Link to home
Start Free TrialLog in
Avatar of otto45

asked on

Config for Cisco 1720 T1

I know next to nothing about Cisco routers, but even so I foolishly decided to tackle the task of setting up a Cisco router on my own and things have not gone well. I just had a T1 line installed in my home. I have a Cisco 1720 Router with a WIC 1DSU T1 card installed. I'm not sure if it matters, but I will be using this line primarily to VPN into my employer's corporate network.

My service provider gave me the following information:

WAN Network:
Cust LAN IPs:

DNS: primary secondary

encapsulation: PPP
crc: 16

This is a home network. I have a PIX 501 firewall that I would like to add to the mix as well as a Linksys WRT54G (v1) wireless router, but these can wait till later.

I can connect to my Cisco 1720 router through a serial cable. I have tried using sample configurations I found on the Internet and doing my best to figure out how to modify them to meet my needs, but so far nothing has worked. I have also tried using the Cisco ConfigMaker application. In ConfigMaker I added devices for EthernetLAN, Cisco 1720 Router, and Internet. I connected EthernetLAN and Cisco1720 devices with an Ethernet connection with the IP address I connected the Cisco1720 and Internet devices with a PPP connection and tried assigning it all four IP addresses (one at a time) given to my by my service provider. After each alteration I used the Deliver Configuration Wizard to push the configuration out to the router. Each time the ethernet indicators on the router light up as does the CD indicator on the WIC, but the LP indicator never lights up. (The WIC 0/0 indicator is lit.)

The ideal solution would be one that holds my hand through the configuration process with step-by-step instructions. However, I am not entirely technically deficient, so a solution that includes a sample configuration would be just as welcome -- as long as it is a full configuration and not just the parts that relate to the T1 (I don't know what it is that I don't know).

Please let me know if there are any further details I can provide or if there is any additional info I should request from my service provider.
Avatar of SIM50
Flag of United States of America image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
A note, my configuration example is assuming you have full T1.
Avatar of otto45


SIM50, thanks for you quick reply. I've used the information you provided to configure the router, but I am still unable to reach the Internet. Below is transcript of my terminal session into the router. In addition, I connected my computer directly into the router and changed its IPv4 settings to use the IP, default gateway, and network mask that you suggested. I can ping the router using but I cannot ping or or any other external IP address.

Note from the transcript that I was unable to execute the two 'ip virtual-reassembly' settings or the 'duplex auto' setting.

Please LMK if there are any other settings I should set or if I can provide a 'show' transcript of any sort.


User Access Verification

Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line.  End with CNTL/Z.
Cisco1720(config)#config Serial0
% Invalid input detected at '^' marker.

Cisco1720(config)#interface Serial0
Cisco1720(config-if)#bandwidth 1536
Cisco1720(config-if)#ip address
Cisco1720(config-if)#no ip redirects
Cisco1720(config-if)#no ip unreachables
Cisco1720(config-if)#no ip proxy-arp
Cisco1720(config-if)#ip virtual-reassembly
% Invalid input detected at '^' marker.

Cisco1720(config-if)#ip ?
Interface IP configuration subcommands:
  access-group        Specify access control for packets
  accounting          Enable IP accounting on this interface
  address             Set the IP address of an interface
  authentication      authentication subcommands
  bandwidth-percent   Set EIGRP bandwidth limit
  broadcast-address   Set the broadcast address of an interface
  directed-broadcast  Enable forwarding of directed broadcasts
  hello-interval      Configures IP-EIGRP hello interval
  helper-address      Specify a destination address for UDP broadcasts
  hold-time           Configures IP-EIGRP hold time
  irdp                ICMP Router Discovery Protocol
  mask-reply          Enable sending ICMP Mask Reply messages
  mtu                 Set IP Maximum Transmission Unit
  nat                 NAT interface commands
  nhrp                NHRP interface subcommands
  ospf                OSPF interface commands
  policy              Enable policy routing
  probe               Enable HP Probe support
  proxy-arp           Enable proxy ARP
  rarp-server         Enable RARP server for static arp entries
  redirects           Enable sending ICMP Redirect messages
  rip                 Router Information Protocol
  route-cache         Enable fast-switching cache for outgoing packets
  rtp                 RTP parameters
  security            DDN IP Security Option
  split-horizon       Perform split horizon
  summary-address     Perform address summarization
  tcp                 TCP header compression parameters
  unnumbered          Enable IP processing without an explicit address
  unreachables        Enable sending ICMP Unreachable messages
  verify              Enable per packet validation
  vrf                 VPN Routing/Forwarding parameters on the interface

Cisco1720(config-if)#ip nat outside
Cisco1720(config-if)#encapsulation ppp
Cisco1720(config-if)#load-interval 30
Cisco1720(config-if)#no fair-queue
Cisco1720(config-if)#no cdp enable
00:07:15: %SYS-5-CONFIG_I: Configured from console by console
Cisco1720#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Cisco1720(config)#ip route
00:07:54: %SYS-5-CONFIG_I: Configured from console by console
Cisco1720#interface FastEthernet0
% Invalid input detected at '^' marker.

Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line.  End with CNTL/Z.
Cisco1720(config)#interface FastEthernet0
Cisco1720(config-if)#description internal
Cisco1720(config-if)#ip address
Cisco1720(config-if)#ip virtual-reassembly
% Invalid input detected at '^' marker.

Cisco1720(config-if)#ip nat inside
Cisco1720(config-if)#duplex auto
% Invalid input detected at '^' marker.

