07-28-2003 11:04 AM - edited 03-02-2019 09:10 AM
Hi there, I've been thrown in at the deep end and have to config a 1721, using BT (British Telecom) broadband in the UK.
I've some config inserted (see below) and can do the following:
-ping the fastethernet0 if from a laptop.
-ping the atm0 if from a laptop.
-ping the laptop from the router
-ping the outside world from the router.
-dns seems to work from the router side- resolving names properly.
I can't do the following:
-ping the outside world through adsl from the laptop
-anything else- web browse, etc- from the laptop.
(btw: I've got the router hooked to the adsl line, the router's fastethernet if hooked to a hub, and a laptop hooked to the hub also. The laptop is using an ip address in the same range as fastethernet0, and has a default gateway set to the ip of fastethernet0.)
I'm pretty sure I'm missing something, but I'm not sure what. I'm thinking it's something dodgy in my access lists?
Anyway- I don't want to nat or anything from the router- there's a firewall going in that will apparently be doing that, so I just need to get mail, web, dns- the usual stuff really- working from the client's side.
Here's my config:
show running-config
Building configuration...
Current configuration : 1646 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname changed
!
!
ip subnet-zero
ip name-server 213.120.62.98
ip name-server 213.120.62.99
ip name-server 213.120.62.103
ip name-server 213.120.62.104
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
hold-queue 224 in
!
interface FastEthernet0
ip address 192.168.1.100 255.255.255.0
speed auto
!
interface Dialer0
ip address x.x.x.x 255.255.255.240
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname name@domain.com
ppp chap password 7 changed
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.1.0 255.255.255.0 FastEthernet0
no ip http server
!
!
access-list 103 deny ip 192.168.1.0 0.0.0.255 any log
access-list 103 permit udp any any eq netbios-ns log
access-list 103 permit tcp any any eq 139 log
access-list 103 permit tcp any any eq ident
access-list 103 permit tcp any any eq ftp
access-list 103 permit tcp any any eq 8081
access-list 103 permit icmp any any administratively-prohibited
access-list 103 permit icmp any any echo
access-list 103 permit icmp any any echo-reply
access-list 103 permit icmp any any packet-too-big
access-list 103 permit icmp any any time-exceeded
access-list 103 permit icmp any any traceroute
access-list 103 permit icmp any any unreachable
access-list 103 deny ip any any log
dialer-list 1 protocol ip permit
!
line con 0
line aux 0
line vty 0 4
login
end
If anyone can help, there's a pint in it for you if you're ever in Scotland!
cheers-
0r8it
Solved! Go to Solution.
07-28-2003 11:26 AM
0r8it,
For your scenario to work you have to configure NAT. Your internal addressing is using RFC 1918 address's so you need to have NAT configured.
You can add this to your config for simple Internet connectivity.
config t
access-list 101 permit 192.168.1.0 0.0.0.255 any
ip nat inside source list 101 interface dialer 0 over
int fa 0
ip nat inside
exit
int dia 0
ip nat out
07-28-2003 11:26 AM
0r8it,
For your scenario to work you have to configure NAT. Your internal addressing is using RFC 1918 address's so you need to have NAT configured.
You can add this to your config for simple Internet connectivity.
config t
access-list 101 permit 192.168.1.0 0.0.0.255 any
ip nat inside source list 101 interface dialer 0 over
int fa 0
ip nat inside
exit
int dia 0
ip nat out
07-28-2003 11:57 AM
Thanks for that prompt reply- I'll check out the RFC, and try and get my head round it.
07-29-2003 02:27 AM
Hi again- I read the RFC, seems to make sense.
However, when I input the commands, the first one:
"access-list 101 permit 192.168.1.0 0.0.0.255 any"
throws up an 'invalid input' error, detected at the dot between the 192 and 168 quads.
What am I doing wrong?
Appreciate your help-
0r8it
07-29-2003 02:35 AM
I've just discovered that if I enter
"access-list 101 permit ip 192.168.1.0 0.0.0.255 any"
it seems to go in okay. I'm guessing it needed a protocol statement inserted (the 'ip' part)?
Does that look okay to you folks?
cheers-
0r8it
07-29-2003 02:50 AM
Ah- it seems to work okay now. Browsing, etc, from the clients side operating normally.
Thanks to DBellazatin- your response was spot on, and
as promised I'll stand you a beer (or the drink of your choice) if you're ever in Scotland. Awesome!
0r8it
07-29-2003 12:31 PM
0r8it,
I'm glad to hear its working. I'm sorry about the "ip" in the access list. It's been a while since I have set up NAT, but I'm glad to hear its working for you now.
Daniel
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: