cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
322
Views
0
Helpful
6
Replies

Assistance requested with Cisco 1721 router over ADSL

0r8it
Level 1
Level 1

Hi there, I've been thrown in at the deep end and have to config a 1721, using BT (British Telecom) broadband in the UK.

I've some config inserted (see below) and can do the following:

-ping the fastethernet0 if from a laptop.

-ping the atm0 if from a laptop.

-ping the laptop from the router

-ping the outside world from the router.

-dns seems to work from the router side- resolving names properly.

I can't do the following:

-ping the outside world through adsl from the laptop

-anything else- web browse, etc- from the laptop.

(btw: I've got the router hooked to the adsl line, the router's fastethernet if hooked to a hub, and a laptop hooked to the hub also. The laptop is using an ip address in the same range as fastethernet0, and has a default gateway set to the ip of fastethernet0.)

I'm pretty sure I'm missing something, but I'm not sure what. I'm thinking it's something dodgy in my access lists?

Anyway- I don't want to nat or anything from the router- there's a firewall going in that will apparently be doing that, so I just need to get mail, web, dns- the usual stuff really- working from the client's side.

Here's my config:

show running-config

Building configuration...

Current configuration : 1646 bytes

!

version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname changed

!

!

ip subnet-zero

ip name-server 213.120.62.98

ip name-server 213.120.62.99

ip name-server 213.120.62.103

ip name-server 213.120.62.104

!

!

!

!

interface ATM0

no ip address

no atm ilmi-keepalive

pvc 0/38

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

dsl operating-mode auto

hold-queue 224 in

!

interface FastEthernet0

ip address 192.168.1.100 255.255.255.0

speed auto

!

interface Dialer0

ip address x.x.x.x 255.255.255.240

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname name@domain.com

ppp chap password 7 changed

!

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

ip route 192.168.1.0 255.255.255.0 FastEthernet0

no ip http server

!

!

access-list 103 deny ip 192.168.1.0 0.0.0.255 any log

access-list 103 permit udp any any eq netbios-ns log

access-list 103 permit tcp any any eq 139 log

access-list 103 permit tcp any any eq ident

access-list 103 permit tcp any any eq ftp

access-list 103 permit tcp any any eq 8081

access-list 103 permit icmp any any administratively-prohibited

access-list 103 permit icmp any any echo

access-list 103 permit icmp any any echo-reply

access-list 103 permit icmp any any packet-too-big

access-list 103 permit icmp any any time-exceeded

access-list 103 permit icmp any any traceroute

access-list 103 permit icmp any any unreachable

access-list 103 deny ip any any log

dialer-list 1 protocol ip permit

!

line con 0

line aux 0

line vty 0 4

login

end

If anyone can help, there's a pint in it for you if you're ever in Scotland!

cheers-

0r8it

1 Accepted Solution

Accepted Solutions

dbellazetin
Level 4
Level 4

0r8it,

For your scenario to work you have to configure NAT. Your internal addressing is using RFC 1918 address's so you need to have NAT configured.

You can add this to your config for simple Internet connectivity.

config t

access-list 101 permit 192.168.1.0 0.0.0.255 any

ip nat inside source list 101 interface dialer 0 over

int fa 0

ip nat inside

exit

int dia 0

ip nat out

View solution in original post

6 Replies 6

dbellazetin
Level 4
Level 4

0r8it,

For your scenario to work you have to configure NAT. Your internal addressing is using RFC 1918 address's so you need to have NAT configured.

You can add this to your config for simple Internet connectivity.

config t

access-list 101 permit 192.168.1.0 0.0.0.255 any

ip nat inside source list 101 interface dialer 0 over

int fa 0

ip nat inside

exit

int dia 0

ip nat out

Thanks for that prompt reply- I'll check out the RFC, and try and get my head round it.

Hi again- I read the RFC, seems to make sense.

However, when I input the commands, the first one:

"access-list 101 permit 192.168.1.0 0.0.0.255 any"

throws up an 'invalid input' error, detected at the dot between the 192 and 168 quads.

What am I doing wrong?

Appreciate your help-

0r8it

I've just discovered that if I enter

"access-list 101 permit ip 192.168.1.0 0.0.0.255 any"

it seems to go in okay. I'm guessing it needed a protocol statement inserted (the 'ip' part)?

Does that look okay to you folks?

cheers-

0r8it

Ah- it seems to work okay now. Browsing, etc, from the clients side operating normally.

Thanks to DBellazatin- your response was spot on, and

as promised I'll stand you a beer (or the drink of your choice) if you're ever in Scotland. Awesome!

0r8it

0r8it,

I'm glad to hear its working. I'm sorry about the "ip" in the access list. It's been a while since I have set up NAT, but I'm glad to hear its working for you now.

Daniel

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: