We help IT Professionals succeed at work.

Cisco 877 configuration

dwknight asked

I have not used a cisco router in a while and was after a step by step guide in configuring the cisco 877 from hyperterminal.

I have attempted to use the configuration manager (SDM) and find that I am getting lost in the syntax of what I need to do.

I am looking to do the following:

1. Configure the router to connect to Bigpond ADSL (Australia) using PPPoA using a dynamic ip address (ISP is providing a reserved DHCP address).
2. Have the ADSL port as the default route for the 192.x.x.x  (1) traffic
3. Have the IP address on FE 0 as 192.x.x.1 / 24 as the default gateway for the internal network.
4. Have nat on the internal FastEthernet 0 interface
5. Set the rules to allow pretty much anything from inside the network out and established from inside to reply.
6. Set the incoming rules to allow SMTP / RDP / Web / Secure Web / Sharepoint and VPN ports through to an internal server.
7. Set up a VPN with a preshared key on the router to a site office for inter office network communication.

As mentioned above, I am getting lost in the project requirements due to the length of time it has been since I last worked on a cisco router. Please note I am looking for a specific step by step guide, not a web link to a general Cisco configuration page - already been there.

I know that I am asking a lot, and many thanks for any assistance that you can provide.
Watch Question

If you need to use the GUI to configure this use CCP http://www.cisco.com/cisco/software/release.html?mdfid=281795035&softwareid=282159854&release=2.5&relind=AVAILABLE&rellifecycle=&reltype=latest .

1 Never configured this before, just use SDM or consult this doc (Configuring PPP over ATM with NAT)
2 ip route dialer 0

3 ip dhcp pool LAN

4 ip nat inside source list 1 int daler 0 overload
  access-list 1 permit

5 ip inspect name TO_INTERNET tcp
   ip inspect name TO_INTERNET udp
   ip inspect name TO_INTERNET http
   ip inspect name TO_INTERNET https
   ip inspect name TO_INTERNET ftp
   int dialer 0
   ip inspect TO_INTERNET out

6 ip nat source static tcp 25 interface dialer 0 25 (SMTP)
   ip nat source static tcp 80 interface dialer 0 80 (WEB)
       use the same format for whatever other ports your need

7  Really need more info for your VPN setup....here is just an example, you will have to change config depending on your specific IPs etc.

ip access-list ext 199
crypto isakmp policy 2
encr aes 256
authentication pre-share
group 5
crypto isakmp key PASSWORD address (remote router IP address)
crypto isakmp keepalive 20 5
crypto ipsec transform-set ESPAESSHA esp-aes 256 esp-sha-hmac
crypto map TEMP 2 ipsec-isakmp
set peer (remote router IP address)
set transform-set ESPAESSHA
match address 199


Thank you for your prompt reply.

I have found that the 877 requires vlans to be used... always in the fine print.
The second site ip address is static 201.x.x.x
The site already has an internal dns server.

Many thanks for all of your help.
Sounds like you will need to configure a vlan interface and then assign the vlan to the ports.

int vlan 1
ip add

int fa 0   (been a while since I was in an 800 series, it may be eth 0?)
switchport mode access
switchport access vlan 1
in fa 1
switchport mode access
switchport access vlan 1
in fa 2
switchport mode access
switchport access vlan 1
int fa 3
switchport mode access
switchport access vlan 1

-The fourth port on the 800 series is the WAN port

int fa 4
crypto map TEMP
ip nat outside

-AS for the DNS server, just change the DHCP pool settings accrdingly


Again, you will have to tweak some commands to fit your needs.


Thanks for your advice - sorry about the late reply - I have not had a chance to catch up on this project - Christmas Rush... But wanted to let you know that your assistance has helped out - Many thanks