Solved

BT Infinity - Cisco Router

Posted on 2013-05-23
12
963 Views
Last Modified: 2013-11-13
hi,

I have just had BT Infinity 1 installed and would like to replace the BT Home Hub with something that allows me to have several internal networks.

I have a couple of Cisco 1841 routers that I thought might work and have got one mostly configured.

From the router I can ping www.google.com and bbc.co.uk and it gives a laptop an IP address and dns.

From the laptop I can ping the internal and external address but get no internet access.

My config is as per the attached file (with changes to IP and passwords but nothing that should affect the connectivity I believe).

Please could someone tell me what I am missing because I hope it is simple?

Also, am considering a Cisco ASA 5505 as would like to stick to Cisco at the moment presumably this should work as I would like with it routing to a couple of different networks?

Many thanks
1841-Config-ALTERNATIVE-BETTER--.txt
0
Comment
Question by:IT_RSLSteeper
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 2
12 Comments
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39190346
This config is not full

You have an access list configured on interface Dialer

ip access-group 101 in

But I can not see it the config

And  I can not see access list 1 defined here:

ip nat inside source list 1 interface Dialer1 overload
0
 

Author Comment

by:IT_RSLSteeper
ID: 39190482
Hi Thanks for the reply.

I now see the bit you mean.

I thought the file I attached was a copy of the actual config from the router but as you say it isn't. I cannot find the config saved on my machine as I thought it had been and the router is on a different site that I have no access to at the moment.

I will get the config later today and have another look and then come back.

Thanks again for the pointer.
0
 

Author Comment

by:IT_RSLSteeper
ID: 39191488
I have removed the ip access group command and still have full access to the internet from the router but as yet am blind to why the laptop has no access.

I have attached a show run and show ip route for info if any further details are required please let me know as really want to know what I am missing.

I have replaced the original network with 172.16.0 so it looks a little odd in show ip route, thought that was better for security but let me know if I am just mad and making it more difficult to troubleshoot.

Thanks
config-for-ee.txt
0
Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

 
LVL 17

Expert Comment

by:pergr
ID: 39192192
According to the routing table the Dialer1 interface has two different IP addresses, which is strange.

Perhaps when you NAT you get one of those IPs, and when you ping from the router you get the other one as source.

If you reboot the Cisco, do you get two addresses again?
0
 

Author Comment

by:IT_RSLSteeper
ID: 39193350
Thanks Pergr

Yes when I reboot I get both.

I have tried extended ping commands to www.google.co.uk to use the 86. address as the source and it is successful but if I use the 217. address I get the following error message:

% Invalid source. Must use same-VRF IP address or full interface name without spaces (e.g. Serial0/1)

From the laptop I can ping the 86. address but not the 217. address.

I have also now included the show ip interface brief results just in case they help.

I am studying for my CCNA at the moment so understand bits but still early days. Would really like to get this working as I feel it is so close!

Thanks for the help.
ip-int-bri.txt
0
 
LVL 18

Accepted Solution

by:
fgasimzade earned 500 total points
ID: 39193440
You need to add the following:

access-list 1 permit 172.16.0.1 0.0.0.255
0
 

Author Comment

by:IT_RSLSteeper
ID: 39193454
Thanks for the reply fgasimzade

I will try that when I get back to site.

I am still learning the access list stuff on the CCNA, and not sure I understand why that would need to be added would you mind providing some explanation if you have time?

Is it to do with ip nat inside source list 1 and you need to specifically permit access?

Thanks
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39193466
Sure.

You have a NAT configured here:

ip nat inside source list 1 interface Dialer1 overload

1 here means "look at the access-list 1 and NAT only those subnets mentioned in that access list"

However, you did not have that access-list defined, so you need to add:

access-list 1 permit 172.16.0.1 0.0.0.255
0
 

Author Comment

by:IT_RSLSteeper
ID: 39193518
Thanks again fgasimzade, great explanation and makes perfect sense.

I have even just found it in my CCNA book but am glad you confirmed it, especially as some of the book I have found difficult to understand.

As soon as I have added the command I will post back with hopefully successful results :-)

Can I ask in this thread if there are any recommended firewalls I should / could use with this setup?

I intend to do the CCNA Security after the CCNA and so something that might assist basic understand towards that would be great and not too expensive. I was thinking of an ASA 5505 but presume I could replace the 1841 with that?

Thanks again
0
 
LVL 18

Expert Comment

by:fgasimzade
ID: 39193525
Yes, 5505 is a good one and you can replace your router with it
0
 
LVL 17

Expert Comment

by:pergr
ID: 39193532
You may want to try the Juniper SRX100, and the free Juniper training/certification in the Fast Track program :)
0
 

Author Closing Comment

by:IT_RSLSteeper
ID: 39196087
thanks again fgasimzade that was exactly what it was. As soon as I added that command I had access.

I will look at the 5505 and the Juniper SRX100 and have a think. thanks for the support.
0

Featured Post

How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Macbook Sierra OS OpenVPN issue 13 200
Cisco 3560 Switch with Multiple Gateways 10 90
Home internet speed 20 57
Site cannot be reached ONLY when connected to modem 18 56
We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question