03-01-2003 11:47 PM - edited 03-02-2019 05:30 AM
--begin ciscomoderator note-- The following post has been edited to remove potentially confidential information. Please refrain from posting confidential information on the site to reduce security risks to your network. -- end ciscomoderator note --
Hello Guys,
i am trying to connect to Internet via my 801 ISDN Router , but this ist not working. With a ping to Internet from my Home PC, i cann get the ISDN up but no possibility to get a internet page open.
her my design and my configuration......
thanks for any help
-----------------------------------------------
HOME PC (10.10.11.2)
|
|
Router FW. 806 Router (10.10.10.2)
|
|
HOME ISDN 801 Router (10.10.10.1)
-------------------------------
service timestamps log uptime
service password-encryption
!
hostname --moderator edit-- router
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxx
!
!
!
!
!
ip subnet-zero
!
no ip domain-lookup
ip name-server --moderator edit-- nnn.nn.n.129
isdn switch-type basic-net3
isdn voice-call-failure 0
!
!
!
interface Ethernet0
ip address 10.10.10.1 255.255.255.0
no ip directed-broadcast
ip nat inside
no cdp enable
!
interface BRI0
no ip address
no ip directed-broadcast
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-net3
no cdp enable
!
interface Dialer0
description CONNECTION TO INTERNET
ip address negotiated
no ip directed-broadcast
ip nat outside
encapsulation ppp
dialer pool 1
dialer idle-timeout 180
dialer string 0192658
dialer-group 1
pulse-time 0
no cdp enable
ppp authentication chap pap callin
ppp chap hostname msn
ppp chap password 7 --moderator edit--
ppp pap sent-username msn password 7 --moderator edit--
!
ip nat inside source list 101 interface Dialer0 overload
no ip http server
no ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.10.11.0 255.255.255.0 10.10.10.2
!
access-list 101 permit ip 10.10.10.0 0.0.0.155 any
dialer-list 1 protocol ip permit
no cdp run
end
--moderator edit-- router#
----------------------------------------
Current configuration : 856 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname --moderator edit-- firewall
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxx
!
ip subnet-zero
no ip domain-lookup
ip dhcp excluded-address 10.10.10.2
!
ip dhcp pool CLIENT
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.2
!
ip ssh time-out 120
ip ssh authentication-retries 3
!
crypto mib ipsec flowmib history tunnel size 200
crypto mib ipsec flowmib history failure size 200
!
!
!
interface Ethernet0
ip address 10.10.11.1 255.255.255.0
hold-queue 100 out
!
interface Ethernet1
ip address 10.10.10.2 255.255.255.0
!
no ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.1
no ip http server
!
!
!
scheduler max-task-time 5000
end
--moderator edit-- firewall#
03-02-2003 09:58 AM
You have configured dialer profiles using "daler pool x" command and i do not see any reason that you need it. dialer profile generally used to bind incoming calls to a specific interface. We are trying to dialout here.
Now to make things easier, remove that and just go for lagecy config which is located at following url which also has exactly the same goal what you are trying to do.
http://www.cisco.com/warp/public/471/ddreasyip.html
The above link also has troubleshooting steps to see where the things are broken. If it still doesn't work,
1)make sure that isdn line is reporing good status for layer 1,2,3..Here is the link for that
http://www.cisco.com/warp/public/129/bri_sh_isdn_stat.html
2)need to see the following debug for a callout.
debug isdn q931
debug ppp nego
debug ppp auth
debug dialer
03-02-2003 10:14 PM
For the PC with ip address 10.10.11.2 to reach (and get return traffic) to the internet we will need double NATing ...that is acrosss the c801 & c806 routers.
Since you cannot browse, also need to ensure that we do not have domain name resolution issues. From the c801 try pinging any internet site using ip address....for eg, ping 198.133.219.25 (www.cisco.com).
As a test try connecting the PC instead of the c806 (eliminate two hops) & see if you can ping the above using ip address & domain name....This way we can narrow down where the problem lies.
Thanks, Mak.
04-02-2003 06:32 AM
Hello Mark,
thanks for your help. I was not on my desk since 3 weeks and condn´t replay you any response. I try the test an it dont works
Thanks
Alain
04-02-2003 09:48 AM
You mean you cannot ping the ip address of site (instead of using the domain name) or cannot ping when you replace the 806 with a PC (that is PC connected to the 801directly & doing single NAT).
As a test try connecting the PC instead of the c806 (eliminate two hops) & see if you can ping the above using ip address & domain name....This way we can narrow down where the problem lies.
Thanks, Mak.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide