837 ADSL PPTP- no DNS?

Unanswered Question
Apr 6th, 2006
User Badges:

Hey folks, hoping someone can help me with this.


Probably pretty simple for most of the minds here, but I'm trying to get a Cisco 837 router (on a 2Mb ADSL connection) working as a PPTP terminator.


I've got what I think is close to a working config; I haven't yet tried PPTP from the outside, however, as I've noticed that this config does not seem to allow me to perform domain lookups. Ie; 'nslookup' from an MS command prompt 'times out' when attempting to contact DNS servers. Name lookups then result in nothing.


The DNS servers are there and alive; I have verified this by reverting to my basic config, and all is then well.


Anyone have any ideas? Config (sanitised) is below.


TIA-


----------------------------------------

version 12.3

service config

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname (changed)

!

boot-start-marker

boot-end-marker

!

enable secret (changed)

!

no aaa new-model

ip subnet-zero

!

!

ip name-server 194.x.x.34

ip name-server 194.x.x.38

ip audit notify log

ip audit po max-events 100

ip ssh break-string

vpdn enable

!

vpdn-group pptp

! Default PPTP VPDN group

accept-dialin

protocol pptp

virtual-template 1

!

no ftp-server write-enable

no scripting tcl init

no scripting tcl encdir

!

!

!

no crypto isakmp enable

!

!

!

!

interface Ethernet0

ip address 192.168.4.254 255.255.255.0

ip nat inside

hold-queue 100 out

!

interface ATM0

no ip address

no atm ilmi-keepalive

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

dsl operating-mode auto

hold-queue 224 in

!

interface FastEthernet1

no ip address

duplex auto

speed auto

!

interface FastEthernet2

no ip address

duplex auto

speed auto

!

interface FastEthernet3

no ip address

duplex auto

speed auto

!

interface FastEthernet4

no ip address

duplex auto

speed auto

!

interface Virtual-Template1

no ip address

peer default ip address pool pptp

ppp encrypt mppe 40

ppp authentication ms-chap

!

interface Dialer0

ip address (external net, /29)

ip access-group 102 in

no ip redirects

no ip unreachables

ip nat outside

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname (hostname)

ppp chap password (password)

!

ip local pool pptp 192.168.4.240 192.168.4.245

ip nat inside source list 101 interface Dialer0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

no ip http server

no ip http secure-server

!

!

access-list 101 remark The local LAN.

access-list 101 permit ip 192.168.4.0 0.0.0.255 any

access-list 102 remark traffic allowed in from internet

access-list 102 permit udp any any eq domain

access-list 102 permit tcp any any eq domain

access-list 102 permit udp any eq isakmp any eq isakmp

access-list 102 permit tcp any any eq 1723

access-list 102 permit gre any any

access-list 102 permit icmp any any unreachable

access-list 102 permit icmp any any echo-reply

access-list 102 permit icmp any any packet-too-big

access-list 102 permit icmp any any time-exceeded

access-list 102 permit icmp any any traceroute

access-list 102 permit icmp any any administratively-prohibited

access-list 102 permit icmp any any echo

dialer-list 1 protocol ip permit

!

control-plane

!

!

line con 0

password (changed)

login

no modem enable

transport preferred all

transport output all

line aux 0

transport preferred all

transport output all

line vty 0 4

password (changed)

login

transport preferred all

transport input all

transport output all

!

scheduler max-task-time 5000

!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
s.jankowski Wed, 04/12/2006 - 07:39
User Badges:
  • Bronze, 100 points or more

I see "no ip address" command under your virtual-template 1 interface configuration. When the virtual-access interface is dynamically created, it will need an IP address. Usually this can be an "ip unnumbered" from another interface.


Another suggestion is try your connection without ppp encryption to make sure the basic setup is working fine.

0r8it Thu, 04/13/2006 - 02:06
User Badges:

Thanks, I'll try that. I'll set the virtual-template 1 to pick up IP unnumbered from the Dialer0.


PPP is necessary- the ISP requires it for authentication.


regards-

Actions

This Discussion