cisco 857 configuration

[phidias]

Hi i hope there is somebody who can take a look at this configuration of a Cisco Router 857 and tell me where is the mistake. I managed to get connected to the dsl line, meaning i received the DNS servers and IP automatically from the ISP but i can't ping outside, i don't have internet on my local network.

Building configuration...

Current configuration : 5940 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname TEST
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$HhC4$DQeQurMkLGFAidjyXzqul/
!
no aaa new-model
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-1984768014
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1984768014
revocation-check none
rsakeypair TP-self-signed-1984768014
!
!
crypto pki certificate chain TP-self-signed-1984768014
certificate self-signed 01
30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31393834 37363830 3134301E 170D3032 30333031 30383031
32345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 39383437
36383031 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BF90 46E2657C ED3A3C8B 212982D7 003928B5 F6996ECB 912BDA36 F3AA502D
40B4FCB9 4AC16FBD 81607E79 15E7B645 D7D12138 A4DBB51A 99DBCCE4 0A5D3909
F2873C03 2722160B 37CD1753 5593FCD9 AB01964D 3CAF41BF AB5CD0F8 BCDD4DF5
CFB00FB7 777C4C04 B2DA582D 28983C76 D557D8C0 17E2C624 01308547 E4ABCF85
97F50203 010001A3 79307730 0F060355 1D130101 FF040530 030101FF 30240603
551D1104 1D301B82 19706861 726D6368 656D2E70 6861726D 6368656D 2E636F2E
756B301F 0603551D 23041830 168014D6 638242D5 EEAE00A4 C3516D48 25A21B7A
0584A230 1D060355 1D0E0416 0414D663 8242D5EE AE00A4C3 516D4825 A21B7A05
84A2300D 06092A86 4886F70D 01010405 00038181 004AF457 EE5E7588 90C3777E
E666C0AE 93FF7261 83852E61 725BDB21 DA6E9DF1 9CFFA72C AB6FB850 BFBCD2AF
8BB68C2D 7BB55276 409C034C 15E0BEC9 832B65A3 30243E62 ADEBBAD1 E7DF0871
8AB5CF74 0F5D4B35 9F84E603 F1190E26 2FCAE8FB 27E946BE F02F590A B61A678C
09F92375 2BA804C6 B647EC55 BFAAD26A D04451DD F2
quit
dot11 syslog
no ip source-route
!
!
ip cef
no ip bootp server
ip domain name test.co.uk
!
!
!
username cisco857 privilege 15 secret 5 $1$1EbA$RXrUFucWHprvvX46YejU40
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface ATM0
description British Telecom - BT
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache policy
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip nat outside
ip virtual-reassembly
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description LAN ip static retea
ip address 80.138.81.181 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache same-interface
ip route-cache policy
ip route-cache flow
ip tcp adjust-mss 1452
hold-queue 100 in
hold-queue 100 out
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache policy
ip route-cache flow
dialer pool 1
dialer idle-timeout 0
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname username@BT
ppp chap password 7 passBT
ppp pap sent-username username@BT password 7 passBT
ppp ipcp dns request
ppp ipcp mask request
ppp ipcp route default
ppp ipcp address accept
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface ATM0.1 overload
!
ip access-list standard ACL_DIALER0_OUT
remark CCP_ACL Category=1
permit any
!
ip access-list extended ACL_DIALER0_IN
remark DHCP
remark CCP_ACL Category=16
permit udp any any eq bootpc
permit udp any any eq bootps
!
logging trap debugging
access-list 1 permit 0.0.0.0
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 80.138.81.180 0.0.0.7
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
transport output none
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

 

[burtsbees]

You should not/do not need to NAT if you have public ip address on the LAN.

Take out all NAT statements (ip nat inside, ip nat outside, ip nat inside source list 1.).

Also, if you were to NAT, you would overload on the dialer interface, not the ATM subinterface. Also, IMHO, it is always best to use a route-map pointing to an extended acl, or at least use an extended acl for granularity. This is especialy useful for a VPN configuration, which your router supports.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[phidias]

i managed to ping from the router to outside, but from local network i can't access the internet, the configuration of the PC conected : IP - same class as the router Vlan1
Mask - same mask as Vlan1
Gateway - IP of Vlan1

 

[phidias]

This is a BT Business Class Service. I have 5 static IP, one used for router and other 4 for internal devices.

Router#traceroute 217.37.85.211

Type escape sequence to abort.
Tracing the route to host217-37-85-211.in-addr.btopenworld.com (217.37.85.211)

1 host81-134-64-1.in-addr.btopenworld.com (81.134.64.1) 28 msec 32 msec 28 mse
c
2 213.120.182.141 32 msec 32 msec 28 msec
3 213.120.161.82 32 msec 28 msec 28 msec
4 217.41.222.30 32 msec 32 msec 28 msec
5 217.41.222.161 32 msec 32 msec 28 msec
6 213.120.161.81 32 msec 28 msec 32 msec
7 213.120.182.132 28 msec 32 msec 36 msec
8 host81-130-104-119.in-addr.btopenworld.com (81.130.104.119) 56 msec 52 msec
52 msec
9 host81-130-104-119.in-addr.btopenworld.com (81.130.104.119) 56 msec 60 msec
52 msec
10 host217-37-85-211.in-addr.btopenworld.com (217.37.85.211) 56 msec 56 msec 60
msec

