I have a 2801 that I configured with SDM. This is my 1st Cisco router and I have been reading alot, so much I think I have Dain Bramage. Below is my config from the router, can anyone tell me what I am missing. I am trying to get it to the internet, so I can eventually setup up several VPN connections. Thanks in advance.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
2801 cannot get to internet
- Thread starter navsol
- Start date
- Thread starter
- #2
Sorry forgot to add config. It is in another post but I will add it here also.
!This is the running config of the router: 10.10.11.93
!----------------------------------------------------------------------------
!version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname navsol
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1XXXXXXXX.
!
username nXXXXl privilege 15 secret 5 $1XXXXXXX
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
!
!
ip ips po max-events 100
no ip bootp server
ip domain name navigationsolutions.com
ip name-server 64.XXX.XX.90
ip name-server 64.XXX.XXX.138
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description $FW_INSIDE$$ETH-LAN$$INTF-INFO-FE 0$
ip address 10.10.11.93 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $FW_OUTSIDE$$ETH-WAN$
ip address 68.XXX.XXX.105 255.255.255.224
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 permanent
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface FastEthernet0/1 overload
!
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.11.0 0.0.0.255
no cdp run
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end
!This is the running config of the router: 10.10.11.93
!----------------------------------------------------------------------------
!version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname navsol
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1XXXXXXXX.
!
username nXXXXl privilege 15 secret 5 $1XXXXXXX
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
!
!
ip ips po max-events 100
no ip bootp server
ip domain name navigationsolutions.com
ip name-server 64.XXX.XX.90
ip name-server 64.XXX.XXX.138
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description $FW_INSIDE$$ETH-LAN$$INTF-INFO-FE 0$
ip address 10.10.11.93 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $FW_OUTSIDE$$ETH-WAN$
ip address 68.XXX.XXX.105 255.255.255.224
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 permanent
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface FastEthernet0/1 overload
!
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.11.0 0.0.0.255
no cdp run
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end
Well router actually looks pretty good...Would change the following though:
Reads:
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 permanent
Change to next hop ip address:
ip route 0.0.0.0 0.0.0.0 68.xxx.xxx.xxx permanent
By point default route at an interface it will arp everything that passes the interface. With an ip address ip will only arp internal and external ip block only.
By the way what is this routers f0/1 ethernet port connected to?
Reads:
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 permanent
Change to next hop ip address:
ip route 0.0.0.0 0.0.0.0 68.xxx.xxx.xxx permanent
By point default route at an interface it will arp everything that passes the interface. With an ip address ip will only arp internal and external ip block only.
By the way what is this routers f0/1 ethernet port connected to?
- Thread starter
- #4
- Thread starter
- #6
- Thread starter
- #8
Did you get this router with the advanced security feature set? Just installed a 2811 a month ago...great piece of hardware. The new style T1 wics are really buggy though....went through 6 wic-1dsu-t1-v2 in order to get three that worked.
- Thread starter
- #12
- Thread starter
- #13
- Thread starter
- #15
If you can enter: in a PC browser and get google but cannot enter then you have a DNS problem.
- Thread starter
- #18
- Thread starter
- #20
- Status
Similar threads
- Locked
- Question