Cisco 877w ADSL Configuration using Static IP Address from ISP

It is a simple matter of replacing "ip address negotiated" with "ip address x.x.x.x y.y.y.y"

Greg

Hey Greg,

Thanks for such a quick response.  
I will visit the site this afternoon and make this change to the config  - I will let you know if all goes well.

Thanks again,
RD.

You should change ip route 0.0.0.0 0.0.0.0 Dialer0 to ip route 0.0.0.0 0.0.0.0 IPADDRESSOFDEFAULTGATEWAY

Hello Everyone,

I tried changing from "ip address negotiated" to ip address x.x.x.x y.y.y.y.  However, when I entered my static address with the subnet mask my ISP has told me to use (255.255.255.255) i get the error below:

"Bad mask /32 for address x.x.x.x"

I consulted with my ISP's tech support about the mask and they insisted that it is correct, I configured the router they provided (Simens Gigaset SE587) with the same Static Address and the /32 subnet mask and it worked.

I found a config that seems to work using the Loopback0 interface but i'm having problems in the following areas:

SSH error when trying to connect - "Server refused authentication protocol"
NAT (I'm assuming) -  I can ping public addresses from the router but not from the LAN (fa0 - 3)

Finally, I've visited Cisco's website and tried to configure the VPN based on their instructions but it doesnt work.

I've attached the config for you all to review.

Thanks Guys!

Using 4587 out of 131072 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Triloninc
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable password xxxxxx
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login VPNUSERS local
aaa authorization exec default local
aaa authorization network default local
aaa authorization network VPNGROUP1 local
!
aaa session-id common
!
resource policy
!
ip subnet-zero
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool Intra
   import all
   network 192.168.0.0 255.255.255.0
   dns-server 205.214.192.201 205.214.192.202
   default-router 192.168.0.1
   domain-name INSIDE.local
!
!
no ip domain lookup
ip domain name Triloninc.com
ip name-server 205.214.192.201
ip name-server 205.214.192.202
!
crypto pki trustpoint TP-self-signed-1934165822
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1934165822
 revocation-check none
 rsakeypair TP-self-signed-1934165822
!
!
crypto pki certificate chain TP-self-signed-1934165822
 certificate self-signed 01 nvram:IOS-Self-Sig#3204.cer
username xxxxx password 0 xxxxxx
username xxxxx password 0 xxxxxx
!
!
!
crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2
 lifetime 600
!
!
crypto isakmp client configuration group VPNGROUP
 key Keyw0rd
 dns 192.168.0.1 205.214.192.201
 domain Intranetwork.com
 pool dynpool
!
crypto ipsec security-association lifetime seconds 86400
!
crypto ipsec transform-set VPN esp-3des esp-sha-hmac
!
crypto ipsec client ezvpn ezvpnclient
 connect auto
 group ezvpnclient key xxxxxxx
 mode client
 peer 192.168.0.1
 xauth userid mode interactive
!
!
crypto dynamic-map dynmap 1
 set transform-set VPN
 reverse-route
!
!
crypto map dynmap isakmp authorization list VPNGROUP
crypto map dynmap client configuration address respond
!
crypto map static-map 1 ipsec-isakmp dynamic dynmap
!
!
!
interface Loopback0
 ip address x.x.x.x 255.255.255.255
 ip virtual-reassembly
!
interface ATM0
 no ip address
 ip nat inside
 ip virtual-reassembly
 no ip route-cache cef
 no ip mroute-cache
 no atm ilmi-keepalive
 pvc 0/36
  encapsulation aal5autoppp Dialer0
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
 crypto ipsec client ezvpn ezvpnclient
!
interface Dot11Radio0
 no ip address
 shutdown
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
 54.0
 station-role root
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface Dialer0
 description ADSL Dialer
 ip unnumbered Loopback0
 ip nat outside
 no ip virtual-reassembly
 encapsulation ppp
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 dialer pool 1
 dialer watch-group 1
 dialer-group 1
 no cdp enable
 ppp chap hostname (hostname)
 ppp chap password 0 (password)
!
ip local pool dynpool 192.168.254.10 192.168.254.20
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source route-map nonat interface Dialer0 overload
!
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
no cdp run
route-map nonat permit 10
 match ip address 100
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 transport input ssh
!
scheduler max-task-time 5000
end

Select allOpen in new window

just to clarify.. will you be using this as the ADSL modem / router? or did your carrier provide you a modem?

nevermind i see it in the config.

i use a /24 and it works for me( although i think its not correct)
a /32 would give only 1 ip address on the network not sure that shouldbe right however
thats how cisco used to do it. Have a quick read of that.
http://www.velocityreviews.com/forums/t57088-entering-32-subnet-mask-on-ppp-wan-interface.html 
 
This has changed from 12.3 something.
Old software permitted /32 mask, new software didn't.

