BrizoH
17-Aug-2009, 03:44 PM
Hi everyone
I'm having a bit of a problem with a Cisco 877 router - I can't seem to get NAT working at all.
The router is connected to ADSL fine, I can ping IP addresses from the router itself with no problem - however I'm having no joy trying to ping external IP's using an internal address
We're replacing our current 837 routers with 877 - but the config I'm using on 837's won't play nice.
I'm sure there's something obvious I'm missing but if any one can offer advice it would be appreciated - config below
Current configuration : 2954 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ROUTER
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$fx3I$1M5hOFMj7MwQDWR1dobNc.
!
no aaa new-model
memory-size iomem 25
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
!
!
dot11 syslog
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.5.1 192.168.5.149
ip dhcp excluded-address 192.168.5.201 192.168.5.254
!
ip dhcp pool sdm-pool1
import all
network 192.168.5.0 255.255.255.0
dns-server 192.168.5.101
default-router 192.168.5.254
domain-name testdomain.co.uk
!
!
no ip bootp server
ip domain name testdomain.co.uk
ip name-server 192.168.5.101
!
!
!
username username privilege 15 secret 5
$1$OqdQ$gJyTNfIieCWBpcvXr2qAI/
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip nat outside
ip virtual-reassembly
pvc 0/38
oam-pvc manage
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.5.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Dialer0
ip address 1.2.3.4 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname pppuser@pppdomain
ppp chap password 7 ppppassword
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 101 interface Dialer0 overload
!
logging trap debugging
access-list 101 permit ip 192.168.5.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
!
!
!
control-plane
!
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
I'm having a bit of a problem with a Cisco 877 router - I can't seem to get NAT working at all.
The router is connected to ADSL fine, I can ping IP addresses from the router itself with no problem - however I'm having no joy trying to ping external IP's using an internal address
We're replacing our current 837 routers with 877 - but the config I'm using on 837's won't play nice.
I'm sure there's something obvious I'm missing but if any one can offer advice it would be appreciated - config below
Current configuration : 2954 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ROUTER
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$fx3I$1M5hOFMj7MwQDWR1dobNc.
!
no aaa new-model
memory-size iomem 25
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
!
!
dot11 syslog
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.5.1 192.168.5.149
ip dhcp excluded-address 192.168.5.201 192.168.5.254
!
ip dhcp pool sdm-pool1
import all
network 192.168.5.0 255.255.255.0
dns-server 192.168.5.101
default-router 192.168.5.254
domain-name testdomain.co.uk
!
!
no ip bootp server
ip domain name testdomain.co.uk
ip name-server 192.168.5.101
!
!
!
username username privilege 15 secret 5
$1$OqdQ$gJyTNfIieCWBpcvXr2qAI/
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
ip nat outside
ip virtual-reassembly
pvc 0/38
oam-pvc manage
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.5.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Dialer0
ip address 1.2.3.4 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname pppuser@pppdomain
ppp chap password 7 ppppassword
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 101 interface Dialer0 overload
!
logging trap debugging
access-list 101 permit ip 192.168.5.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
!
!
!
control-plane
!
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end