NEWBIE - Configuration for Cisco 837 1

[573310]

Ok, having gotten fed up with my short lived Linksys and SMC ADSL routers, I've picked up a Cisco 837 router instead, on advice from a techy mate. However, I get this home and ready to configure, and find that its not as simple as i expected, or am used to! - The Cisco Web Router Setup is pretty much pants, and doesn't allow me the flexibility I require for my environment. I've played around with the IOS CLI, but having no experience of Cisco, I have managed to get so far as name the router and set a password. What I'm hoping for, is a dummies guide to configure the following scenario thru the CLI:

*Configure ADSL - PPPA
*Enable the Firewall
*Configure the router to enable VPN in.
*Disable DHCP On the LAN
*Configure Name servers for my ISP (WAN)

Could anyone point me to any relevent source, or better yet, provide me some samples on achieving the above?

Many thanks
nmp

 

[573310]

anybody?

 

[NettableWalker]

Try this: It's got a bit more in there than you need but take out the VPNstuff and add the appropriate IP addresses and the passwords, (and the VPI/VCI info) and see how you go.

let us know how you get on.

Cheers


CAuthorised users only, all access is logged.

User Access Verification

Username: ******
Password:
PDC.BT.ADSL#sh run
Building configuration...

Current configuration : 4757 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname *.ADSL
!
logging queue-limit 100
logging console critical
enable secret 5 *****************1
!
username ******* privilege 15 password 7 *************
ip subnet-zero
no ip domain lookup
ip domain name local
ip name-server ***.***.***.***
ip name-server ***.***.***.***
!
!
no ip bootp server
ip cef
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 smtp
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 http
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
crypto isakmp policy 1
authentication pre-share
group 2
lifetime 7200
crypto isakmp key 0 flamingarse address ***.***.***.***
crypto isakmp key 0 flamingarse address ***.***.***.***
!
crypto ipsec security-association lifetime kilobytes 5242880
crypto ipsec security-association lifetime seconds 1800
!
crypto ipsec transform-set 1ADSL esp-3des esp-sha-hmac
crypto ipsec transform-set 2ADSL esp-3des esp-sha-hmac
!
crypto map pdcvpn 20 ipsec-isakmp
set peer ***.***.***.***
set transform-set 1ADSL
set pfs group2
match address 130
crypto map pdcvpn 21 ipsec-isakmp
set peer ***.***.***.***
set transform-set 2ADSL
set pfs group2
match address 131
!
!
!
!
interface Null0
no ip unreachables
!
interface Ethernet0
description Connected to Local Network
ip address 10.0.0.203 255.255.0.0
no ip proxy-arp
ip nat inside
ip route-cache flow
hold-queue 100 out
!
interface ATM0
description Connected to ADSL Circuit
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm auto-configuration
no atm ilmi-keepalive
no atm address-registration
no atm ilmi-enable
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface Dialer1
description Connected to ADSL Circuit
bandwidth 2000
ip address negotiated
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect DEFAULT100 out
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap chap callin
ppp chap hostname ********
ppp chap password 7 ********
ppp pap sent-username ******** password 7 ********
ppp ipcp dns request
ppp ipcp wins request
crypto map pdcvpn
hold-queue 224 in
!
!
ip nat inside source list 102 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.1.0.0 255.255.0.0 10.0.0.22
ip route 10.2.0.0 255.255.0.0 10.0.0.22
no ip http server
no ip http secure-server
!
access-list 10 permit ***.***.***.***
access-list 10 remark Telnet Access
access-list 10 permit ***.***.***.*** 0.0.0.15
access-list 10 permit 10.0.0.0 0.255.255.255
access-list 100 remark ----- Inbound ACL -----
access-list 100 permit ahp host ***.***.***.*** 0.0.0.0 ***.***.***.***
access-list 100 permit esp host ***.***.***.*** 0.0.0.0 ***.***.***.***9
access-list 100 permit udp host ***.***.***.*** 0.0.0.0 ***.***.***.*** eq isakmp
access-list 100 permit udp host ***.***.***.*** 0.0.0.0 ***.***.***.*** eq non500-isakmp
access-list 100 permit ahp host ***.***.***.***1 0.0.0.0 ***.***.***.***
access-list 100 permit esp host ***.***.***.*** 0.0.0.0 ***.***.***.***
access-list 100 permit udp host ***.***.***.*** 0.0.0.0 ***.***.***.*** eq isakmp
access-list 100 permit udp host ***.***.***.*** 0.0.0.0 ***.***.***.*** eq non500-isakmp
access-list 100 permit ip ***.***.***.*** 0.0.0.15 any
access-list 100 permit ip ***.***.***.*** 0.0.0.7 any
access-list 100 deny ip any any log
access-list 102 deny ip 10.0.0.0 0.0.255.255 10.2.0.0 0.0.255.255
access-list 102 deny ip 10.0.0.0 0.0.255.255 10.1.0.0 0.0.255.255
access-list 102 permit ip 10.0.0.0 0.255.255.255 any
access-list 125 remark VPN Access
access-list 125 permit ip 10.2.0.0 0.0.255.255 10.0.0.0 0.0.255.255
access-list 130 permit ip 10.2.0.0 0.0.255.255 10.0.0.0 0.0.255.255
access-list 131 permit ip 10.1.0.0 0.0.255.255 10.0.0.0 0.0.255.255
dialer-list 1 protocol ip permit
banner login ^CCAuthorised users only, all access is logged.^C
!
line con 0
exec-timeout 300 0
login local
no modem enable
transport output telnet
stopbits 1
line aux 0
login local
transport output telnet
stopbits 1
line vty 0 4
session-timeout 15 output
access-class 10 in
exec-timeout 300 0
password 7 ************A
login local
transport input telnet ssh
!
no scheduler max-task-time
scheduler interval 500
!
end

 

[573310]

Wow! - thanks Hellbabe - now I think I'm going to need some time to get my head around this and customise it, but will post back how this goes once I have!

One Q - this is the Show run output, can i simply import it back into my router somehow? or do i have to manually enter every command in sequence the same way?

Thanks once again, for your valuable input

thanks
Nmp

 

[NettableWalker]

No problem,

If you're using windows hyperterminal then you can, (to a certain extent) cut and paste the lines in from an exec privilige mode prompt "#", but it's best to do it a bit at a time.

Also, just get it working before even thinking about the VPN stuff etc. If you only want remote access to a PC inside your home network then a NAT on port 3389 (remote desktop) to forward the data to your PC will be a lot easier than a VPN setup.

or maybe read a CCNA book (Sybex is good), if you really want to know how to use these things.