Cisco Support Community
Community Member

Need help setting up 871 router with AT&T DSL

I've never setup a DSL connection before so I'm looking for help on things I may have missed. If you see anything in my config, let me know. I'm not sure about my NAT commands.

DSL modem is

Cisco 871 router is

LAN DC server is Windows 2003 with Exchange running DNS and DHCP is

I have 5 static IP's. I have assigned as a 1 to 1 map to for mail and owa.


ALG_Cisco871#sh run
Building configuration...

Current configuration : 6317 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname ALG_Cisco871
no logging buffered
enable secret 5 $1$ZxY3$IJq9bqeAy1ddT0Ks2FFr0.
no aaa new-model
crypto pki trustpoint TP-self-signed-2220508610
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2220508610
revocation-check none
rsakeypair TP-self-signed-2220508610
crypto pki certificate chain TP-self-signed-2220508610
certificate self-signed 01
  30820255 308201BE A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32323230 35303836 3130301E 170D3032 30343134 30363530
  34305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 32323035
  30383631 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100C9AC 712BE21C 61911CF0 78DE6A5D 97D8ACE1 7DC17176 17C0BA36 2B346011
  13CF7B7D 93304D78 D8454912 0E31DD53 AD6DEE11 82E60557 1FA64C29 FC5E81BA
  041AD861 6168B6B2 D8107DA3 104936EF 41CEFD33 CC3B344A EF52DFDF 5B030338
  60CA35D3 9E39AF96 850519F6 D949459B 809D3777 BD2B1045 352595D7 403821BC
  55F50203 010001A3 7D307B30 0F060355 1D130101 FF040530 030101FF 30280603
  551D1104 21301F82 1D414C47 5F436973 636F3837 312E616C 6C616E6C 61777063
  2E6C6F63 616C301F 0603551D 23041830 168014A0 738EF2B8 A53C25EF C381B9F2
  08DBF635 A1B64C30 1D060355 1D0E0416 0414A073 8EF2B8A5 3C25EFC3 81B9F208
  DBF635A1 B64C300D 06092A86 4886F70D 01010405 00038181 004856EA 49A651CA
  F08CB241 0500D250 51ADF26C EEB8D667 00060795 C50C3911 DAD380A9 0A88A75B
  AB432817 EF8775BD 3C68561B 201157ED 1A920708 67C49DAC DB69A470 212A3474
  C8BD0D5A C243D871 31386534 8754785A D17C32EE 2FE2D3DA F3249596 80B0A325
  455EEC06 3FB80579 D72C9E24 7FE0FC1D 4D3B5C7B 5CD11CAB 0C
dot11 syslog
ip cef
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip domain lookup
ip domain name allanlawpc.local
vpdn enable
vpdn-group 1
  protocol pppoe
log config
class-map type inspect match-all sdm-nat-http-1
match access-group 101
match protocol http
class-map type inspect match-all sdm-nat-smtp-1
match access-group 102
match protocol smtp
class-map type inspect match-any sdm-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-insp-traffic
match class-map sdm-cls-insp-traffic
class-map type inspect match-any SDM-Voice-permit
match protocol h323
match protocol skinny
match protocol sip
class-map type inspect match-any sdm-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-icmp-access
match class-map sdm-cls-icmp-access
class-map type inspect match-all sdm-invalid-src
match access-group 100
class-map type inspect match-all sdm-protocol-http
match protocol http
policy-map type inspect sdm-permit-icmpreply
class type inspect sdm-icmp-access
class class-default
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-nat-http-1
class type inspect sdm-nat-smtp-1
class class-default
policy-map type inspect sdm-inspect
class type inspect sdm-invalid-src
  drop log
class type inspect sdm-insp-traffic
class type inspect sdm-protocol-http
class type inspect SDM-Voice-permit
class class-default
policy-map type inspect sdm-permit
class class-default
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-self-out source self destination out-zone
service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside-1
zone-pair security sdm-zp-out-self source out-zone destination self
service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
service-policy type inspect sdm-inspect
interface Loopback0
ip address
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
description outside
no ip address
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface Vlan1
description $FW_INSIDE$
ip address
ip nat inside
ip virtual-reassembly
zone-member security in-zone
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
zone-member security out-zone
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap
ip forward-protocol nd
ip route Dialer0 permanent
no ip http server
ip http secure-server
ip nat pool 1 netmask
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 25 25 extendable
ip nat inside source static tcp 80 80 extendable
access-list 1 remark SDM_ACL Category=18
access-list 1 permit
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host any
access-list 100 permit ip any
access-list 101 remark SDM_ACL Category=0
access-list 101 permit ip any host
access-list 102 remark SDM_ACL Category=0
access-list 102 permit ip any host
dialer-list 1 protocol ip permit
line con 0
password 7 14141B180F0B
no modem enable
line aux 0
line vty 0 4
password 7 0822455D0A16
scheduler max-task-time 5000

Cisco Employee

Re: Need help setting up 871 router with AT&T DSL

As far as the NAT configuration, it looks good.  The only extra command you have is "ip nat pool 1 netmask"  It is unnecessary.  The rest of the NAT configuration will translate your server from to for SMTP (TCP 25) and HTTP (TCP 80).  So external users on the internet can use to access your server for that type of traffic.  All other traffic from this server and your LAN will be translated to the IP address on the Dialer interface.  If you have questions about the DSL part, I'll let others comment.


CreatePlease to create content