otto45
asked on
Config for Cisco 1720 T1
I know next to nothing about Cisco routers, but even so I foolishly decided to tackle the task of setting up a Cisco router on my own and things have not gone well. I just had a T1 line installed in my home. I have a Cisco 1720 Router with a WIC 1DSU T1 card installed. I'm not sure if it matters, but I will be using this line primarily to VPN into my employer's corporate network.
My service provider gave me the following information:
WAN Network: 4.28.49.100/30
Gateway: 4.28.49.101
WAN: 4.28.49.102
Cust LAN IPs: 4.28.49.104/30
DNS:
209.244.0.3 primary
209.244.0.4 secondary
encapsulation: PPP
crc: 16
This is a home network. I have a PIX 501 firewall that I would like to add to the mix as well as a Linksys WRT54G (v1) wireless router, but these can wait till later.
I can connect to my Cisco 1720 router through a serial cable. I have tried using sample configurations I found on the Internet and doing my best to figure out how to modify them to meet my needs, but so far nothing has worked. I have also tried using the Cisco ConfigMaker application. In ConfigMaker I added devices for EthernetLAN, Cisco 1720 Router, and Internet. I connected EthernetLAN and Cisco1720 devices with an Ethernet connection with the IP address 192.168.1.2. I connected the Cisco1720 and Internet devices with a PPP connection and tried assigning it all four IP addresses (one at a time) given to my by my service provider. After each alteration I used the Deliver Configuration Wizard to push the configuration out to the router. Each time the ethernet indicators on the router light up as does the CD indicator on the WIC, but the LP indicator never lights up. (The WIC 0/0 indicator is lit.)
The ideal solution would be one that holds my hand through the configuration process with step-by-step instructions. However, I am not entirely technically deficient, so a solution that includes a sample configuration would be just as welcome -- as long as it is a full configuration and not just the parts that relate to the T1 (I don't know what it is that I don't know).
Please let me know if there are any further details I can provide or if there is any additional info I should request from my service provider.
My service provider gave me the following information:
WAN Network: 4.28.49.100/30
Gateway: 4.28.49.101
WAN: 4.28.49.102
Cust LAN IPs: 4.28.49.104/30
DNS:
209.244.0.3 primary
209.244.0.4 secondary
encapsulation: PPP
crc: 16
This is a home network. I have a PIX 501 firewall that I would like to add to the mix as well as a Linksys WRT54G (v1) wireless router, but these can wait till later.
I can connect to my Cisco 1720 router through a serial cable. I have tried using sample configurations I found on the Internet and doing my best to figure out how to modify them to meet my needs, but so far nothing has worked. I have also tried using the Cisco ConfigMaker application. In ConfigMaker I added devices for EthernetLAN, Cisco 1720 Router, and Internet. I connected EthernetLAN and Cisco1720 devices with an Ethernet connection with the IP address 192.168.1.2. I connected the Cisco1720 and Internet devices with a PPP connection and tried assigning it all four IP addresses (one at a time) given to my by my service provider. After each alteration I used the Deliver Configuration Wizard to push the configuration out to the router. Each time the ethernet indicators on the router light up as does the CD indicator on the WIC, but the LP indicator never lights up. (The WIC 0/0 indicator is lit.)
The ideal solution would be one that holds my hand through the configuration process with step-by-step instructions. However, I am not entirely technically deficient, so a solution that includes a sample configuration would be just as welcome -- as long as it is a full configuration and not just the parts that relate to the T1 (I don't know what it is that I don't know).
Please let me know if there are any further details I can provide or if there is any additional info I should request from my service provider.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
A note, my configuration example is assuming you have full T1.
ASKER
SIM50, thanks for you quick reply. I've used the information you provided to configure the router, but I am still unable to reach the Internet. Below is transcript of my terminal session into the router. In addition, I connected my computer directly into the router and changed its IPv4 settings to use the IP, default gateway, and network mask that you suggested. I can ping the router using 192.168.2.1 but I cannot ping 4.28.49.101 or 4.28.49.102 or any other external IP address.
Note from the transcript that I was unable to execute the two 'ip virtual-reassembly' settings or the 'duplex auto' setting.
Please LMK if there are any other settings I should set or if I can provide a 'show' transcript of any sort.
+++++
User Access Verification
Password:
Cisco1720>enable
Password:
Cisco1720#config
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line. End with CNTL/Z.
