We have replaced a D-Link router with a cisco 1711 to be used for a VPN link
I have very little knowledge on cisco routers and the cisco IOS - so any help you guys can give will be much appreciated and I have attached the config of the 1711 at the bottom of this message
I want the LAN interface to be a DHCP server offering addresses to attached clients in the range of 192.168.200.100 to 192.168.200.254.
We currently have the WAN interface set up to be a DHCP client to obtain an address from our ISP.
Eventually, we will need to set up the VPN tunnel, but for right now I just want to replace the D-Link to make sure everything works.
Most of this seems to work OK although the router is not passing any traffic. It can see the Internet over the WAN (I can ping well-known addresses on the Internet side, but two problems show up:
No routing of traffic off the LAN to the Internet
Name services don't seem to be working
Current configuration : 2573 bytes
!
! No configuration change since last restart
!
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname guice_hq_rt01
!
security authentication failure rate 3 log
security passwords min-length 6
logging queue-limit 100
logging buffered 51200 debugging
logging console critical
enable secret XXXXXXXXX
!
username XXXXXXXX privilege 15 password 7 XXXXXXXX
clock timezone PCTimeZone -5
ip subnet-zero
no ip source-route
!
!
ip tcp synwait-time 10
no ip domain lookup
ip dhcp excluded-address 192.168.200.1 192.168.200.99
!
ip dhcp pool sdm-pool1
network 192.168.200.0 255.255.255.0
default-router 192.168.200.1
!
!
no ip bootp server
ip cef
ip audit notify log
ip audit po max-events 100
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
!
interface FastEthernet0
description $FW_OUTSIDE$$ETH-WAN$
ip address dhcp client-id FastEthernet0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip route-cache flow
duplex auto
speed auto
no cdp enable
!
interface FastEthernet1
no ip address
no cdp enable
!
interface FastEthernet2
no ip address
no cdp enable
!
interface FastEthernet3
no ip address
no cdp enable
!
interface FastEthernet4
no ip address
no cdp enable
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan1
description $FW_INSIDE$$ETH-SW-LAUNCH$
ip address 192.168.200.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
ip tcp adjust-mss 1452
!
ip nat inside source list 1 interface FastEthernet0 overload
ip address 192.168.200.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
ip tcp adjust-mss 1452
!
ip nat inside source list 1 interface FastEthernet0 overload
ip classless
ip http server
ip http authentication local
ip http secure-server
!
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.7
no cdp run
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line 1
flush-at-activation
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
end
Thanks in advance
Andy
I have very little knowledge on cisco routers and the cisco IOS - so any help you guys can give will be much appreciated and I have attached the config of the 1711 at the bottom of this message
I want the LAN interface to be a DHCP server offering addresses to attached clients in the range of 192.168.200.100 to 192.168.200.254.
We currently have the WAN interface set up to be a DHCP client to obtain an address from our ISP.
Eventually, we will need to set up the VPN tunnel, but for right now I just want to replace the D-Link to make sure everything works.
Most of this seems to work OK although the router is not passing any traffic. It can see the Internet over the WAN (I can ping well-known addresses on the Internet side, but two problems show up:
No routing of traffic off the LAN to the Internet
Name services don't seem to be working
Current configuration : 2573 bytes
!
! No configuration change since last restart
!
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname guice_hq_rt01
!
security authentication failure rate 3 log
security passwords min-length 6
logging queue-limit 100
logging buffered 51200 debugging
logging console critical
enable secret XXXXXXXXX
!
username XXXXXXXX privilege 15 password 7 XXXXXXXX
clock timezone PCTimeZone -5
ip subnet-zero
no ip source-route
!
!
ip tcp synwait-time 10
no ip domain lookup
ip dhcp excluded-address 192.168.200.1 192.168.200.99
!
ip dhcp pool sdm-pool1
network 192.168.200.0 255.255.255.0
default-router 192.168.200.1
!
!
no ip bootp server
ip cef
ip audit notify log
ip audit po max-events 100
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
!
interface FastEthernet0
description $FW_OUTSIDE$$ETH-WAN$
ip address dhcp client-id FastEthernet0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip route-cache flow
duplex auto
speed auto
no cdp enable
!
interface FastEthernet1
no ip address
no cdp enable
!
interface FastEthernet2
no ip address
no cdp enable
!
interface FastEthernet3
no ip address
no cdp enable
!
interface FastEthernet4
no ip address
no cdp enable
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan1
description $FW_INSIDE$$ETH-SW-LAUNCH$
ip address 192.168.200.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
ip tcp adjust-mss 1452
!
ip nat inside source list 1 interface FastEthernet0 overload
ip address 192.168.200.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
ip tcp adjust-mss 1452
!
ip nat inside source list 1 interface FastEthernet0 overload
ip classless
ip http server
ip http authentication local
ip http secure-server
!
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.7
no cdp run
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line 1
flush-at-activation
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
end
Thanks in advance
Andy