Greg

Hey Guys, just to clarify a few things - this router is also the ADSL modem, the telephone cable connects directly to the WIC.

I can see that the modem is authenticated, the PPP LED is on and the RXD and TXD LEDs are active.  When I connect a computer to one of the FastEthernet ports, I receive an IP address from the dhcp pool but I am unable to ping the same Public IP addresses that I can ping successfully directly from the router.  So I know the loopback0 interface did the trick but something may be wrong with my NAT.

RD

interface ATM0
no ip address
ip nat inside--well this looks wrong
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source route-map nonat interface Dialer0 overload

I would set up the first line as its easier and see if it works.
ie
 add access-list 1
 
 
Greg

please provide us:

sh ip int brief

Hi Guys,

Sorry for the tardy response, I had to go back to the site.  

Ok, I reset the router to factory default then reconfigured the Loopback, Atm and Dialer interfaces leaving out the VPN stuff for the time being and i'm still stuck at a point where I can ping public addresses (using the CLI) when connected to the console port on the router but cannot ping any public addresses when connected to the LAN (fa ports).  I get an address from the DHCP pool, it assigns a gateway and DNS to my nic but I cant pint any public addresses.

In my new config I added access-list 1 as suggested by Greg.

Below is the sh ip int br output:

Triloninc#show ip int br
Interface                  IP-Address      OK? Method Status                Prot
ocol
FastEthernet0              unassigned      YES unset  up                    up

FastEthernet1              unassigned      YES unset  up                    down

FastEthernet2              unassigned      YES unset  up                    down

FastEthernet3              unassigned      YES unset  up                    down

Dot11Radio0                unassigned      YES TFTP   administratively down down

ATM0                            unassigned      YES manual up                    up

Vlan1                           192.168.0.1     YES manual up                    up

Virtual-Dot11Radio0     unassigned      YES TFTP   administratively down down

Virtual-Access1            unassigned      YES unset  up                    up

Dialer0                         65.48.132.91    YES TFTP   up                    up

Loopback0                  65.48.132.91    YES manual up                    up

NVI0                             unassigned      YES unset  up                    up

Virtual-Access2            unassigned      YES unset  up                    up

I've also attached a copy of my new running config for you to review.

Thanks again.

Sorry, somehow the running-config wasnt attached..

Current configuration : 3839 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Triloninc
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$zQP/$4Szj75yXmnOQMrJExAgLu/
!
no aaa new-model
!
resource policy
!
ip subnet-zero
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool Triloninc
   import all
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.1
   dns-server 205.214.192.201 205.214.192.202
   domain-name Inside.local
!
!
no ip domain lookup
ip domain name Triloninc.com
ip name-server 205.214.192.201
ip name-server 205.214.192.202
!
!
crypto pki trustpoint TP-self-signed-1934165822
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1934165822
 revocation-check none
 rsakeypair TP-self-signed-1934165822
!
!
!
crypto pki certificate chain TP-self-signed-1934165822
 certificate self-signed 01
quit
username xxxx password 0 xxxxxx
!
!
!
!
!
interface Loopback0
 ip address x.x.x.x 255.255.255.255
!
interface ATM0
 no ip address
 ip virtual-reassembly
 no ip route-cache cef
 no ip mroute-cache
 no atm ilmi-keepalive
 pvc 0/36
  encapsulation aal5autoppp Virtual-Template1
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
 no ip address
 shutdown
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
 54.0
 station-role root
!
interface Vlan1
 description VLAN 1
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface Dialer0
 description ADSL Dialer
 ip unnumbered Loopback0
ip nat outside
 no ip virtual-reassembly
 encapsulation ppp
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp chap hostname xxxxxx
 ppp chap password 0 xxxxxx
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
access-list 1 permit 192.168.0.0 0.0.0.255
no cdp run
!
control-plane
!
!
line con 0
 password xxxxx
 login local
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
end

Select allOpen in new window

Hey, my initial issue was assigning my ISPs static address and subnetmask (255.255.255.255) in the dialer interface, it gave an error "Bad mask /32 for address x.x.x.x".

When I use the loopback interface, I can enter my static IP with a /32 netmask - this is the only method that has worked for me so far.  If I disable the loopback interface, I wont be able to use my static IP (open for an alternative suggestion).

I edited the config - "ip nat inside source list 1 interface Dialer0 overload"
Still unable to ping public addresses from the LAN

Hey Guys,

Taking out that loopback interface and changing the subnet mask to a /24 did the trick.

The router is currently connected to the internet and I can browse.

Thanks so much for your help,

Ricardo.