10.0.x 255.255.255.0 (24 bit mask)
DHCP Server is 192.10.0.2
DNS is 65.64.208.6 and 65.64.223.6
tcp NAT (FE04)
143
5892
4125
7100
443
3389
UDP NAT (FE04)
5892
7100
Low Security Firewall
Thank you.
Can you please post your netblocks that you have and that are not working on the T1and tell me who your T1 provider is.
I will look up the routes and find out if they are being announced. It sounds like an upstream routing issue.
I will look up the routes and find out if they are being announced. It sounds like an upstream routing issue.
ASKER
i dont think i have any netblocks.
the ISP is one communications utilizing a Verizon T1 line.
the ISP is one communications utilizing a Verizon T1 line.
Are you changing providers? Did the public IPs from the DSL move to the T1?
ASKER
I am changing providers. The IP addresses did change.
Ok. If you can take the DSL config and make the correct changes to the text (not the actual config) for the T1 and post it, I can verify the config and the routing.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Can you show the configuration (sanitized)?