Craig Walker
asked on
Remote logon
Hi,
Having just got my cisco 877VA router up and running I have now noticed that a day or two later when being away from home everything locally seems to work fine but I have a network aquarium controller for my tank that I can log on to remotely to check the parameters and alter several devices on my aquarium, I can't seem to see my aquarium controller externally i.e. from the internet I can usually check this on my ipad when I work away but I don't seem to see it now although it's still there locally.
I have checked all I.P. addresses and I've checked that I can see port 80 and can ping cannonz.dyndns.org which I can, it previously worked before I upgraded to my new cisco router.
Could someone please help me as what could be wrong.
Having just got my cisco 877VA router up and running I have now noticed that a day or two later when being away from home everything locally seems to work fine but I have a network aquarium controller for my tank that I can log on to remotely to check the parameters and alter several devices on my aquarium, I can't seem to see my aquarium controller externally i.e. from the internet I can usually check this on my ipad when I work away but I don't seem to see it now although it's still there locally.
I have checked all I.P. addresses and I've checked that I can see port 80 and can ping cannonz.dyndns.org which I can, it previously worked before I upgraded to my new cisco router.
Could someone please help me as what could be wrong.
ASKER
Hi,
I have already checked subnet & gateway on the controller and that's fine I can still connect locally fine to it.
Here is my config and know there is probably more in here than I need but i'm unsure how to remove it in case I screw up my working config.
-------------------------- ------
aaa session-id common
!
memory-size iomem 10
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3233774123
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi cate-32337 74123
revocation-check none
rsakeypair TP-self-signed-3233774123
!
!
crypto pki certificate chain TP-self-signed-3233774123
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33323333 37373431 3233301E 170D3133 30393137 31333338
30345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 32333337
37343132 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B254 C04208D2 ABF68D18 5B77C54E 7AE24FE2 6493A65E 3D67BDFA AC05CAAD
2209BE2E DC621CE2 5682517E 3CA06F61 0C0FC713 2C0F84D8 FEBBF5CC 81A6EF17
B768E110 C5FC6FB2 2750875C 7203BC16 39335314 CCF32034 5E042C2C 15F03FF1
1BDF97A0 DBA757F9 42783E39 6AF59906 ACA416B4 3EC1E4D5 C935799B 9167D1FC
AB850203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 1403A635 385A6809 603E2C4A FF6F439B 6995E393 A2301D06
03551D0E 04160414 03A63538 5A680960 3E2C4AFF 6F439B69 95E393A2 300D0609
2A864886 F70D0101 05050003 81810073 3157A85E 120A5B1D 6C25453C 0DFB0F82
9156EFF7 64E1A26B 4675C488 EF291E25 6C6C25CB 8CA95AB1 1FF6C2EB C12636D7
50E2B83C A87225B3 87AC7CE1 679B1801 49E4B859 4BED67E2 6783EFB6 A50CC616
C32228AD 625331FD 85361CEC 11E196E9 26D9638E 98D3235A 9D425AE8 1F06FEE0
D332ED58 E0504C61 03F8939E 1EEF55
quit
ip source-route
!
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.2.1 192.168.2.99
!
ip dhcp pool VLAN10
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
domain-name cannonz.dyndns.org
dns-server 208.67.220.220
lease 4
!
ip dhcp pool VLAN20
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
domain-name cannonz.dyndns.org
lease 4
!
!
ip cef
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip inspect name MYFW tcp
ip inspect name MYFW udp
no ipv6 cef
!
!
multilink bundle-name authenticated
vpdn enable
!
license udi pid CISCO887VA-SEC-K9 sn FCZ160592RB
!
!
username sysop privilege 15 password 7 08254E455D4C5D14
!
!
!
!
controller VDSL 0
!
!
!
!
bridge irb
!
!
!
!
interface Ethernet0
no ip address
shutdown
no fair-queue
!
interface ATM0
no ip address
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
description $ES_WAN$
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 2
!
