Cisco 871 / PPPOE / NAT problem

Answered Question
Nov 5th, 2008
User Badges:

Hi, I'm trying to configure my router 871 with pppoe dialer on FE4 and a private lan on the FE0-3 port.

The dialer0 it's up and works fine. When, from my console router, I ping a public ip, I receive a response.

When I ping from my pc (in the LAN), I can see the VLAN1 ip address (10.10.10.1) and the public ip assigned to the Dialer0 from the provider.

outside the public ip received from the provider, I can't ping anything....

Anyone can help me to resolve this problem ?


Here my configuration

********************************


no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname <REMOVED>

!

boot-start-marker

boot-end-marker

!

security authentication failure rate 3 log

security passwords min-length 6

logging buffered 51200 warnings

enable secret 5 <REMOVED>

!

no aaa new-model

!

ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 10.10.10.1

!

ip dhcp pool sdm-pool

import all

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

lease 0 2

!

!

no ip domain lookup

ip domain name <REMOVED>

ip name-server 212.90.199.2

ip name-server 212.90.192.190

!

multilink bundle-name authenticated

!

!

username <REMOVED> privilege 15 secret 5 <REMOVED>

!

!

archive

log config

hidekeys

!

!

ip ssh time-out 60

ip ssh authentication-retries 2

!

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

description $ES_WAN$$FW_OUTSIDE$

no ip address

duplex auto

speed auto

pppoe-client dial-pool-number 1

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

interface Dialer0

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname <REMOVED>

ppp chap password 7 <REMOVED>

!

no ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0

!

!

ip http server

ip http access-class 23

ip http authentication local

no ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

dialer-list 1 protocol ip permit

no cdp run

!

!

!

!

control-plane

!

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

login local

no modem enable

transport output telnet

line aux 0

login local

transport output telnet

line vty 0 4

privilege level 15

login local

transport input telnet ssh

!

scheduler max-task-time 5000

End

Correct Answer by ajagadee about 8 years 7 months ago

Hi,


I see that you have enable IP NAT Inside and IP NAT Outside on the inside and outside interfaces but your configuration is missing the below commands.


access-list 1 permit 10.10.10.0 0.0.0.255

ip nat inside source list 1 interface dialer 0 overload


Regards,

Arul


*Pls rate if it helps*



Correct Answer by Tim Smith about 8 years 7 months ago

Hi,


You need to tell the router what traffic to NAT and what address to translate it to.


i.e. You should translate inside addresses to the dialer 0 address.


As a start - try adding this...


access-list 101 permit ip 10.10.10.0 0.0.0.255 any


ip nat inside source list 101 interface Dialer0 overload


Cheers,


Tim

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Tim Smith Wed, 11/05/2008 - 19:11
User Badges:
  • Silver, 250 points or more

Hi,


You need to tell the router what traffic to NAT and what address to translate it to.


i.e. You should translate inside addresses to the dialer 0 address.


As a start - try adding this...


access-list 101 permit ip 10.10.10.0 0.0.0.255 any


ip nat inside source list 101 interface Dialer0 overload


Cheers,


Tim

Correct Answer
ajagadee Wed, 11/05/2008 - 19:21
User Badges:
  • Cisco Employee,

Hi,


I see that you have enable IP NAT Inside and IP NAT Outside on the inside and outside interfaces but your configuration is missing the below commands.


access-list 1 permit 10.10.10.0 0.0.0.255

ip nat inside source list 1 interface dialer 0 overload


Regards,

Arul


*Pls rate if it helps*



Actions

This Discussion