Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DSL on Cisco 1811W 3

Status
Not open for further replies.

CBRRyda

Technical User
Jul 12, 2007
11
I ordered and installed DSL at my office location, as a backup to our existing T1 WAN connection. I have setup, configured, and tested the DSL connection, it works. Our T1 access is connected to my router's FE0 port, the DSL is connected to the FE1 port, as a DSL Ethernet handoff.

I have configured the LAN side of the DSL router to be 10.10.10.1\24 and the FE1 port to be 10.10.10.2\24. I have added ip route {all} {all} 10.10.10.1 255 to the Cisco.

Now, I can ping 10.10.10.1 and .2 from the router, and ping .2 from a pc on my local network. However, from a pc on the local network, I cannot ping .1. The Cisco route table shows the 10.10.10.0 network as directly connected to FE1.

Question, why can't I ping the .1 address from the local network? What am I missing from the config? Any suggestions....

Thank you in advance.

Regards,

CBR
 
One more question,

Can you add a second Cisco config line:

ip nat inside soure list 10 interface FastEthernet1 overload

Without the second line interfering with the existing equivalent line but on FE0 for NAT\PAT?

Thanks Again.

CBR
 
If the dsl line is for backup, I imagine the config reflects this...can you ping it if you unplug the T1 briefly? Please post a "sh run".

Burt
 
Thanks Burt,

I'll have to try the unplug T1 access after hours and see what happens then. I'll let you know.
 
so your FE1 has "ip nat outside" on it?
and your lan subnet is permitted in your access-list 10?

 
Instead of us taking a stab in the dark at your issue, you should post a sanitized version of your configuration.
 
Ok All, sanitized version of config below:

------------------------
cisco1811w#sh run
Building configuration...

Current configuration : 7003 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname cisco1811w
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$MOTD$iVanoM/oULBhtoh6iNMQg0
enable password 7 1419171F2C0027222A
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authentication ppp default local
aaa authorization network groupauthor local
!
aaa session-id common
!
resource policy
!
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.13.1 192.168.13.50
!
ip dhcp pool dynamic-pool
network 192.168.13.0 255.255.255.0
default-router 192.168.13.4
domain-name
dns-server 192.168.12.70
!
!
no ip domain lookup
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
!
!
!

username
username
!
!
!
crypto isakmp policy 3
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group
key
dns 192.168.12.70
domain
pool vpnpool
include-local-lan
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 1
set transform-set ESP-3DES-SHA
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 1 ipsec-isakmp dynamic dynmap
!
bridge irb
!
!
!
interface FastEthernet0
description WAN Port
ip address
no ip redirects
no ip unreachables
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map clientmap
!
interface FastEthernet1
description WAN Port 2
ip address 10.10.10.2 255.255.255.0
no ip redirects
no ip unreachables
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
!
interface FastEthernet2
description Trunk to 2960 (11.9)
switchport mode trunk
duplex full
speed 100
!
interface FastEthernet3
description Trunk to 2960 (11.10)
switchport mode trunk
duplex full
speed 100
!
interface FastEthernet4
switchport access vlan 11
!
interface FastEthernet5
switchport access vlan 11
!
interface FastEthernet6
switchport access vlan 12
!
interface FastEthernet7
switchport access vlan 12
!
interface FastEthernet8
switchport access vlan 12
!
interface FastEthernet9
switchport access vlan 12
!
interface Dot11Radio0
description Wireless G Radio Interface
no ip address
!
encryption mode ciphers tkip
!
ssid
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 010403005F020808234942050A
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
description Wireless A Radio Interface
no ip address
shutdown
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
!
interface Virtual-Template1
description VPN PPTP Virtual Interface
ip unnumbered FastEthernet0
peer default ip address pool vpnpool
no keepalive
ppp encrypt mppe auto
ppp authentication pap chap ms-chap
!
interface Vlan1
no ip address
!
interface Vlan11
description Users vLAN
ip address 192.168.11.4 255.255.255.0
ip helper-address 192.168.12.70
no ip unreachables
ip directed-broadcast
ip nat inside
ip virtual-reassembly
!
interface Vlan12
description Servers vLAN
ip address 192.168.12.4 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
!
interface Async1
description Internal Modem Interface
no ip address
encapsulation slip
!
interface BVI1
description Wireless G Bridge Interface
ip address 192.168.13.4 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip local pool vpnpool 192.168.14.51 192.168.14.254
ip route 0.0.0.0 0.0.0.0 gatewayaddressonFE0
ip route 0.0.0.0 0.0.0.0 10.10.10.1 255
!
!
ip http server
ip http secure-server

ip nat inside source list 10 interface FastEthernet0 overload

!
access-list 10 permit 192.168.11.0 0.0.0.255
access-list 10 permit 192.168.12.0 0.0.0.255
access-list 10 permit 192.168.13.0 0.0.0.255
access-list 100 deny ip any host 192.168.11.4
access-list 100 deny ip any host 192.168.12.4
access-list 100 deny ip any host 192.168.13.4
access-list 100 permit ip any any
access-list 101 permit ip any any
!
!
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
password 7 070124586E0D140C19
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
password 7 082F495A291D081E1C
line vty 5 193
password 7 04550E122F25414707
!
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end

cisco1811w#
------------------------

Thanks for your help.
 
You need to add


ip nat inside source list 10 interface FastEthernet1 overload
 
Thanks brianinms and burt;

brianinms, when I try to add the second (ip nat inside) to the config, I get the following error:

"%Dynamic mapping in use, cannot change"

burt, what commands should I use to encrypt the telnet, enable, and console passwords?

Thanks All.
 
You can't really encrypt the passwords in the configuration---this is all I was talking about, when posting your config in here, for instance (use "x"'s instead of the password).
You could prevent the line from being sniffed by VPN'ing into the router, or you could prevent unauthorized access by creating an access list, and applying it to aux, line con 0 (console) and vty 0 4 (virtual terminal) lines by using the keywords "ip access-class".

Burt
 
Hello
The problem in wrote in your first post doesn't correspond con your config.I don't see the 10.10.10.1\24 network on your LAN side.Please clarify.
Regards
 
hey minue... the 10.10.10.1 is on the lan interface of his DSL router..


so it goes LAN - CISCO - DSL ROUTER...


try
just change the xxxx to whatever your wan ip is and the yy is for the whatever mask that should be assigned to it.

ip nat pool WAN1 XXXX XXXX prefix-length YY
ip nat pool WAN2 10.10.10.2 10.10.10.2 prefix-length 24
no ip nat inside source list 10 interface FastEthernet0 overload

ip nat inside source list 10 pool WAN1 overload
ip nat inside source list 10 pool WAN2 overload
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top