!
interface FastEthernet0
switchport access vlan 20
no ip address
spanning-tree portfast
!
interface FastEthernet1
switchport access vlan 10
no ip address
spanning-tree portfast
!
interface FastEthernet2
switchport access vlan 10
no ip address
spanning-tree portfast
!
interface FastEthernet3
no ip address
pppoe-client dial-pool-number 1
no cdp enable
!
interface Vlan1
ip address 192.168.3.1 255.255.255.0
!
interface Vlan10
description Internal Network
no ip address
ip nat inside
ip virtual-reassembly in
bridge-group 10
bridge-group 10 spanning-disabled
!
interface Vlan20
description Guest Network
no ip address
ip nat inside
ip virtual-reassembly in
bridge-group 20
bridge-group 20 spanning-disabled
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 2
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname ***********************
ppp chap password 7 045A09055E731F
ppp pap sent-username bthomehub@btbroadband.com password 7 00051105550958
!
interface Dialer1
ip address negotiated
ip access-group Internet-inbound-ACL in
ip inspect MYFW out
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username ************************* password 7 141610085D5679
ppp ipcp dns request
ppp ipcp address accept
!
interface BVI10
description Bridge to Internal Network
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface BVI20
description Bridge to Guest Network
ip address 192.168.2.1 255.255.255.0
ip access-group Guest-ACL in
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http secure-server
!
!
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended Guest-ACL
deny ip any 192.168.1.0 0.0.0.255
permit ip any any
ip access-list extended Internet-inbound-ACL
permit udp any eq bootps any eq bootpc
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any traceroute
permit gre any any
permit esp any any
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
dialer-list 1 protocol ip list 1
dialer-list 2 protocol ip permit
!
!
!
!
!
!
!
control-plane
!
bridge 10 route ip
bridge 20 route ip
!
line con 0
password 7 09484C024D504F11
line aux 0
line vty 0 4
password 7 070B23471A5C4106
transport input all
!
end
I have already checked subnet & gateway on the controller and that's fine I can still connect locally fine to it.
Here is my config and know there is probably more in here than I need but i'm unsure how to remove it in case I screw up my working config.
--------------------------
aaa session-id common
!
memory-size iomem 10
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3233774123
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-3233774123
!
!
crypto pki certificate chain TP-self-signed-3233774123
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33323333 37373431 3233301E 170D3133 30393137 31333338
30345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 32333337
37343132 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B254 C04208D2 ABF68D18 5B77C54E 7AE24FE2 6493A65E 3D67BDFA AC05CAAD
2209BE2E DC621CE2 5682517E 3CA06F61 0C0FC713 2C0F84D8 FEBBF5CC 81A6EF17
B768E110 C5FC6FB2 2750875C 7203BC16 39335314 CCF32034 5E042C2C 15F03FF1
1BDF97A0 DBA757F9 42783E39 6AF59906 ACA416B4 3EC1E4D5 C935799B 9167D1FC
AB850203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 1403A635 385A6809 603E2C4A FF6F439B 6995E393 A2301D06
03551D0E 04160414 03A63538 5A680960 3E2C4AFF 6F439B69 95E393A2 300D0609
2A864886 F70D0101 05050003 81810073 3157A85E 120A5B1D 6C25453C 0DFB0F82
9156EFF7 64E1A26B 4675C488 EF291E25 6C6C25CB 8CA95AB1 1FF6C2EB C12636D7
50E2B83C A87225B3 87AC7CE1 679B1801 49E4B859 4BED67E2 6783EFB6 A50CC616
C32228AD 625331FD 85361CEC 11E196E9 26D9638E 98D3235A 9D425AE8 1F06FEE0
D332ED58 E0504C61 03F8939E 1EEF55
quit
ip source-route
!
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.2.1 192.168.2.99
!
ip dhcp pool VLAN10
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
domain-name cannonz.dyndns.org
dns-server 208.67.220.220
lease 4
!
ip dhcp pool VLAN20
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
domain-name cannonz.dyndns.org
lease 4
!
!
ip cef
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip inspect name MYFW tcp
ip inspect name MYFW udp
no ipv6 cef
!
