Hello,
We have a cisco 1721 having one "FastEthernet 0" and one "Eth 0" interfaces; connecting a DSL line to our internal LAN.
FastEthernet 0 interface is connected to the DSL line via ADSL modem (Zyxel) which is configured as bridge mode.
Eth 0 is connected to our LAN.
The router is configured primarily for IPSec and internet access.
We are able to access internet site from our internal network however the incoming traffic from the internet to our internal LAN (say for a web server hosted in our LAN) access fails.
Please find the configuration on our router as shown below.
I would appreciate if you could help us in configuring for incoming traffic.
Thank you
Ramie
My present router sh run details are as follows :--
sh run
Building configuration...
Current configuration : 1942 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
--More-- ip subnet-zero
!
!
no ip dhcp use vrf connected
!
!
ip cef
no ip ips deny-action ips-interface
!
no ftp-server write-enable
!
!
!
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
lifetime 3600
crypto isakmp key b001 address 111.x.x.20
!
--More-- !
crypto ipsec transform-set VF_GPRS esp-des esp-md5-hmac
crypto ipsec df-bit clear
!
crypto map VF_B 10 ipsec-isakmp
set peer 111.x.x.20
set transform-set VF_GPRS
match address b_VF
!
!
!
interface Ethernet0
ip address 172.16.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
half-duplex
!
interface FastEthernet0
ip address 130.x.x..49 255.255.255.0 secondary
ip address 130.x.x..44 255.255.255.0
ip nat outside
ip virtual-reassembly
speed auto
--More-- no cdp enable
crypto map VF_B
!
ip default-gateway 130.x.x..1
ip classless
ip route 0.0.0.0 0.0.0.0 130.x.x..1
no ip http server
no ip http secure-server
!
ip nat inside source list 101 interface FastEthernet0 overload
ip nat inside source static 172.16.0.6 130.x.x..49
!
!
!
ip access-list extended b_VF
permit ip 172.16.0.0 0.0.0.255 192.168.0.0 0.0.0.255
deny ip any any
ip access-list extended telnet
permit ip host 111.x.x.130 any
permit ip 172.16.0.0 0.0.0.255 any
deny ip any any
access-list 101 deny ip 172.16.0.0 0.0.0.255 192.168.0.0 0.0.0.255
--More-- access-list 101 permit ip 172.16.0.0 0.0.0.255 any
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
access-class telnet in
login local
!
end