Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Need Help Configuring Cisco 806 Router

Status
Not open for further replies.
baldhead

baldhead

Technical User
Apr 27, 2004
111
US
I own a cisco 806 router and I need some help getting it up and running. I have it connected to a DSL modem and basically just need help with making it my default gateway firewall. here's my configuration. I have a feeling that it's something simple but I'm new to Cisco programming. remeber that some of the lines wrap. Any insight would be appreciated.

thanks

!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Cisco806
!
enable secret 5 $00984jklaj;d09823r;lkjaadf
!
ip subnet-zero
ip name-server 217.19.223.25
ip name-server 217.19.223.26
!
!
!
!
interface Ethernet0
description Private LAN
ip address 192.168.0.6 255.255.255.0
ip access-group 1 out
ip nat inside
no cdp enable
hold-queue 100 out
!
interface Ethernet1
description Public WAN
ip address 207.225.205.163 255.255.255.0
ip access-group 100 in
ip nat outside
no cdp enable
!
ip nat inside source static tcp 192.168.0.7 4000 207.225.206.163 4000 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 207.225.205.1
no ip http server
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark Denying Exploitable Protocols
access-list 100 deny tcp any host 207.225.205.163 eq finger
access-list 100 deny tcp any host 207.225.205.163 eq telnet
access-list 100 deny tcp any host 207.225.205.163 eq echo
access-list 100 deny tcp any host 207.225.205.163 eq discard
access-list 100 deny tcp any host 207.225.205.163 eq chargen
access-list 100 deny tcp any host 207.225.205.163 eq daytime
no cdp run
!
line con 0
exec-timeout 5 0
password 7 01180F055609090871
login
notify
stopbits 1
line vty 0 4
exec-timeout 5 0
password 7 12120C161F0903037A
login
notify
transport input telnet
!
scheduler max-task-time 5000
end
 
Sort by date Sort by votes
A few things I forgot to mention. I've tried to ping the router's external gateway on 207.225.205.1 and I can't get a reply.
 
Upvote 0 Downvote
First, dont ever post your password lines on a public board, I suggest you change those passwords asap.

The problem seems to be that your access-list 100 doesnt contain any permit statements at all, meaning no traffic can pass in on Ethernet 1.

Try to add .
access-list 100 permit ip any any

This will make all packets not matched on access-list 100 to be accepted.
 
Upvote 0 Downvote
Also you havent enabled nat.
ip nat inside source list 1 interface Ethernet1 overload
should do it.
 
Upvote 0 Downvote
the password that is encrypted above is one that I just randomly typed characters into. This isn't actually my encrypted password. thanks I appreciate all the advice and will try to implement this.
 
Upvote 0 Downvote
OK, I implemented the lines you guys told me and I can now ping out to google.com from the router but I'm thinking that NAT is still not working. I can't ping google from a workstation within but can ping the routers internal IP just fine. I've made sure that the workstation is pointing to the correct external DNS servers as well. Thanks a lot your help.

New Configuration File

!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Cisco806
!
enable secret 5 $00984jklaj;d09823r;lkjaadf
!
ip subnet-zero
ip name-server 217.19.223.25
ip name-server 217.19.223.26
!
!
!
!
interface Ethernet0
description Private LAN
ip address 192.168.0.6 255.255.255.0
ip access-group 1 out
ip nat inside
no cdp enable
hold-queue 100 out
!
interface Ethernet1
description Public WAN
ip address 207.225.205.163 255.255.255.0
ip access-group 100 in
ip nat outside
no cdp enable
!
ip nat inside source list 1 interface Ethernet1 overload
ip nat inside source static tcp 192.168.0.7 4000 207.225.206.163 4000 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 207.225.205.1
no ip http server
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark Denying Exploitable Protocols
access-list 100 deny tcp any host 207.225.205.163 eq finger
access-list 100 deny tcp any host 207.225.205.163 eq telnet
access-list 100 deny tcp any host 207.225.205.163 eq echo
access-list 100 deny tcp any host 207.225.205.163 eq discard
access-list 100 deny tcp any host 207.225.205.163 eq chargen
access-list 100 deny tcp any host 207.225.205.163 eq daytime
access-list 100 permit ip any any
no cdp run
!
line con 0
exec-timeout 5 0
password 7 01180F055609090871
login
notify
stopbits 1
line vty 0 4
exec-timeout 5 0
password 7 12120C161F0903037A
login
notify
transport input telnet
!
scheduler max-task-time 5000
end

 
Upvote 0 Downvote
any idea how I can get my internal workstations to access the Internet?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
206
Jared R
Jared R
pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
224
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
207
madwok
madwok
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
210
Hayden09
Hayden09
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
267
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top