Avatar of premiere1
premiere1
 asked on

Cisco 1841 ios router config

We are switching to a bonded t1 and changed routers. We are getting a straight ethernet handoff from our provider. The 1841 has 2 fastethernet ports. I configured 0/0 for wan and 0/1 for lan. I somewhat followed our old config that was doing a fractional t1, but there are some differences. I added vpn to this one. Please scrutinize the config and tell me if it looks ok. I am a novice at ios.

Some differences:
no ip routing
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 xxx.xxx.79.112
Not sure what the above should be, it was one less than my gateway on my other router.

archive
 log config
  hidekeys
multilink bundle-name authenticated

Thanks in advance for any help.
Building configuration...

Current configuration : 4395 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname C1841
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
no logging console
enable secret 5 xxxxxxxxxxxxxxxxxx
enable password xxxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication ppp default local
!
!
aaa session-id common
dot11 syslog
ip source-route
no ip routing
!
!
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.1.1 192.168.1.100
ip dhcp excluded-address 192.168.1.149 192.168.1.254
ip dhcp ping packets 10
!
ip dhcp pool dhcppool
   network 192.168.1.0 255.255.255.0
   dns-server 64.83.0.10 209.137.160.3 209.137.171.10
   netbios-node-type h-node
   default-router 192.168.1.5
!
!
no ip cef
no ip domain lookup
ip name-server 64.83.0.10
ip name-server 209.137.160.3
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group premiere
! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1
!
!
!
!
!
username test password 0 pwd
archive
 log config
  hidekeys
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address xxx.xxx.79.113 255.255.255.240
 ip access-group outside_in in
 no ip redirects
 ip nat outside
 ip virtual-reassembly
 no ip route-cache
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 ip address 192.168.1.5 255.255.255.0
 no ip redirects
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 no ip route-cache
 duplex auto
 speed auto
!
interface Virtual-Template1
 ip unnumbered FastEthernet0/1
 peer default ip address pool defaultpool
 ppp encrypt mppe auto required
 ppp authentication ms-chap ms-chap-v2
!
ip local pool defaultpool 192.168.1.60 192.168.1.69
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 xxx.xxx.79.112
no ip http server
no ip http secure-server
!
!
ip nat translation timeout 300
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static 192.168.1.80 xxx.xxx.79.120
ip nat inside source static 192.168.1.83 xxx.xxx.79.121
ip nat inside source static 192.168.1.90 xxx.xxx.79.122
ip nat inside source static 192.168.1.92 xxx.xxx.79.123
ip nat inside source static 192.168.1.188 xxx.xxx.79.124
ip nat inside source static 192.168.1.89 xxx.xxx.79.125
ip nat inside source static 192.168.1.149 xxx.xxx.79.126
!
ip access-list extended outside_in
 permit tcp any any established
 permit udp any eq domain any
 permit icmp any any unreachable
 permit icmp any any time-exceeded
 permit icmp any any echo-reply
 permit tcp any host xxx.xxx.79.120 eq www
 permit tcp any host xxx.xxx.79.120 eq ftp
 permit icmp any any echo
 permit tcp any host xxx.xxx.79.120 eq ftp-data
 permit tcp any host xxx.xxx.79.125 eq smtp
 permit tcp any host xxx.xxx.79.125 eq pop3
 permit tcp any host xxx.xxx.79.125 eq 143
 permit udp any host xxx.xxx.79.124 eq 1723
 permit tcp any host xxx.xxx.79.124 eq 1723
 permit tcp any host xxx.xxx.79.122 eq www
 permit tcp any host xxx.xxx.79.122 eq 8011
 permit tcp any host xxx.xxx.79.122 eq 8004
 permit tcp any host xxx.xxx.79.122 eq 8443
 permit tcp any host xxx.xxx.79.120 eq 200
 permit tcp any host xxx.xxx.79.120 eq 201
 permit tcp any host xxx.xxx.79.124 eq 47
 permit udp any host xxx.xxx.79.124 eq 47
 permit tcp any host xxx.xxx.79.123 eq www
 permit tcp any host xxx.xxx.79.122 eq smtp
 permit tcp any host xxx.xxx.79.122 eq 143
 permit tcp any host xxx.xxx.79.122 eq pop3
 permit tcp any host xxx.xxx.79.122 eq ftp-data
 permit tcp any host xxx.xxx.79.122 eq ftp
 permit tcp any host xxx.xxx.79.120 eq 443
 permit tcp any host xxx.xxx.79.122 eq 443
 permit tcp any host xxx.xxx.79.123 eq 8443
 permit tcp any host xxx.xxx.79.123 eq 443
 permit udp any host xxx.xxx.79.126 eq 5566
 permit udp any host xxx.xxx.79.126 eq 5567
 permit tcp any host xxx.xxx.79.126 eq 5566
 permit tcp any host xxx.xxx.79.126 eq www
 permit gre any host xxx.xxx.79.124
 permit tcp any host xxx.xxx.79.121 eq www
 permit tcp any host xxx.xxx.79.121 eq 443
 permit tcp any host xxx.xxx.79.122 eq 8080
 deny   ip any any log
!
access-list 1 deny   192.168.1.89
access-list 1 deny   192.168.1.90
access-list 1 deny   192.168.1.92
access-list 1 deny   192.168.1.80
access-list 1 deny   192.168.1.83
access-list 1 deny   192.168.1.188
access-list 1 deny   192.168.1.149
access-list 1 permit 192.168.1.0 0.0.0.255
snmp-server community public RO
!
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
 password xxxxxxxxxxxxx
!
scheduler allocate 20000 1000
end

Open in new window

RoutersCisco

Avatar of undefined
Last Comment
premiere1

8/22/2022 - Mon
Istvan Kalmar

Hi,

The ip routing command is need

JFrederick29

The default gateway is wrong also as .112 is the subnet address for your block of addresses.  You'll need to confirm with your ISP as to what your gateway should be.
premiere1

ASKER
The default gateway is on the interface according to the isp specs or is the ip on 0/0 not the gateway?

Is this the gateway?
ip route 0.0.0.0 0.0.0.0 xxx.xxx.79.112




Here is the info provided from our isp.
The following provides IP information as well as general setup options.
xxx.xxx..79.112/28
Your usable IP address range is: xxx.xxx.79.114 - 126
Subnet Mask: 255.255.255.240
Your gateway should be set to: xxx.xxx.79.113
Your DNS Servers are:
64.83.0.10, 209.137.160.3, 209.137.171.10Notes:
The channel bank will provide you with a straight Ethernet handoff.
To connect to channel bank with a laptop use a crossover cable.

Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
ASKER CERTIFIED SOLUTION
JFrederick29

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
premiere1

ASKER
ok, I got that straightened out. I am going to leave this open for the day and see if anyone else has any comments. Thanks for the help.