Cisco1720(config)#config Serial0
^
% Invalid input detected at '^' marker.
Cisco1720(config)#interfac e Serial0
Cisco1720(config-if)#bandw idth 1536
Cisco1720(config-if)#ip address 4.28.49.102 255.255.255.252
Cisco1720(config-if)#no ip redirects
Cisco1720(config-if)#no ip unreachables
Cisco1720(config-if)#no ip proxy-arp
Cisco1720(config-if)#ip virtual-reassembly
^
% Invalid input detected at '^' marker.
Cisco1720(config-if)#ip ?
Interface IP configuration subcommands:
access-group Specify access control for packets
accounting Enable IP accounting on this interface
address Set the IP address of an interface
authentication authentication subcommands
bandwidth-percent Set EIGRP bandwidth limit
broadcast-address Set the broadcast address of an interface
directed-broadcast Enable forwarding of directed broadcasts
hello-interval Configures IP-EIGRP hello interval
helper-address Specify a destination address for UDP broadcasts
hold-time Configures IP-EIGRP hold time
irdp ICMP Router Discovery Protocol
mask-reply Enable sending ICMP Mask Reply messages
mtu Set IP Maximum Transmission Unit
nat NAT interface commands
nhrp NHRP interface subcommands
ospf OSPF interface commands
policy Enable policy routing
probe Enable HP Probe support
proxy-arp Enable proxy ARP
rarp-server Enable RARP server for static arp entries
redirects Enable sending ICMP Redirect messages
rip Router Information Protocol
route-cache Enable fast-switching cache for outgoing packets
rtp RTP parameters
security DDN IP Security Option
split-horizon Perform split horizon
summary-address Perform address summarization
tcp TCP header compression parameters
unnumbered Enable IP processing without an explicit address
unreachables Enable sending ICMP Unreachable messages
verify Enable per packet validation
vrf VPN Routing/Forwarding parameters on the interface
Cisco1720(config-if)#ip nat outside
Cisco1720(config-if)#encap sulation ppp
Cisco1720(config-if)#load- interval 30
Cisco1720(config-if)#no fair-queue
Cisco1720(config-if)#no cdp enable
Cisco1720(config-if)#^Z
Cisco1720#
00:07:15: %SYS-5-CONFIG_I: Configured from console by console
Cisco1720#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Cisco1720(config)#ip route 0.0.0.0 0.0.0.0 4.28.49.101
Cisco1720(config)#end
Cisco1720#
00:07:54: %SYS-5-CONFIG_I: Configured from console by console
Cisco1720#interface FastEthernet0
^
% Invalid input detected at '^' marker.
Cisco1720#config
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line. End with CNTL/Z.
Cisco1720(config)#interfac e FastEthernet0
Cisco1720(config-if)#descr iption internal
Cisco1720(config-if)#ip address 192.168.2.1 255.255.255.0
Cisco1720(config-if)#ip virtual-reassembly
^
% Invalid input detected at '^' marker.
Cisco1720(config-if)#ip nat inside
Cisco1720(config-if)#duple x auto
^
% Invalid input detected at '^' marker.
Cisco1720(config-if)#speed auto
Cisco1720(config-if)#acces s-list 10 permit 192.168.2.0 0.0.0.255
Cisco1720(config)#ip nat inside source list 10 interface serial0 overload
Cisco1720(config)#^Z
Cisco1720#
00:10:35: %SYS-5-CONFIG_I: Configured from console by console
Cisco1720#
Note from the transcript that I was unable to execute the two 'ip virtual-reassembly' settings or the 'duplex auto' setting.
Please LMK if there are any other settings I should set or if I can provide a 'show' transcript of any sort.
+++++
User Access Verification
Password:
Cisco1720>enable
Password:
Cisco1720#config
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line. End with CNTL/Z.
Cisco1720(config)#config Serial0
^
% Invalid input detected at '^' marker.
Cisco1720(config)#interfac
Cisco1720(config-if)#bandw
Cisco1720(config-if)#ip address 4.28.49.102 255.255.255.252
Cisco1720(config-if)#no ip redirects
Cisco1720(config-if)#no ip unreachables
Cisco1720(config-if)#no ip proxy-arp
Cisco1720(config-if)#ip virtual-reassembly
^
% Invalid input detected at '^' marker.
Cisco1720(config-if)#ip ?