!
multilink bundle-name authenticated
vpdn enable
!
license udi pid CISCO887VA-SEC-K9 sn FCZ160592RB
!
!
username sysop privilege 15 password 7 08254E455D4C5D14
!
!
!
!
controller VDSL 0
!
!
!
!
bridge irb
!
!
!
!
interface Ethernet0
no ip address
shutdown
no fair-queue
!
interface ATM0
no ip address
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
description $ES_WAN$
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 2
!
!
interface FastEthernet0
switchport access vlan 20
no ip address
spanning-tree portfast
!
interface FastEthernet1
switchport access vlan 10
no ip address
spanning-tree portfast
!
interface FastEthernet2
switchport access vlan 10
no ip address
spanning-tree portfast
!
interface FastEthernet3
no ip address
pppoe-client dial-pool-number 1
no cdp enable
!
interface Vlan1
ip address 192.168.3.1 255.255.255.0
!
interface Vlan10
description Internal Network
no ip address
ip nat inside
ip virtual-reassembly in
bridge-group 10
bridge-group 10 spanning-disabled
!
interface Vlan20
description Guest Network
no ip address
ip nat inside
ip virtual-reassembly in
bridge-group 20
bridge-group 20 spanning-disabled
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 2
dialer-group 2
ppp authentication chap pap callin
ppp chap hostname ***********************
ppp chap password 7 045A09055E731F
ppp pap sent-username bthomehub@btbroadband.com password 7 00051105550958
!
interface Dialer1
ip address negotiated
ip access-group Internet-inbound-ACL in
ip inspect MYFW out
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username ************************* password 7 141610085D5679
ppp ipcp dns request
ppp ipcp address accept
!
interface BVI10
description Bridge to Internal Network
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface BVI20
description Bridge to Guest Network
ip address 192.168.2.1 255.255.255.0
ip access-group Guest-ACL in
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http secure-server
!
!
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended Guest-ACL
deny ip any 192.168.1.0 0.0.0.255
permit ip any any
ip access-list extended Internet-inbound-ACL
permit udp any eq bootps any eq bootpc
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any traceroute
permit gre any any
permit esp any any
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
dialer-list 1 protocol ip list 1
dialer-list 2 protocol ip permit
!
!
!
!
!
!
!
control-plane
!
bridge 10 route ip
bridge 20 route ip
!
line con 0
password 7 09484C024D504F11
line aux 0
line vty 0 4
password 7 070B23471A5C4106
transport input all
!
end
There's a lot of stuff in there you don't need. I don't understand why you've got 2 dialer interfaces, or why you're bridging your interfaces - you shouldn't need to do any of that.
Anyhow, the config you posted has no nat statement to allow access to the controller from the internet. Let's assume the controller is using 192.168.1.10 on port 80.
ip nat inside source tcp 192.168.1.10 80 interface dialer0 80
Anyhow, the config you posted has no nat statement to allow access to the controller from the internet. Let's assume the controller is using 192.168.1.10 on port 80.
ip nat inside source tcp 192.168.1.10 80 interface dialer0 80
ASKER
Excuse my lack of cisco skills I'm only just feeling my way around CLI and i'm unsure of what I don't need other than typing no before the command I have to remove but I don't know which ones I don't need.
I basically just need one port with internet access and the rest can go if you can advise me what's not needed then I will remove those.
I have tried to add this command that you have highlighted but is won't seem to accept it I am doing something wrong or do I need to add this in a sub directory.?
conf t
ip nat inside source tcp 192.168.1.140 80 interface dialer0 80
I basically just need one port with internet access and the rest can go if you can advise me what's not needed then I will remove those.
I have tried to add this command that you have highlighted but is won't seem to accept it I am doing something wrong or do I need to add this in a sub directory.?
conf t
ip nat inside source tcp 192.168.1.140 80 interface dialer0 80
Oops my mistake...
ip nat inside source static tcp 192.168.1.140 80 interface dialer0 80
Try that and I'll give you a cleaner config :-)
ip nat inside source static tcp 192.168.1.140 80 interface dialer0 80
Try that and I'll give you a cleaner config :-)
ASKER
Cheers that's it in test and working now :)
a cleaner config would be great
a cleaner config would be great
ASKER
Hi,
Everything appears to be working now.
