Cisco 871 / PPPOE / NAT problem

Answered Question
Nov 5th, 2008

Hi, I'm trying to configure my router 871 with pppoe dialer on FE4 and a private lan on the FE0-3 port.

The dialer0 it's up and works fine. When, from my console router, I ping a public ip, I receive a response.

When I ping from my pc (in the LAN), I can see the VLAN1 ip address (10.10.10.1) and the public ip assigned to the Dialer0 from the provider.

outside the public ip received from the provider, I can't ping anything....

Anyone can help me to resolve this problem ?


Here my configuration

********************************


no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname <REMOVED>

!

boot-start-marker

boot-end-marker

!

security authentication failure rate 3 log

security passwords min-length 6

logging buffered 51200 warnings

enable secret 5 <REMOVED>

!

no aaa new-model

!

ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 10.10.10.1

!

ip dhcp pool sdm-pool

import all

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

lease 0 2

!

!

no ip domain lookup

ip domain name <REMOVED>

ip name-server 212.90.199.2

ip name-server 212.90.192.190

!

multilink bundle-name authenticated

!

!

username <REMOVED> privilege 15 secret 5 <REMOVED>

!

!

archive

log config

hidekeys

!

!

ip ssh time-out 60

ip ssh authentication-retries 2

!

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

description $ES_WAN$$FW_OUTSIDE$

no ip address

duplex auto

speed auto

pppoe-client dial-pool-number 1

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

interface Dialer0

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname <REMOVED>

ppp chap password 7 <REMOVED>

!

no ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0

!

!

ip http server

ip http access-class 23

ip http authentication local

no ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

dialer-list 1 protocol ip permit

no cdp run

!

!

!

!

control-plane

!

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

login local

no modem enable

transport output telnet

line aux 0

login local

transport output telnet

line vty 0 4

privilege level 15

login local

transport input telnet ssh

!

scheduler max-task-time 5000

End

Correct Answer by ajagadee about 8 years 3 months ago

Hi,


I see that you have enable IP NAT Inside and IP NAT Outside on the inside and outside interfaces but your configuration is missing the below commands.


access-list 1 permit 10.10.10.0 0.0.0.255

ip nat inside source list 1 interface dialer 0 overload


Regards,

Arul


*Pls rate if it helps*



Correct Answer by Tim Smith about 8 years 3 months ago

Hi,


You need to tell the router what traffic to NAT and what address to translate it to.


i.e. You should translate inside addresses to the dialer 0 address.


As a start - try adding this...


access-list 101 permit ip 10.10.10.0 0.0.0.255 any


ip nat inside source list 101 interface Dialer0 overload


Cheers,


Tim

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Tim Smith Wed, 11/05/2008 - 19:11

Hi,


You need to tell the router what traffic to NAT and what address to translate it to.


i.e. You should translate inside addresses to the dialer 0 address.


As a start - try adding this...


access-list 101 permit ip 10.10.10.0 0.0.0.255 any


ip nat inside source list 101 interface Dialer0 overload


Cheers,


Tim

Correct Answer
ajagadee Wed, 11/05/2008 - 19:21

Hi,


I see that you have enable IP NAT Inside and IP NAT Outside on the inside and outside interfaces but your configuration is missing the below commands.


access-list 1 permit 10.10.10.0 0.0.0.255

ip nat inside source list 1 interface dialer 0 overload


Regards,

Arul


*Pls rate if it helps*



Actions

This Discussion