Interface IP configuration subcommands:
access-group Specify access control for packets
accounting Enable IP accounting on this interface
address Set the IP address of an interface
authentication authentication subcommands
bandwidth-percent Set EIGRP bandwidth limit
broadcast-address Set the broadcast address of an interface
directed-broadcast Enable forwarding of directed broadcasts
hello-interval Configures IP-EIGRP hello interval
helper-address Specify a destination address for UDP broadcasts
hold-time Configures IP-EIGRP hold time
irdp ICMP Router Discovery Protocol
mask-reply Enable sending ICMP Mask Reply messages
mtu Set IP Maximum Transmission Unit
nat NAT interface commands
nhrp NHRP interface subcommands
ospf OSPF interface commands
policy Enable policy routing
probe Enable HP Probe support
proxy-arp Enable proxy ARP
rarp-server Enable RARP server for static arp entries
redirects Enable sending ICMP Redirect messages
rip Router Information Protocol
route-cache Enable fast-switching cache for outgoing packets
rtp RTP parameters
security DDN IP Security Option
split-horizon Perform split horizon
summary-address Perform address summarization
tcp TCP header compression parameters
unnumbered Enable IP processing without an explicit address
unreachables Enable sending ICMP Unreachable messages
verify Enable per packet validation
vrf VPN Routing/Forwarding parameters on the interface
Cisco1720(config-if)#ip nat outside
Cisco1720(config-if)#encap
Cisco1720(config-if)#load-
Cisco1720(config-if)#no fair-queue
Cisco1720(config-if)#no cdp enable
Cisco1720(config-if)#^Z
Cisco1720#
00:07:15: %SYS-5-CONFIG_I: Configured from console by console
Cisco1720#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Cisco1720(config)#ip route 0.0.0.0 0.0.0.0 4.28.49.101
Cisco1720(config)#end
Cisco1720#
00:07:54: %SYS-5-CONFIG_I: Configured from console by console
Cisco1720#interface FastEthernet0
^
% Invalid input detected at '^' marker.
Cisco1720#config
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line. End with CNTL/Z.
Cisco1720(config)#interfac
Cisco1720(config-if)#descr
Cisco1720(config-if)#ip address 192.168.2.1 255.255.255.0
Cisco1720(config-if)#ip virtual-reassembly
^
% Invalid input detected at '^' marker.
Cisco1720(config-if)#ip nat inside
Cisco1720(config-if)#duple
^
% Invalid input detected at '^' marker.
Cisco1720(config-if)#speed
Cisco1720(config-if)#acces
Cisco1720(config)#ip nat inside source list 10 interface serial0 overload
Cisco1720(config)#^Z
Cisco1720#
00:10:35: %SYS-5-CONFIG_I: Configured from console by console
Cisco1720#
Can you please post your full config?
ASKER
Current running IOS config:
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Cisco1720
!
no logging console
enable password 7 08165E4F071E0912005A
!
!
!
!
!
memory-size iomem 25
ip subnet-zero
no ip domain-lookup
!
!
!
!
interface Serial0
bandwidth 1536
ip address 4.28.49.102 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
encapsulation ppp
load-interval 30
shutdown
no fair-queue
no cdp enable
!
interface FastEthernet0
description internal
ip address 192.168.2.1 255.255.255.0
ip nat inside
speed auto
!
router rip
version 2
network 192.168.1.0
no auto-summary
!
ip nat inside source list 10 interface Serial0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 4.28.49.101
no ip http server
!
access-list 10 permit 192.168.2.0 0.0.0.255
snmp-server community public RO
!
line con 0
exec-timeout 0 0
password 7 10791B180B101E0E1E55
login
line aux 0
line vty 0 4
password 7 0738334D400E15000543
login
!
no scheduler allocate
end
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Cisco1720
!
no logging console
enable password 7 08165E4F071E0912005A
!
!
!
!
!
memory-size iomem 25
ip subnet-zero
no ip domain-lookup
!
!
!
!
interface Serial0
bandwidth 1536
ip address 4.28.49.102 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
encapsulation ppp
load-interval 30
shutdown
no fair-queue
no cdp enable
!
interface FastEthernet0
description internal
ip address 192.168.2.1 255.255.255.0
ip nat inside
speed auto
!
router rip
version 2
network 192.168.1.0
no auto-summary
!
ip nat inside source list 10 interface Serial0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 4.28.49.101
no ip http server
!
access-list 10 permit 192.168.2.0 0.0.0.255
snmp-server community public RO
!
line con 0
exec-timeout 0 0
password 7 10791B180B101E0E1E55
login
line aux 0
line vty 0 4
password 7 0738334D400E15000543
login
!
no scheduler allocate
end
You have to enable serial0 interface. In serial0 config mode type: no shutdown.
