Do not know how to enter Gateway information in 1721

[userice]

I am trying to setup Cisco Router 1721. I used Configmaker 2.6, but I could not connect to internet. The outside IP: 169.128.42.5 Gateway: 169.128.42.4. I know it is not working because I do not know how to enter gateway information. Can someone help? By the way, is there any problem with this configuration?




version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
logging queue-limit 100
enable secret 9
!
ip subnet-zero
!
!
no ip domain lookup
!
ip inspect max-incomplete high 1100
ip inspect one-minute high 1100
ip inspect name FastEthernet_0 tcp
ip inspect name FastEthernet_0 udp
ip inspect name FastEthernet_0 cuseeme
ip inspect name FastEthernet_0 ftp
ip inspect name FastEthernet_0 h323
ip inspect name FastEthernet_0 rcmd
ip inspect name FastEthernet_0 realaudio
ip inspect name FastEthernet_0 smtp
ip inspect name FastEthernet_0 streamworks
ip inspect name FastEthernet_0 vdolive
ip inspect name FastEthernet_0 sqlnet
ip inspect name FastEthernet_0 tftp
ip audit notify log
ip audit po max-events 100
!
!
!
!
!
!
!
interface Ethernet0
description connected to Internet
ip address 169.128.42.5 255.255.255.248
ip access-group 101 in
ip nat outside
half-duplex
!
interface FastEthernet0
description connected to EthernetLAN
ip address 192.168.12.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip inspect FastEthernet_0 in
speed auto
half-duplex
!
router rip
version 2
passive-interface Ethernet0
network 192.168.12.0
no auto-summary
!
ip nat inside source list 1 interface Ethernet0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0
ip http server
no ip http secure-server
!
!
!
access-list 1 permit 192.168.12.0 0.0.0.255
access-list 100 permit ip any any
access-list 101 deny ip any any
!
snmp-server community RO
snmp-server enable traps tty
!
line con 0
exec-timeout 0 0
password
login
line aux 0
line vty 0 4
password
login
!
no scheduler allocate
end

 

[vipergg]

Try pointing your default route to the .4 address instead of using ethernet 0 as the destination . Get rid of the old route first.

 

[DanInRaleigh]

Let me see if i can conjur up something...

....i hate access lists!!
...i'll probably get this wrong..
...on your e0, you have access-group 101 in.
...doesnt this point to to access-list 101 which denies all IP?

CCNP,CCSP,MCSE,Sec+,Net+,A+...

 

[DanInRaleigh]

...yea, and you might also try to do what vipergg said...i have seen it make a difference..

..and also what i would do is hook a computer directly up to the 1721 E0 (with cross over cable) and play with the config until i could ping back and forth..



CCNP,CCSP,MCSE,Sec+,Net+,A+...

 

[JOAMON]

Also note that your
Ethernet ports are both set at half-duplex. You should change both of these to full. From interface config mode just enter duplex full on e0 and duplex auto on f0.

 

[directlyconnected]

DanInRaleigh---looks like with all the "ip inspect" commands, he may be using Context Based Access Control (CBAC), rather than plain access control lists. These will inpect all incoming traffic and dynamically change to allow all of the listed traffic. Learned this while studying for the SECUR exam. Hoping to become a CCSP as well, plus an Ethical Hacker and perhaps a CISSP. Bye bye.

Tim
CCNA, A+, Network+, father of a 2 year old and 10 month old, tired, help me...

 

[DanInRaleigh]

Tim,

..good luck with your security studies!
..contact me at........ daniel at daniel-white dot com.

CCNP,CCSP,MCSE,Sec+,Net+,A+...