We have a cisco 1721 having one "FastEthernet 0" and one "Eth 0" interfaces; connecting a DSL line to our internal LAN.
FastEthernet 0 interface is connected to the DSL line via ADSL modem (Zyxel) which is configured as bridge mode.
Eth 0 is connected to our LAN.
The router is configured primarily for IPSec and internet access.
We are able to access internet site from our internal network however the incoming traffic from the internet to our internal LAN (say for a web server hosted in our LAN) access fails.
Please find the configuration on our router as shown below.
I would appreciate if you could help us in configuring for incoming traffic.
My present router sh run details are as follows :--
Current configuration : 1942 bytes
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no aaa new-model
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
--More-- ip subnet-zero
no ip dhcp use vrf connected
no ip ips deny-action ips-interface
no ftp-server write-enable
crypto isakmp policy 1
crypto isakmp key b001 address 111.x.x.20
crypto ipsec transform-set VF_GPRS esp-des esp-md5-hmac
crypto ipsec df-bit clear
crypto map VF_B 10 ipsec-isakmp
set peer 111.x.x.20
set transform-set VF_GPRS
match address b_VF
ip address 172.16.0.1 255.255.255.0
ip nat inside
ip address 130.x.x..49 255.255.255.0 secondary
ip address 130.x.x..44 255.255.255.0
ip nat outside
--More-- no cdp enable
crypto map VF_B
ip default-gateway 130.x.x..1
ip route 0.0.0.0 0.0.0.0 130.x.x..1
no ip http server
no ip http secure-server
ip nat inside source list 101 interface FastEthernet0 overload
ip nat inside source static 172.16.0.6 130.x.x..49
ip access-list extended b_VF
permit ip 172.16.0.0 0.0.0.255 192.168.0.0 0.0.0.255
deny ip any any
ip access-list extended telnet
permit ip host 111.x.x.130 any
permit ip 172.16.0.0 0.0.0.255 any
deny ip any any
access-list 101 deny ip 172.16.0.0 0.0.0.255 192.168.0.0 0.0.0.255
--More-- access-list 101 permit ip 172.16.0.0 0.0.0.255 any
line con 0
line aux 0
line vty 0 4
access-class telnet in