Also, in global config mode type:
ip routing
ip cef
Instead of enable password, use enable secret because when you use enable password, it can by decrypted.
Also, in global config mode type:
ip routing
ip cef
Instead of enable password, use enable secret because when you use enable password, it can by decrypted.
ASKER
SIM50, you are a God-send. I have the router up and running. I've had some trouble getting the firewall configured though. I think I've performed the other steps properly, but I'm not sure how to do the step, "Create NAT overload to outside interface.".
Here is the current running config on the firewall:
+++++
no ip address inside
Current IP Address:
no ip address inside
mypix(config)# show ip address outside
System IP Address:
ip address outside 192.168.2.2 255.255.255.0
Current IP Address:
ip address outside 192.168.2.2 255.255.255.0
mypix(config)# ip address inside 192.168.0.1 255.255.255.0
Interface address is not on same subnet as DHCP pool
mypix(config)# clear dhcpd
mypix(config)# ip address inside 192.168.1.1 255.255.255.0
mypix(config)# show ip address inside
System IP Address:
ip address inside 192.168.1.1 255.255.255.0
Current IP Address:
ip address inside 192.168.1.1 255.255.255.0
mypix(config)# show dhcp
Ambiguous command. Please enter more characters.
mypix(config)# show dhcpd
mypix(config)#
mypix#
mypix# enable
Type help or '?' for a list of available commands.
mypix# show ?
At the end of show <command>, use the pipe character '|' followed by:
begin|include|exclude|grep [-v] <regular_exp>, to filter show output.
aaa Enable, disable, or view TACACS+, RADIUS or LOCAL
user authentication, authorization and accounting
aaa-server Define AAA Server group
access-group Bind an access-list to an interface to filter inbound traffic
access-list Add an access list
activation-key Modify activation-key.
age This command is deprecated. See ipsec, isakmp, map, ca commands
alias Administer overlapping addresses with dual NAT.
apply Apply outbound lists to source or destination IP addresses
arp Change or view arp table, set arp timeout value, view statistics
auth-prompt Customize authentication challenge, reject or acceptance prompt
auto-update Configure auto update support
banner Configure login/session banners
blocks Show system buffer utilization
ca CEP (Certificate Enrollment Protocol)
Create and enroll RSA key pairs into a PKI
(Public Key Infrastructure).
capture Capture inbound and outbound packets on one or more interfaces
checksum View configuration information cryptochecksum
chunkstat Display chunk stats
clock Show and set the date and time of PIX
conduit Add conduit access to higher security level network or ICMP
configure Configure from terminal, floppy, memory, network, or
factory-default. The configuration will be merged with the
active configuration except for factory-default in which case
the active configuration is cleared first.
conn Display connection information
console Set idle timeout for the serial console of the PIX
cpu Display cpu usage and cpu profiling operations
Crashinfo Read, write and configure crash write to flash. Force a crash.
crypto Configure IPsec, IKE, and CA
ctiqbe Show the current data stored for each CTIQBE session.
curpriv Display current privilege level
debug Debug packets or ICMP tracings through the PIX Firewall.
dhcpd Configure DHCP Server
dhcprelay Configure DHCP Relay Agent
domain-name Change domain name
dynamic-map Specify a dynamic crypto map template
eeprom show or reprogram the 525 onboard i82559 devices
enable Configure enable passwords
established Allow inbound connections based on established connections
failover Enable/disable PIX failover feature to a standby PIX
filter Enable, disable, or view URL, FTP, HTTPS, Java, and ActiveX filtering
fixup Add or delete PIX service and feature defaults
flashfs Show, destroy, or preserve filesystem information
fragment Configure the IP fragment database
global Specify, delete or view global address pools,
or designate a PAT(Port Address Translated) address
h225 Show the current h225 data stored for each connection.
h245 List the h245 connections.
h323-ras Show the current h323 ras data stored for each connection.