I would appreciate if you could give me a cleaner config as I have still to setup my Asa 5505 firewall and everytime I try it doesn't appear to work and I'm not sure if it is all that extra stuff I don't need in my router config that's causing it though.
Thanks
Everything appears to be working now.
I would appreciate if you could give me a cleaner config as I have still to setup my Asa 5505 firewall and everytime I try it doesn't appear to work and I'm not sure if it is all that extra stuff I don't need in my router config that's causing it though.
Thanks
Ok here's a cleaner config. It should work exactly the same as what you have now, just with some unnecessary bits removed.
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3233774123
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3233774123
revocation-check none
rsakeypair TP-self-signed-3233774123
!
!
crypto pki certificate chain TP-self-signed-3233774123
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33323333 37373431 3233301E 170D3133 30393137 31333338
30345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 32333337
37343132 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B254 C04208D2 ABF68D18 5B77C54E 7AE24FE2 6493A65E 3D67BDFA AC05CAAD
2209BE2E DC621CE2 5682517E 3CA06F61 0C0FC713 2C0F84D8 FEBBF5CC 81A6EF17
B768E110 C5FC6FB2 2750875C 7203BC16 39335314 CCF32034 5E042C2C 15F03FF1
1BDF97A0 DBA757F9 42783E39 6AF59906 ACA416B4 3EC1E4D5 C935799B 9167D1FC
AB850203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 1403A635 385A6809 603E2C4A FF6F439B 6995E393 A2301D06
03551D0E 04160414 03A63538 5A680960 3E2C4AFF 6F439B69 95E393A2 300D0609
2A864886 F70D0101 05050003 81810073 3157A85E 120A5B1D 6C25453C 0DFB0F82
9156EFF7 64E1A26B 4675C488 EF291E25 6C6C25CB 8CA95AB1 1FF6C2EB C12636D7
50E2B83C A87225B3 87AC7CE1 679B1801 49E4B859 4BED67E2 6783EFB6 A50CC616
C32228AD 625331FD 85361CEC 11E196E9 26D9638E 98D3235A 9D425AE8 1F06FEE0
D332ED58 E0504C61 03F8939E 1EEF55
quit
!
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.2.1 192.168.2.99
!
ip dhcp pool VLAN10
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
domain-name cannonz.dyndns.org
dns-server 208.67.220.220
lease 4
!
ip dhcp pool VLAN20
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
domain-name cannonz.dyndns.org
lease 4
!
!
ip cef
ip name-server 208.67.222.222
ip name-server 208.67.220.22
ip inspect name MYFW tcp
ip inspect name MYFW udp
!
username sysop privilege 15 password 7 08254E455D4C5D14
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
interface FastEthernet0
switchport access vlan 20
no ip address
spanning-tree portfast
!
interface FastEthernet1
switchport access vlan 10
no ip address
spanning-tree portfast
!
interface FastEthernet2
switchport access vlan 10
no ip address
spanning-tree portfast
!
interface Vlan10
description Internal Network
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan20
description Guest Network
ip address 192.168.2.1 255.255.255.0
ip access-group Guest-ACL in
ip nat inside
ip virtual-reassembly in
!
interface Dialer0
ip address negotiated
ip access-group Internet-inbound-ACL in
ip inspect MYFW out
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
dialer persistent
dialer idle-timeout 0
ppp authentication chap callin
ppp chap hostname bthomehub@btbroadband.com
ppp chap password bthomehub@btbroadband.com
ppp ipcp dns request
ppp ipcp address accept
!
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended Guest-ACL
deny ip any 192.168.1.0 0.0.0.255
permit ip any any
ip access-list extended Internet-inbound-ACL
permit udp any eq bootps any eq bootpc
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any traceroute
permit gre any any
permit esp any any
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
!
line con 0
password 7 09484C024D504F11
line aux 0
line vty 0 4
password 7 070B23471A5C4106
transport input all
!
end
ASKER
Nice one thanks ;)
So this is just a paste in and wri mem I take it or will I have to write erase my existing one first then paste and wri mem. ?