Cisco1720(config-if)#speed auto
Cisco1720(config-if)#access-list 10 permit
Cisco1720(config)#ip nat inside source list 10 interface serial0 overload
00:10:35: %SYS-5-CONFIG_I: Configured from console by console
Can you please post your full config?
Avatar of otto45


Current running IOS config:

version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
hostname Cisco1720
no logging console
enable password 7 08165E4F071E0912005A
memory-size iomem 25
ip subnet-zero
no ip domain-lookup
interface Serial0
 bandwidth 1536
 ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 encapsulation ppp
 load-interval 30
 no fair-queue
 no cdp enable
interface FastEthernet0
 description internal
 ip address
 ip nat inside
 speed auto
router rip
 version 2
 no auto-summary
ip nat inside source list 10 interface Serial0 overload
ip classless
ip route
no ip http server
access-list 10 permit
snmp-server community public RO
line con 0
 exec-timeout 0 0
 password 7 10791B180B101E0E1E55
line aux 0
line vty 0 4
 password 7 0738334D400E15000543
no scheduler allocate
You have to enable serial0 interface. In serial0 config mode type: no shutdown.
Also, in global config mode type:
ip routing
ip cef

Instead of enable password, use enable secret because when you use enable password, it can by decrypted.
Avatar of otto45


SIM50, you are a God-send. I have the router up and running. I've had some trouble getting the firewall configured though. I think I've performed the other steps properly, but I'm not sure how to do the step, "Create NAT overload to outside interface.".

Here is the current running config on the firewall:


        no ip address inside
Current IP Address:
        no ip address inside
mypix(config)# show ip address outside
System IP Address:
        ip address outside
Current IP Address:
        ip address outside
mypix(config)# ip address inside
Interface address is not on same subnet as DHCP pool
mypix(config)# clear dhcpd
mypix(config)# ip address inside
mypix(config)# show ip address inside
System IP Address:
        ip address inside
Current IP Address:
        ip address inside
mypix(config)# show dhcp
Ambiguous command. Please enter more characters.
mypix(config)# show dhcpd
mypix# enable
Type help or '?' for a list of available commands.
mypix# show ?

At the end of show <command>, use the pipe character '|' followed by:
begin|include|exclude|grep [-v] <regular_exp>, to filter show output.

aaa             Enable, disable, or view TACACS+, RADIUS or LOCAL
                user authentication, authorization and accounting
aaa-server      Define AAA Server group
access-group    Bind an access-list to an interface to filter inbound traffic
access-list     Add an access list
activation-key  Modify activation-key.
age             This command is deprecated. See ipsec, isakmp, map, ca commands
alias           Administer overlapping addresses with dual NAT.
apply           Apply outbound lists to source or destination IP addresses
arp             Change or view arp table, set arp timeout value, view statistics
auth-prompt     Customize authentication challenge, reject or acceptance prompt
auto-update     Configure auto update support
banner          Configure login/session banners
blocks          Show system buffer utilization
ca              CEP (Certificate Enrollment Protocol)
                Create and enroll RSA key pairs into a PKI
                (Public Key Infrastructure).
capture         Capture inbound and outbound packets on one or more interfaces
checksum        View configuration information cryptochecksum
chunkstat       Display chunk stats
clock           Show and set the date and time of PIX
conduit         Add conduit access to higher security level network or ICMP
configure       Configure from terminal, floppy, memory, network, or
                factory-default.  The configuration will be merged with the
                active configuration except for factory-default in which case
                the active configuration is cleared first.
conn            Display connection information
console         Set idle timeout for the serial console of the PIX
cpu             Display cpu usage and cpu profiling operations
Crashinfo       Read, write and configure crash write to flash. Force a crash.
crypto          Configure IPsec, IKE, and CA
ctiqbe          Show the current data stored for each CTIQBE session.
curpriv         Display current privilege level
debug           Debug packets or ICMP tracings through the PIX Firewall.
dhcpd           Configure DHCP Server
dhcprelay       Configure DHCP Relay Agent
domain-name     Change domain name
dynamic-map     Specify a dynamic crypto map template
eeprom          show or reprogram the 525 onboard i82559 devices
enable          Configure enable passwords
established     Allow inbound connections based on established connections
failover        Enable/disable PIX failover feature to a standby PIX
filter          Enable, disable, or view URL, FTP, HTTPS, Java, and ActiveX filtering
fixup           Add or delete PIX service and feature defaults
flashfs         Show, destroy, or preserve filesystem information
fragment        Configure the IP fragment database
global          Specify, delete or view global address pools,
                or designate a PAT(Port Address Translated) address
h225            Show the current h225 data stored for each connection.
h245            List the h245 connections.
h323-ras        Show the current h323 ras data stored for each connection.
history         Display the session command history
http            Configure HTTP server
mypix# show running-config
: Saved
PIX Version 6.3(5)
interface ethernet0 100full
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password UIYfoem6BlKWlBbG encrypted
passwd UIYfoem6BlKWlBbG encrypted
hostname mypix
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside
ip address inside
ip audit info action alarm
ip audit attack action alarm
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0 0
route outside 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
telnet timeout 5
ssh timeout 5
console timeout 0
terminal width 80
: end
Glad to help. In PIX, enter the following command:
nat (inside) 1
sorry for mistake. it's nat (inside) 1
Avatar of otto45


Many thanks to SIM50 for his quick and extremely helpful response.