Solved

BT Infinity - Cisco Router

Posted on 2013-05-23
12
944 Views
Last Modified: 2013-11-13
hi,

I have just had BT Infinity 1 installed and would like to replace the BT Home Hub with something that allows me to have several internal networks.

I have a couple of Cisco 1841 routers that I thought might work and have got one mostly configured.

From the router I can ping www.google.com and bbc.co.uk and it gives a laptop an IP address and dns.

From the laptop I can ping the internal and external address but get no internet access.

My config is as per the attached file (with changes to IP and passwords but nothing that should affect the connectivity I believe).

Please could someone tell me what I am missing because I hope it is simple?

Also, am considering a Cisco ASA 5505 as would like to stick to Cisco at the moment presumably this should work as I would like with it routing to a couple of different networks?

Many thanks
1841-Config-ALTERNATIVE-BETTER--.txt
0
Comment
Question by:IT_RSLSteeper
  • 6
  • 4
  • 2
12 Comments
 
LVL 18

Expert Comment

by:fgasimzade
Comment Utility
This config is not full

You have an access list configured on interface Dialer

ip access-group 101 in

But I can not see it the config

And  I can not see access list 1 defined here:

ip nat inside source list 1 interface Dialer1 overload
0
 

Author Comment

by:IT_RSLSteeper
Comment Utility
Hi Thanks for the reply.

I now see the bit you mean.

I thought the file I attached was a copy of the actual config from the router but as you say it isn't. I cannot find the config saved on my machine as I thought it had been and the router is on a different site that I have no access to at the moment.

I will get the config later today and have another look and then come back.

Thanks again for the pointer.
0
 

Author Comment

by:IT_RSLSteeper
Comment Utility
I have removed the ip access group command and still have full access to the internet from the router but as yet am blind to why the laptop has no access.

I have attached a show run and show ip route for info if any further details are required please let me know as really want to know what I am missing.

I have replaced the original network with 172.16.0 so it looks a little odd in show ip route, thought that was better for security but let me know if I am just mad and making it more difficult to troubleshoot.

Thanks
config-for-ee.txt
0
 
LVL 17

Expert Comment

by:pergr
Comment Utility
According to the routing table the Dialer1 interface has two different IP addresses, which is strange.

Perhaps when you NAT you get one of those IPs, and when you ping from the router you get the other one as source.

If you reboot the Cisco, do you get two addresses again?
0
 

Author Comment

by:IT_RSLSteeper
Comment Utility
Thanks Pergr

Yes when I reboot I get both.

I have tried extended ping commands to www.google.co.uk to use the 86. address as the source and it is successful but if I use the 217. address I get the following error message:

% Invalid source. Must use same-VRF IP address or full interface name without spaces (e.g. Serial0/1)

From the laptop I can ping the 86. address but not the 217. address.

I have also now included the show ip interface brief results just in case they help.

I am studying for my CCNA at the moment so understand bits but still early days. Would really like to get this working as I feel it is so close!

Thanks for the help.
ip-int-bri.txt
0
 
LVL 18

Accepted Solution

by:
fgasimzade earned 500 total points
Comment Utility
You need to add the following:

access-list 1 permit 172.16.0.1 0.0.0.255
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:IT_RSLSteeper
Comment Utility
Thanks for the reply fgasimzade

I will try that when I get back to site.

I am still learning the access list stuff on the CCNA, and not sure I understand why that would need to be added would you mind providing some explanation if you have time?

Is it to do with ip nat inside source list 1 and you need to specifically permit access?

Thanks
0
 
LVL 18

Expert Comment

by:fgasimzade
Comment Utility
Sure.

You have a NAT configured here:

ip nat inside source list 1 interface Dialer1 overload

1 here means "look at the access-list 1 and NAT only those subnets mentioned in that access list"

However, you did not have that access-list defined, so you need to add:

access-list 1 permit 172.16.0.1 0.0.0.255
0
 

Author Comment

by:IT_RSLSteeper
Comment Utility
Thanks again fgasimzade, great explanation and makes perfect sense.

I have even just found it in my CCNA book but am glad you confirmed it, especially as some of the book I have found difficult to understand.

As soon as I have added the command I will post back with hopefully successful results :-)

Can I ask in this thread if there are any recommended firewalls I should / could use with this setup?

I intend to do the CCNA Security after the CCNA and so something that might assist basic understand towards that would be great and not too expensive. I was thinking of an ASA 5505 but presume I could replace the 1841 with that?

Thanks again
0
 
LVL 18

Expert Comment

by:fgasimzade
Comment Utility
Yes, 5505 is a good one and you can replace your router with it
0
 
LVL 17

Expert Comment

by:pergr
Comment Utility
You may want to try the Juniper SRX100, and the free Juniper training/certification in the Fast Track program :)
0
 

Author Closing Comment

by:IT_RSLSteeper
Comment Utility
thanks again fgasimzade that was exactly what it was. As soon as I added that command I had access.

I will look at the 5505 and the Juniper SRX100 and have a think. thanks for the support.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

The article explains the protocols and technology which is involved when two computers on different TCP/IP networks communicate with each other. In the diagram, a router is used to segregate two networks. The networks are 192.168.1.0/24 and 192…
SSL is a very common protocol used these days when browsing the web.  The purpose is to provide security to communication, but how does it do it?  There are several pieces at work that have to be setup before SSL will even work and it requires both …
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now