So this is just a paste in and wri mem I take it or will I have to write erase my existing one first then paste and wri mem. ?
Erase the current config (back it up first though). Let it reload without saving changes and paste it in.
If it doesn't take all of the config the first time, just paste it in a second time then save it.
If it doesn't work, just put the config you originally had back on it.
If it doesn't take all of the config the first time, just paste it in a second time then save it.
If it doesn't work, just put the config you originally had back on it.
ASKER
Hi i'm now hotspotting from my ipad now as I have copied your updated one in but it appeared to have shutdown my dialer so I issued a no shutdown on that and I now have a cd & PPP chap authentication light on but can't ping anything externally.?
I also tried to paste my old config in and that's not working either :(
Here's where i'm at now with the new config you sent me.
this is a running copy after a reload.
-------------------------- ------
!
no aaa new-model
!
memory-size iomem 10
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3233774123
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi cate-32337 74123
revocation-check none
rsakeypair TP-self-signed-3233774123
!
!
crypto pki certificate chain TP-self-signed-3233774123
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33323333 37373431 3233301E 170D3133 30393137 31333338
30345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 32333337
37343132 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B254 C04208D2 ABF68D18 5B77C54E 7AE24FE2 6493A65E 3D67BDFA AC05CAAD
2209BE2E DC621CE2 5682517E 3CA06F61 0C0FC713 2C0F84D8 FEBBF5CC 81A6EF17
B768E110 C5FC6FB2 2750875C 7203BC16 39335314 CCF32034 5E042C2C 15F03FF1
1BDF97A0 DBA757F9 42783E39 6AF59906 ACA416B4 3EC1E4D5 C935799B 9167D1FC
AB850203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 1403A635 385A6809 603E2C4A FF6F439B 6995E393 A2301D06
03551D0E 04160414 03A63538 5A680960 3E2C4AFF 6F439B69 95E393A2 300D0609
2A864886 F70D0101 05050003 81810073 3157A85E 120A5B1D 6C25453C 0DFB0F82
9156EFF7 64E1A26B 4675C488 EF291E25 6C6C25CB 8CA95AB1 1FF6C2EB C12636D7
50E2B83C A87225B3 87AC7CE1 679B1801 49E4B859 4BED67E2 6783EFB6 A50CC616
C32228AD 625331FD 85361CEC 11E196E9 26D9638E 98D3235A 9D425AE8 1F06FEE0
D332ED58 E0504C61 03F8939E 1EEF55
quit
ip source-route
!
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.2.1 192.168.2.99
!
ip dhcp pool VLAN10
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
domain-name cannonz.dyndns.org
dns-server 208.67.220.220
lease 4
!
ip dhcp pool VLAN20
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
domain-name cannonz.dyndns.org
lease 4
!
!
ip cef
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip inspect name MYFW tcp
ip inspect name MYFW udp
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO887VA-SEC-K9 sn FCZ160592RB
!
!
username sysop privilege 15 password 7 08254E455D4C5D14
!
!
!
!
controller VDSL 0
!
!
!
!
!
!
!
!
interface Ethernet0
no ip address
shutdown
no fair-queue
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
switchport access vlan 20
no ip address
spanning-tree portfast
!
interface FastEthernet1
switchport access vlan 10
no ip address
spanning-tree portfast
!
interface FastEthernet2
switchport access vlan 10
no ip address
spanning-tree portfast
!
interface FastEthernet3
no ip address
!
interface Vlan1
no ip address
!
interface Vlan10
description Internal Network
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan20
description Guest Network
ip address 192.168.2.1 255.255.255.0
!
interface Dialer0
ip address negotiated
ip access-group Internet-inbound-ACL in
ip inspect MYFW out
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
ppp authentication chap callin
ppp chap hostname bthomehub@btbroadband.com
ppp chap password 0 bthomehub@btbroadband.com
ppp ipcp dns request
ppp ipcp address accept
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended Guest-ACL
deny ip any 192.168.1.0 0.0.0.255
permit ip any any
ip access-list extended Internet-inbound-ACL
permit udp any eq bootps any eq bootpc
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any traceroute
permit gre any any
permit esp any any
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
line con 0
password 7 09484C024D504F11
line aux 0
line vty 0 4
password 7 070B23471A5C4106
login
transport input all
!
end
I also tried to paste my old config in and that's not working either :(
Here's where i'm at now with the new config you sent me.
this is a running copy after a reload.