-interface of the Dialer0

Router#show int Dialer0
Dialer0 is up, line protocol is up (spoofing)
Hardware is Unknown
Internet address is 81.134.93.192/32
MTU 1500 bytes, BW 56 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 1 seconds on reset
Interface is bound to Vi2
Last input never, output never, output hang never
Last clearing of "show interface" counters 00:15:44
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/16 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 42 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
505 packets input, 43688 bytes
276 packets output, 8525 bytes
Bound to:
Virtual-Access2 is up, line protocol is up
Hardware is Virtual Access interface
MTU 1500 bytes, BW 1083 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP
PPPoATM vaccess, cloned from Dialer0
Vaccess status 0x44
Bound to ATM0.1 VCD: 1, VPI: 0, VCI: 38, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 5 seconds on reset
Interface is bound to Di0 (Encapsulation PPP)
Last input 00:00:02, output never, output hang never
Last clearing of "show interface" counters 00:13:11
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
532 packets input, 44256 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
298 packets output, 9085 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions

ROUTER CONFIGURATION

Router#show conf
Using 4225 out of 131072 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname XXXXX
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$HhC4$DQeQurMkLGFAidjyXzqul/
!
no aaa new-model
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-1984768014
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1984768014
revocation-check none
rsakeypair TP-self-signed-1984768014
!
!
crypto pki certificate chain TP-self-signed-1984768014
certificate self-signed 01 nvram:IOS-Self-Sig#9.cer
dot11 syslog
no ip source-route
!
!
ip cef
no ip bootp server
ip domain name XXXXX
ip name-server 194.72.9.34
ip name-server 194.72.0.98
!
!
!
username cisco857 privilege 15 secret 5 $1$1EbA$RXrUFucWHprvvX46YejU40
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface ATM0
description British Telecom - BT
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache policy
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!

 

[burtsbees]

Whoops---the entire config did not post there...can you repost?

Are you still trying to NAT? You have no private rfc1918 addresses anywhere, so there is no need for translation---this is just like in the old days before people started using NAT---they would have their dialer or computers all at the edge, all with public IP addresses, and thus all able to just get out without translations. You are trying to translate one address to another in the same subnet, both public ip addresses---that will NOT work!

Again, get rid of ALL nAT, and you should be good...

I assume you have servers connected to the fa ports all with public ip addresses, right?

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[phidias]

Yes some internal devices has public address.
I removed all NAT statements stil not able to access internet.

Router#show conf
Using 4253 out of 131072 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname XXXXX
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$HhC4$DQeQurMkLGFAidjyXzqul/
!
no aaa new-model
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-1984768014
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1984768014
revocation-check none
rsakeypair TP-self-signed-1984768014
!
!
crypto pki certificate chain TP-self-signed-1984768014
certificate self-signed 01 nvram:IOS-Self-Sig#9.cer
dot11 syslog
no ip source-route
!
!
ip cef
no ip bootp server
ip domain name XXXXX
ip name-server 194.72.9.34
ip name-server 194.72.0.98
!
!
!
username cisco857 privilege 15 secret 5 $1$1EbA$RXrUFucWHprvvX46YejU40
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface ATM0
description British Telecom - BT
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache policy
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip virtual-reassembly
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description LAN ip static retea
ip address 217.46.201.46 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
ip route-cache same-interface
ip route-cache policy
ip route-cache flow
ip tcp adjust-mss 1452
hold-queue 100 in
hold-queue 100 out
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip virtual-reassembly
encapsulation ppp
ip route-cache policy
ip route-cache flow
dialer pool 1
dialer idle-timeout 0
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname user@BT
ppp chap password 7 passBT
ppp pap sent-username user@BT password 7 passBT
ppp ipcp dns request
ppp ipcp mask request
ppp ipcp route default
ppp ipcp address accept
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
logging trap debugging
access-list 1 permit any
access-list 1 permit 217.46.201.40 0.0.0.7
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
transport output none
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

 

[Viconsul]

Hi,

Firstly, If you've been provided static ip(s), then you don't need to use ip negotiate on you dialer interface.
Secondly, if you been given /29 mask then you have six useable ip addresses, 1st = subnet address, then six host addresses, then last = broadcast address.
Also, you would have been told to assign one of the host addresses to your router, usually the first useable host address or the last host address is preferred i.e last octet 41 or 46.
Then, get rid of the atm0.1 sub interface and move the dialer pool-member, pvc and encapsulation config to atm0.
Lastly, your int di0 needs to use ip unnumbered vlan1 instead of ip negotiated.

 

[phidias]

i removed ip negotiate and added ip unnumbered Vlan1 ... next can you tell me how to remove atm0.1 is it with shutdown in his config ?

 

[Viconsul]

no interface ATM0.1 point-to-point

 

[phidias]

viconsul i did like you told me and it's the same, i have internet connection on the router but still from local LAN no internet connection

 

[Viconsul]

When you say no internet on the local lan how are you connecting from the local lan? Remember you will need to assign one of your public ip addresses to a computer connected to your local lan and you. Its time to post your new config.