• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 271
  • Last Modified:

Cisco 10 Meg setup

Basically I have brought in a 10Mb line into my office.  I have setup this router from scratch and I'm having issues getting it to work.  Basically I can ping each interface from the ISP Gateway or from my firewall, but I cannot ping my firewall from the gateway or from the firewall to the gateway or beyond that.  It is a Cisco 1841 router with the firewall on FastEthernet 0/0 and the ISP on FastEthernet 0/1.

Also, if you could please help me get rid of some of the cluttered config stuff, like that dang banner, I would appreciate it.
Here is my config.

Building configuration...

Current configuration : 2269 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXXXXX
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$9z4P$/BkI1kroHiRsBMKDoqhYM0
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -7
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
!
!
ip domain name spectrumfsi.com
ip name-server 65.106.1.196
ip name-server 65.106.7.196
!
username XXXXXX privilege 15 secret 5 $1$p7m2$tKxUNIIzl1fdlDfUbYb3x1
!
!
!
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$
 ip address 66.236.X.1 255.255.255.224
 speed 100
 full-duplex
!
interface FastEthernet0/1
 description $ES_WAN$
 ip address 65.46.X.166 255.255.255.252
 speed 10
 full-duplex
!
ip default-gateway 65.46.X.165
ip classless
ip route 0.0.0.0 0.0.0.0 65.46.X.165
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for  one-time use. If you have already

used the username "cisco" to login to the router and your IOS image supports the

"one-time" user option, then this username has already expired. You will not be

able to login to the router with this username after you exit this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 privilege level 15
 login local
 transport input telnet
!
end
0
bflying
Asked:
bflying
  • 5
  • 4
  • 2
  • +1
2 Solutions
 
luc_royCommented:
I don’t see any routing protocols or NATing.  Where are you nating?
Also enable a routing protocol

router ospf 100
   log-adjacency-changes
0
 
tombourCommented:
interface fastethernet0/0
  ip nat inside

interface fastethernet0/1
  ip nat outside

ip nat inside source list 101 interface fastethernet0/1 overload

access-list 101 permit 66.236.X.0 255.255.255.224 any

no banner exec

0
 
GJHopkinsCommented:
You are assuming that NAT is required but both the address ranges used are Internet routable.

What addressing has been allocated to you by the ISP,?
Do you have both the networks used in the config?

The fact that you can ping both interfaces from the ISP router implies that this is setup correctly and the issue is likely to be with the firewall.

What model firewall are you using?
What IP addressing and NAT is ont he firewall ?
Does the firewall have anything preventing pings from outside ?
What routing is on the firewall?
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
bflyingAuthor Commented:
There is no NATting going on.  This is a router that is going to sit between the firewall, which will do the NATting, and the ISP.  The ISP provided the IPs for both interfaces, but for whatever reason can't pass traffic.
0
 
GJHopkinsCommented:
OK so the problem would appear to be with the firewall rather than the router. Can you do an extended ping from the router's inside and outside interfaces to an internet address if you can then the router is fine and we need to look at the firewall configuration.
0
 
bflyingAuthor Commented:
I have taken the Cisco and plugged it into two PCs, one on each FastEthernet, where both PCs can ping both Cisco FastEthernet interfaces, but they can't ping each other.  So, I know it has to be something with the Cisco.
0
 
GJHopkinsCommented:
If the PCs can ping both Cisco ethernet interfaces then the Cisco is routing traffic from one network to the other,

Can the Cisco ping the PCs, if not its probably a firewall issue on the PCs - check that the  PC firewall is turned off
0
 
bflyingAuthor Commented:
For example,  the PC with the IP of 66.236.X.2 can ping the Cisco interface with the IP of 66.236.X.1 and the Cisco interface with the IP of 65.46.X.166, but not the PC with the IP of 65.46.X.165.  Then the PC with the IP of 65.46.X.165 can ping 65.46.X.166 and 66.236.X.1, but not the PC with the IP of 66.236.X.2.  But, the Cisco can ping both PCs.
0
 
bflyingAuthor Commented:
Okay, I've solved the problem.  I had a screwy route in one of the PCs.  Now that that is working any advice on cleaning up this config?
0
 
luc_royCommented:
repost it with any changes you made
0
 
GJHopkinsCommented:
I don't think it was changed  - didn't need it

suggest remove the default banner - or repalce with your own wanring

no banner exec

you may also want to apply an access group to the vty lines to prevent access from the Internet, and turn of the http server if you only use the command line, otherwise apply an access list to the http server so that only approved addresses can access your router.
0
 
bflyingAuthor Commented:
Your first comment actually help lead me to that I had something misconfigured outside of the router.  Then your final answer helped me clean up the config, but the instructions weren't real clear, but I was able to figure it out.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 5
  • 4
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now