--------------------------
!
no aaa new-model
!
memory-size iomem 10
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3233774123
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-3233774123
!
!
crypto pki certificate chain TP-self-signed-3233774123
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33323333 37373431 3233301E 170D3133 30393137 31333338
30345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 32333337
37343132 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B254 C04208D2 ABF68D18 5B77C54E 7AE24FE2 6493A65E 3D67BDFA AC05CAAD
2209BE2E DC621CE2 5682517E 3CA06F61 0C0FC713 2C0F84D8 FEBBF5CC 81A6EF17
B768E110 C5FC6FB2 2750875C 7203BC16 39335314 CCF32034 5E042C2C 15F03FF1
1BDF97A0 DBA757F9 42783E39 6AF59906 ACA416B4 3EC1E4D5 C935799B 9167D1FC
AB850203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 1403A635 385A6809 603E2C4A FF6F439B 6995E393 A2301D06
03551D0E 04160414 03A63538 5A680960 3E2C4AFF 6F439B69 95E393A2 300D0609
2A864886 F70D0101 05050003 81810073 3157A85E 120A5B1D 6C25453C 0DFB0F82
9156EFF7 64E1A26B 4675C488 EF291E25 6C6C25CB 8CA95AB1 1FF6C2EB C12636D7
50E2B83C A87225B3 87AC7CE1 679B1801 49E4B859 4BED67E2 6783EFB6 A50CC616
C32228AD 625331FD 85361CEC 11E196E9 26D9638E 98D3235A 9D425AE8 1F06FEE0
D332ED58 E0504C61 03F8939E 1EEF55
quit
ip source-route
!
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.2.1 192.168.2.99
!
ip dhcp pool VLAN10
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
domain-name cannonz.dyndns.org
dns-server 208.67.220.220
lease 4
!
ip dhcp pool VLAN20
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
domain-name cannonz.dyndns.org
lease 4
!
!
ip cef
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip inspect name MYFW tcp
ip inspect name MYFW udp
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO887VA-SEC-K9 sn FCZ160592RB
!
!
username sysop privilege 15 password 7 08254E455D4C5D14
!
!
!
!
controller VDSL 0
!
!
!
!
!
!
!
!
interface Ethernet0
no ip address
shutdown
no fair-queue
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
switchport access vlan 20
no ip address
spanning-tree portfast
!
interface FastEthernet1
switchport access vlan 10
no ip address
spanning-tree portfast
!
interface FastEthernet2
switchport access vlan 10
no ip address
spanning-tree portfast
!
interface FastEthernet3
no ip address
!
interface Vlan1
no ip address
!
interface Vlan10
description Internal Network
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan20
description Guest Network
ip address 192.168.2.1 255.255.255.0
!
interface Dialer0
ip address negotiated
ip access-group Internet-inbound-ACL in
ip inspect MYFW out
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
ppp authentication chap callin
ppp chap hostname bthomehub@btbroadband.com
ppp chap password 0 bthomehub@btbroadband.com
ppp ipcp dns request
ppp ipcp address accept
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended Guest-ACL
deny ip any 192.168.1.0 0.0.0.255
permit ip any any
ip access-list extended Internet-inbound-ACL
permit udp any eq bootps any eq bootpc
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any traceroute
permit gre any any
permit esp any any
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
line con 0
password 7 09484C024D504F11
line aux 0
line vty 0 4
password 7 070B23471A5C4106
login
transport input all
!
end
Have you got an IP address on the Dialer interface? Can you post output from the following...
show ip interface brief
show ip route
show ip interface brief
show ip route
ASKER
Yes I have an internet ip on the dialer.