history Display the session command history
http Configure HTTP server
mypix# show running-config
: Saved
:
PIX Version 6.3(5)
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password UIYfoem6BlKWlBbG encrypted
passwd UIYfoem6BlKWlBbG encrypted
hostname mypix
domain-name hairenet.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 192.168.2.2 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 192.168.2.1 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:e28d612e570 eed9086a84 2bef654d56 0
: end
Here is the current running config on the firewall:
+++++
no ip address inside
Current IP Address:
no ip address inside
mypix(config)# show ip address outside
System IP Address:
ip address outside 192.168.2.2 255.255.255.0
Current IP Address:
ip address outside 192.168.2.2 255.255.255.0
mypix(config)# ip address inside 192.168.0.1 255.255.255.0
Interface address is not on same subnet as DHCP pool
mypix(config)# clear dhcpd
mypix(config)# ip address inside 192.168.1.1 255.255.255.0
mypix(config)# show ip address inside
System IP Address:
ip address inside 192.168.1.1 255.255.255.0
Current IP Address:
ip address inside 192.168.1.1 255.255.255.0
mypix(config)# show dhcp
Ambiguous command. Please enter more characters.
mypix(config)# show dhcpd
mypix(config)#
mypix#
mypix# enable
Type help or '?' for a list of available commands.
mypix# show ?
At the end of show <command>, use the pipe character '|' followed by:
begin|include|exclude|grep
aaa Enable, disable, or view TACACS+, RADIUS or LOCAL
user authentication, authorization and accounting
aaa-server Define AAA Server group
access-group Bind an access-list to an interface to filter inbound traffic
access-list Add an access list
activation-key Modify activation-key.
age This command is deprecated. See ipsec, isakmp, map, ca commands
alias Administer overlapping addresses with dual NAT.
apply Apply outbound lists to source or destination IP addresses
arp Change or view arp table, set arp timeout value, view statistics
auth-prompt Customize authentication challenge, reject or acceptance prompt
auto-update Configure auto update support
banner Configure login/session banners
blocks Show system buffer utilization
ca CEP (Certificate Enrollment Protocol)
Create and enroll RSA key pairs into a PKI
(Public Key Infrastructure).
capture Capture inbound and outbound packets on one or more interfaces
checksum View configuration information cryptochecksum
chunkstat Display chunk stats
clock Show and set the date and time of PIX
conduit Add conduit access to higher security level network or ICMP
configure Configure from terminal, floppy, memory, network, or
factory-default. The configuration will be merged with the
active configuration except for factory-default in which case
the active configuration is cleared first.
conn Display connection information
console Set idle timeout for the serial console of the PIX
cpu Display cpu usage and cpu profiling operations
Crashinfo Read, write and configure crash write to flash. Force a crash.
crypto Configure IPsec, IKE, and CA
ctiqbe Show the current data stored for each CTIQBE session.
curpriv Display current privilege level
debug Debug packets or ICMP tracings through the PIX Firewall.
dhcpd Configure DHCP Server
dhcprelay Configure DHCP Relay Agent
domain-name Change domain name
dynamic-map Specify a dynamic crypto map template
eeprom show or reprogram the 525 onboard i82559 devices
enable Configure enable passwords
established Allow inbound connections based on established connections
failover Enable/disable PIX failover feature to a standby PIX
filter Enable, disable, or view URL, FTP, HTTPS, Java, and ActiveX filtering
fixup Add or delete PIX service and feature defaults
flashfs Show, destroy, or preserve filesystem information
fragment Configure the IP fragment database
global Specify, delete or view global address pools,
or designate a PAT(Port Address Translated) address
h225 Show the current h225 data stored for each connection.
h245 List the h245 connections.
h323-ras Show the current h323 ras data stored for each connection.
history Display the session command history
http Configure HTTP server
mypix# show running-config
: Saved
:
PIX Version 6.3(5)
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password UIYfoem6BlKWlBbG encrypted
passwd UIYfoem6BlKWlBbG encrypted
hostname mypix
domain-name hairenet.com
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 192.168.2.2 255.255.255.0
ip address inside 192.168.1.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
route outside 0.0.0.0 0.0.0.0 192.168.2.1 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http 192.168.2.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
Cryptochecksum:e28d612e570
: end
Glad to help. In PIX, enter the following command:
nat (inside) 1 192.168.2.0 255.255.255.0
nat (inside) 1 192.168.2.0 255.255.255.0
sorry for mistake. it's nat (inside) 1 192.168.1.0 255.255.255.0
ASKER
Many thanks to SIM50 for his quick and extremely helpful response.