bflying
asked on
Cisco 10 Meg setup
Basically I have brought in a 10Mb line into my office. I have setup this router from scratch and I'm having issues getting it to work. Basically I can ping each interface from the ISP Gateway or from my firewall, but I cannot ping my firewall from the gateway or from the firewall to the gateway or beyond that. It is a Cisco 1841 router with the firewall on FastEthernet 0/0 and the ISP on FastEthernet 0/1.
Also, if you could please help me get rid of some of the cluttered config stuff, like that dang banner, I would appreciate it.
Here is my config.
Building configuration...
Current configuration : 2269 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXXXXX
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$9z4P$/BkI1kroHiRsBMKDoq
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -7
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
!
!
ip domain name spectrumfsi.com
ip name-server 65.106.1.196
ip name-server 65.106.7.196
!
username XXXXXX privilege 15 secret 5 $1$p7m2$tKxUNIIzl1fdlDfUbY
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$I
ip address 66.236.X.1 255.255.255.224
speed 100
full-duplex
!
interface FastEthernet0/1
description $ES_WAN$
ip address 65.46.X.166 255.255.255.252
speed 10
full-duplex
!
ip default-gateway 65.46.X.165
ip classless
ip route 0.0.0.0 0.0.0.0 65.46.X.165
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
control-plane
!
banner exec ^C
% Password expiration warning.
--------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you want to
use.
--------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
end
Also, if you could please help me get rid of some of the cluttered config stuff, like that dang banner, I would appreciate it.
Here is my config.
Building configuration...
Current configuration : 2269 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXXXXX
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$9z4P$/BkI1kroHiRsBMKDoq
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -7
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
!
!
ip domain name spectrumfsi.com
ip name-server 65.106.1.196
ip name-server 65.106.7.196
!
username XXXXXX privilege 15 secret 5 $1$p7m2$tKxUNIIzl1fdlDfUbY
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$I
ip address 66.236.X.1 255.255.255.224
speed 100
full-duplex
!
interface FastEthernet0/1
description $ES_WAN$
ip address 65.46.X.166 255.255.255.252
speed 10
full-duplex
!
ip default-gateway 65.46.X.165
ip classless
ip route 0.0.0.0 0.0.0.0 65.46.X.165
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
control-plane
!
banner exec ^C
% Password expiration warning.
--------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you want to
use.
--------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
end
interface fastethernet0/0
ip nat inside
interface fastethernet0/1
ip nat outside
ip nat inside source list 101 interface fastethernet0/1 overload
access-list 101 permit 66.236.X.0 255.255.255.224 any
no banner exec
ip nat inside
interface fastethernet0/1
ip nat outside
ip nat inside source list 101 interface fastethernet0/1 overload
access-list 101 permit 66.236.X.0 255.255.255.224 any
no banner exec
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
There is no NATting going on. This is a router that is going to sit between the firewall, which will do the NATting, and the ISP. The ISP provided the IPs for both interfaces, but for whatever reason can't pass traffic.
OK so the problem would appear to be with the firewall rather than the router. Can you do an extended ping from the router's inside and outside interfaces to an internet address if you can then the router is fine and we need to look at the firewall configuration.
ASKER
I have taken the Cisco and plugged it into two PCs, one on each FastEthernet, where both PCs can ping both Cisco FastEthernet interfaces, but they can't ping each other. So, I know it has to be something with the Cisco.
If the PCs can ping both Cisco ethernet interfaces then the Cisco is routing traffic from one network to the other,
Can the Cisco ping the PCs, if not its probably a firewall issue on the PCs - check that the PC firewall is turned off
Can the Cisco ping the PCs, if not its probably a firewall issue on the PCs - check that the PC firewall is turned off
ASKER
For example, the PC with the IP of 66.236.X.2 can ping the Cisco interface with the IP of 66.236.X.1 and the Cisco interface with the IP of 65.46.X.166, but not the PC with the IP of 65.46.X.165. Then the PC with the IP of 65.46.X.165 can ping 65.46.X.166 and 66.236.X.1, but not the PC with the IP of 66.236.X.2. But, the Cisco can ping both PCs.
ASKER
Okay, I've solved the problem. I had a screwy route in one of the PCs. Now that that is working any advice on cleaning up this config?
repost it with any changes you made
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Your first comment actually help lead me to that I had something misconfigured outside of the router. Then your final answer helped me clean up the config, but the instructions weren't real clear, but I was able to figure it out.
Also enable a routing protocol
router ospf 100
log-adjacency-changes