Router#show ip interface brief
Interface IP-Address OK? Method Status Protocol
ATM0 unassigned YES NVRAM up up
Dialer0 86.156.14.41 YES IPCP up up
Ethernet0 unassigned YES NVRAM administratively down down
FastEthernet0 unassigned YES unset down down
FastEthernet1 unassigned YES unset up up
FastEthernet2 unassigned YES unset down down
FastEthernet3 unassigned YES unset down down
NVI0 unassigned YES unset administratively down down
Virtual-Access1 unassigned YES unset up up
Virtual-Access2 unassigned YES unset up up
Vlan1 unassigned YES unset down down
Vlan10 192.168.1.1 YES NVRAM up up
Vlan20 192.168.2.1 YES NVRAM down down
Router#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, Dialer0
86.0.0.0/32 is subnetted, 1 subnets
C 86.156.14.41 is directly connected, Dialer0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Vlan10
L 192.168.1.1/32 is directly connected, Vlan10
217.32.142.0/32 is subnetted, 1 subnets
C 217.32.142.102 is directly connected, Dialer0
Router#show ip interface brief
Interface IP-Address OK? Method Status Protocol
ATM0 unassigned YES NVRAM up up
Dialer0 86.156.14.41 YES IPCP up up
Ethernet0 unassigned YES NVRAM administratively down down
FastEthernet0 unassigned YES unset down down
FastEthernet1 unassigned YES unset up up
FastEthernet2 unassigned YES unset down down
FastEthernet3 unassigned YES unset down down
NVI0 unassigned YES unset administratively down down
Virtual-Access1 unassigned YES unset up up
Virtual-Access2 unassigned YES unset up up
Vlan1 unassigned YES unset down down
Vlan10 192.168.1.1 YES NVRAM up up
Vlan20 192.168.2.1 YES NVRAM down down
Router#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, Dialer0
86.0.0.0/32 is subnetted, 1 subnets
C 86.156.14.41 is directly connected, Dialer0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Vlan10
L 192.168.1.1/32 is directly connected, Vlan10
217.32.142.0/32 is subnetted, 1 subnets
C 217.32.142.102 is directly connected, Dialer0
Ok, that looks good - the dialer interface has an IP address and a default route has been installed.
I think I missed the ip nat outside statement from the dialer:
interface Dialer0
ip nat outside
I think I missed the ip nat outside statement from the dialer:
interface Dialer0
ip nat outside
ASKER
Sorted m8 :)
It's amazing how one or two simple commands can screw you up in the cisco world ;)
wish I knew more about it but I only just get by with the basics for now.
I will now need to check my asa 5510 tomorrow as I've not managed to configure it yet but I think it appears to be an ip issue as It loads up by default with an ip of 192.168.1.1 which is conflicting with my router I think :(
So no doubt you may see another post in the next day or so if I can't resolve that.
Thanks again
It's amazing how one or two simple commands can screw you up in the cisco world ;)
wish I knew more about it but I only just get by with the basics for now.
I will now need to check my asa 5510 tomorrow as I've not managed to configure it yet but I think it appears to be an ip issue as It loads up by default with an ip of 192.168.1.1 which is conflicting with my router I think :(
So no doubt you may see another post in the next day or so if I can't resolve that.
Thanks again
ASKER
sorry I have just run some tests and can't seem to logon remotely to my aquarium controller which is on 192.168.1.140 I have checked the config to see if ip nat inside source static tcp 192.168.1.140 80 interface dialer0 80 is set and it is.
Any suggestions as to what else it could be.
Any suggestions as to what else it could be.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi that seems to have sorted it but the second line couldn't be accpected
but I cut it back to.
permit tcp any any
and that seemed to work will this be ok or is that wrong..?
but I cut it back to.
permit tcp any any
and that seemed to work will this be ok or is that wrong..?
ASKER
Thank you for the help and patience and a resolve...
Also just check that the controller has the correct subnet mask and gateway address.