Cisco 1721 one-way traffic...

[kenfx]

I have a 1721 router with a T1 CSU/DSU, 1 ETHERNET, and VPN Module installed. The 'helpful' Time Warner (ISP) tech inserted the following config. They did their 'ping' tests and left.

PROBLEM: No one from outside my network can see anything on interface Ethernet. Inside to outside on that interface works great. Everything else works great. HELP!!!!!

Anything would be greatly appreciated.



Current configuration : 2098 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname ParkerWood
!
enable password <>
!
memory-size iomem 20
ip subnet-zero
!
!
no ip domain-lookup
!
ip audit notify log
ip audit po max-events 100
ip ssh time-out 120
ip ssh authentication-retries 3
!
!
!
!
interface Ethernet0
description connected to Ethernet
ip address 209.163.181.65 255.255.255.224
ip nat inside
half-duplex
!
interface FastEthernet0
description connected to FastEthernet
ip address 10.10.100.254 255.255.255.0
ip nat inside
speed auto
!
interface Serial0
description connected to Internet
ip address 64.132.229.54 255.255.255.252
ip nat outside
encapsulation ppp
service-module t1 remote-alarm-enable
!
router rip
version 2
passive-interface Serial0
network 10.0.0.0
network 209.163.181.0
no auto-summary
!
ip nat pool ParkerWood-natpool-40789 64.132.238.61 64.132.238.61 netmask 255.255
.255.0
ip nat inside source list 1 pool ParkerWood-natpool-40789 overload
ip nat inside source static 10.10.100.44 64.132.238.55
ip nat inside source static 10.10.100.51 64.132.238.51
ip nat inside source static 10.10.100.45 64.132.238.58
ip nat inside source static 10.10.100.40 64.132.238.50
ip nat inside source static 10.10.100.52 64.132.238.52
ip nat inside source static 10.10.100.53 64.132.238.53
ip nat inside source static 10.10.100.54 64.132.238.54
ip nat inside source static 10.10.100.60 64.132.238.60
ip nat inside source static 10.10.100.41 64.132.238.56
ip nat inside source static 10.10.100.199 64.132.238.59
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
ip pim bidir-enable
!
access-list 1 permit 209.163.181.64 0.0.0.31
access-list 1 permit 10.10.100.0 0.0.0.255
access-list 1 permit 64.132.238.48 0.0.0.15

!
line con 0
exec-timeout 0 0
password <>
login
line aux 0
line vty 0 4
password <>
login
!
no scheduler allocate
end

 

[jamin123]

router rip
version 2
passive-interface Serial0
network 10.0.0.0
network 209.163.181.0
no auto-summary "

I thing "passive-interface Serial0" is blocking all packet from the interface. Also, I always specify the full rip network.
network 209.163.0.0
network 10.10.0.0

I maybe wrong, sorry.

 

[lgarner]

passive-interface" doesn't block packets, but prevents the RIP advertisements from leaving via that interface.

Anything that needs to be visible to the world needs a static NAT entry, or to be excluded from dynamic NAT. Since the Ethernet i/f has a valid public address (I assume that it's valid and not just made up or left over from a previous ISP), then it should be reachable. You can remove it from access-list 1 and, assuming that the ISP is routing that address to you it should work. If you do open the range up to the world, be sure to add access-lists to allow only necessary inbound traffic.

Lee.