cisco 831 - lost ability to use SDM to configure NAT

[tokenwest]

Hi All-
I am a newbie on cisco 831...I've spent days combing the forums and have finally got the router doing basic service via some cli and SDM Express (SDM). I now need to set up NAT port forwarding however I can't do it via SDM because I think when I did some cli configuring I configured some NAT. What do I need to do to re-enable SDM to control NAT config - Here is my config...

Using 2670 out of 131072 bytes
!
! Last configuration change at 13:07:59 PCTime Sat Aug 28 2010
! NVRAM config last updated at 13:08:02 PCTime Sat Aug 28 2010
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname bwsannex
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$HOpq$R1E9LonGX/6UwZNycs1fA1
enable password garfield
!
username admin privilege 15 secret 5 $1$PvwS$rTxDq4P63L5EU00WfI.Iu.
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no aaa new-model
ip subnet-zero
no ip source-route
no ip routing
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.151 192.168.1.254
!
ip dhcp pool DHCPpoolLan_0
network 10.0.0.0 255.255.255.0
dns-server 192.168.1.100
netbios-name-server 10.1.1.2 10.1.1.3
default-router 10.1.1.1
!
ip dhcp pool bwsannex
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
!
no ip domain lookup
ip ips po max-events 100
no ftp-server write-enable
!

no ip route-cache
duplex auto
no cdp enable
!

no ip route-cache
duplex auto
no cdp enable
!
!
!
!
!
!
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
no cdp enable
!
interface Ethernet1
description internet$ES_WAN$
ip address dhcp
no ip redirects
ip nat outside
ip virtual-reassembly
no ip route-cache
duplex auto
no cdp enable
!interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex full
speed 100
!
interface FastEthernet3
no ip address
duplex full
speed 100
!
interface FastEthernet4
no ip address
duplex full
speed 100
!
ip classless
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
ip nat inside source list 1 interface Ethernet1 overload
ip nat inside source list 100 interface Ethernet1 overload
ip nat inside source static tcp 192.168.1.100 1600 interface Ethernet1 1600
ip nat inside source static tcp 192.168.1.100 900 interface Ethernet1 900
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark SDM_ACL Category=2
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 deny tcp any 192.168.1.0 0.0.0.255
access-list 101 permit ip any any
snmp-server community public RO
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
privilege level 15
password sra48192
login local
transport preferred all
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
end

thank you for you help!

best-

scott

 

[unclerico]

how are you connecting to the 831?? do you have a switch connected to e0 and you're plugging in there??

on a side note, i see two other things that will cause problems:
1) no default route configured
2) ip routing is turned off

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[tokenwest]

thanks for responding so quickly.

currently I am connecting via console cable and also via fastethernet1. Access to SDM works however I cannot configure NAT.

final set up will be:

cable modem --> cisco 831 router -->cisco switch

devices on network connected to router and switch:

cisco 1232a/g access point
hp jetdirect printer
security dvr
access control module (for brick and mortar access control)

purpose of setup - provide 18-20 clients with wireless internet access. To have remote access to security dvr and access control module via port forwarding. To use SDM to manage the network.

thanks-

scott

 

[tokenwest]

i've got the 831 working, here are a couple issues I'm encountering

1) there seems to be a long (2-7 second) when going to a website - once the web site is loaded then navigating it is pretty speedy but once going to another web site get's very slow on initial load ... I am changing my default-gateway to no default-gateway (had it set incorrectly from a previous config attempt)

2) telnet into router is really slow

(note: i have given up on SDM Express...)

3) Does DDNS reliably work with 831 running ios 123-11.T3 and if so, how do I configure the router to update ddns.

thanks for your help before, I put the missing config lines in and all worked swell.

best-
scott

 

[tokenwest]

here's my current config:

Using 2589 out of 131072 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname bwsannex
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$HOpq$R1E9LonGX/6UwZNycs1fA1
enable password garfield
!
username admin privilege 15 secret 5 $1$PvwS$rTxDq4P63L5EU00WfI.Iu.
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no aaa new-model
ip subnet-zero
no ip source-route
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.100
ip dhcp excluded-address 192.168.1.152 192.168.1.254
!
ip dhcp pool bwsannex
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 209.18.47.61 209.18.47.62
!
!
ip name-server 209.18.67.41
ip name-server 209.18.67.42
ip ips po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no cdp enable
!
interface Ethernet1
description internet$ES_WAN$
mac-address 0011.bbbd.769a
ip address dhcp
no ip redirects
ip nat outside
ip virtual-reassembly
duplex auto
no cdp enable
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex full
speed 100
!
interface FastEthernet3
no ip address
duplex full
speed 100
!
interface FastEthernet4
no ip address
duplex full
speed 100
!
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet1
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
ip nat inside source list 1 interface Ethernet1 overload
ip nat inside source list 100 interface Ethernet1 overload
ip nat inside source static tcp 192.168.1.100 900 interface Ethernet1 900
ip nat inside source static tcp 192.168.1.100 1600 interface Ethernet1 1600
ip nat inside source static tcp 192.168.1.107 9997 interface Ethernet1 9997
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark SDM_ACL Category=2
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 deny tcp any 192.168.1.0 0.0.0.255
access-list 101 permit ip any any
snmp-server community public RO
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
privilege level 15
password sra48192
login local
transport preferred all
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
end

 

[imbadatthis]

first part sounds like dns issues. try changing your dns to 4.2.2.2 and see if that makes a diff, if not there is a delay somewhere..

take off the ip virtual-reassembly , it takes up CPU bw.

We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

 

[tokenwest]

Update - got the 831 router running (no dyndns yet) and added the 1232ag access point with wpa2 passkey enabled.

Still running very slow on initial page loads - any ideas on where the delay could be...i'm pretty sure it is a dns thing - like it is doing extra work to translate web addresses - here's the question - should the dns be configured on the dhcp pool as well as on the ip? I'm using time warner dns - i did switch it to 8.8.8.8 (googles public dns) for a test (only because 4.2.2.2 is owned by Level 3 and no longer public - legally anyway)

on IBATs rec I took out the virtual-reassembly to reduce CPU.

I have another 800 series router and am going to check it's configuration because we don't have any problems with that one - i used CWRS to configure that one.

thank you for your advice - getting desperate to speed up the page loads.

best-
scott

 

[imbadatthis]

Try:
interface Ethernet1
no ip virtual-assembly
no ip proxy-arp




We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.