MarkHollings
IS-IT--Management
We currently connect to the internet using a draytek 2600 router and its starting to become quite unreliable. I am not entirely sure how it is currently configured as our ISP password protects the router.
I am off on my hols in a week or so and have purchased a Cisco 857 adsl router which I would like to configure to replace the draytek prior to my departure but I am struggling. I have managed to get the SDM software installed to the 857 and have got some way in getting it configured but I am now getting stuck.
On the network here all internet traffic passes through a Watchguard Firebox X700 and then to/from the draytek router.
I have the IP address and password from my ISP and it seems that the router connects to the ISP ok but cannot then browse the internet etc or even access the 857 when it is swapped out for the draytek.
The internal i/f on the Firebox is 192.168.1.1/24 and the external is xxx.xxx.xxx.42/29. Now this then brings in another problem. Currently the Draytek has the same xxx.xxx.xxx.41 ip address assigned to both internal and external interfaces, can I do the same on the 857 ad if so how? Currently I have set the ip 192.168.1.50 so that I can access it. I had also added a copuple of rules to allow all ip traffic, but I don't know if they are actually neccessary.
Below is the current config from the 857.
Building configuration...
Current configuration : 4051 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname wha
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$QJEL$BFpnSLR2/XNNe7ZTzEN6R.
!
no aaa new-model
!
resource policy
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
!
ip cef
no ip domain lookup
ip domain name welmede.org.uk
!
!
crypto pki trustpoint TP-self-signed-1117807241
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1117807241
revocation-check none
rsakeypair TP-self-signed-1117807241
!
!
crypto pki certificate chain TP-self-signed-1117807241
certificate self-signed 01
username admin privilege 15 secret 5 $1$J5ZT$U08sIDLXyh7QvxgdCh2j3.
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$
no snmp trap link-status
pvc 0/38
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$
ip address 192.168.1.50 255.255.255.0
ip access-group sdm_vlan1_in in
ip access-group sdm_vlan1_out out
ip tcp adjust-mss 1412
!
interface Dialer0
ip address xxx.xxx.xxx.41 255.255.255.248
ip access-group sdm_dialer0_in in
ip access-group sdm_dialer0_out out
ip mtu 1452
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxx@adsl-1.sysonline.net
ppp chap password 0 xxxxxxxxxx
ppp pap sent-username xxxxxxx@adsl-1.sysonline.net password 0 xxxxxxxxx
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip access-list extended sdm_dialer0_in
remark SDM_ACL Category=1
permit ip any any
ip access-list extended sdm_dialer0_out
remark SDM_ACL Category=1
permit ip any any
ip access-list extended sdm_vlan1_in
remark SDM_ACL Category=1
permit ip any any
ip access-list extended sdm_vlan1_out
remark SDM_ACL Category=1
permit ip any any
!
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
Can anybody advise me how to get this up and running?
Regards
Mark
I am off on my hols in a week or so and have purchased a Cisco 857 adsl router which I would like to configure to replace the draytek prior to my departure but I am struggling. I have managed to get the SDM software installed to the 857 and have got some way in getting it configured but I am now getting stuck.
On the network here all internet traffic passes through a Watchguard Firebox X700 and then to/from the draytek router.
I have the IP address and password from my ISP and it seems that the router connects to the ISP ok but cannot then browse the internet etc or even access the 857 when it is swapped out for the draytek.
The internal i/f on the Firebox is 192.168.1.1/24 and the external is xxx.xxx.xxx.42/29. Now this then brings in another problem. Currently the Draytek has the same xxx.xxx.xxx.41 ip address assigned to both internal and external interfaces, can I do the same on the 857 ad if so how? Currently I have set the ip 192.168.1.50 so that I can access it. I had also added a copuple of rules to allow all ip traffic, but I don't know if they are actually neccessary.
Below is the current config from the 857.
Building configuration...
Current configuration : 4051 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname wha
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$QJEL$BFpnSLR2/XNNe7ZTzEN6R.
!
no aaa new-model
!
resource policy
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
!
ip cef
no ip domain lookup
ip domain name welmede.org.uk
!
!
crypto pki trustpoint TP-self-signed-1117807241
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1117807241
revocation-check none
rsakeypair TP-self-signed-1117807241
!
!
crypto pki certificate chain TP-self-signed-1117807241
certificate self-signed 01
username admin privilege 15 secret 5 $1$J5ZT$U08sIDLXyh7QvxgdCh2j3.
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$
no snmp trap link-status
pvc 0/38
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$
ip address 192.168.1.50 255.255.255.0
ip access-group sdm_vlan1_in in
ip access-group sdm_vlan1_out out
ip tcp adjust-mss 1412
!
interface Dialer0
ip address xxx.xxx.xxx.41 255.255.255.248
ip access-group sdm_dialer0_in in
ip access-group sdm_dialer0_out out
ip mtu 1452
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxx@adsl-1.sysonline.net
ppp chap password 0 xxxxxxxxxx
ppp pap sent-username xxxxxxx@adsl-1.sysonline.net password 0 xxxxxxxxx
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip access-list extended sdm_dialer0_in
remark SDM_ACL Category=1
permit ip any any
ip access-list extended sdm_dialer0_out
remark SDM_ACL Category=1
permit ip any any
ip access-list extended sdm_vlan1_in
remark SDM_ACL Category=1
permit ip any any
ip access-list extended sdm_vlan1_out
remark SDM_ACL Category=1
permit ip any any
!
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner login ^CAuthorized access only! Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
Can anybody advise me how to get this up and running?
Regards
Mark