Simple Internet -> Network 871 1

[kjems]

Hi there!

I have problem getting a simple internet connection via a Cisco 871 router.

The router gets its IP correctly from ISP

The computer gets the IP correctly from the 871

But still no internet-connection.

Any ideas, please ??????


Current configuration : 4216 bytes
!
! Last configuration change at 16:43:53 PCTime Wed Apr 9 2008 by admin
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname CiscoRouter
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$GQ6K$tHnTvQFK6wMfoImnPSGU10
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
ip subnet-zero
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.9
ip dhcp excluded-address 192.168.1.151 192.168.1.254
!
ip dhcp pool sdm-pool1
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 194.239.134.83 193.162.153.164
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name xxx
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-7395629
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-7395629
revocation-check none
rsakeypair TP-self-signed-7395629
!
!
crypto pki certificate chain TP-self-signed-7395629
certificate self-signed 01
30820241 308201AA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
2E312C30 2A060355 04031323 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 37333935 36323930 1E170D30 32303330 31303031 3630395A
170D3230 30313031 30303030 30305A30 2E312C30 2A060355 04031323 494F532D
53656C66 2D536967 6E65642D 43657274 69666963 6174652D 37333935 36323930
819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 C9A0BCF1
66614A9B 501A8B49 74B17D04 6CCB5835 6037DF65 FFEB277B 4436F299 D7A8128A
23F0C93C C6093AFB 3FB0741D 710AB470 0C5E035F E6BAAFE4 5CE6313D F3FA5083
EFC522FE 208B82BE EC98DFA0 99C3E112 1C8D609E A3A535E6 9A58F7A2 5EA18A61
CBF5E3C6 CE928CF0 DDC8A515 DAAF55A5 C13EB03B 24B380C1 DF88024B 02030100
01A36F30 6D300F06 03551D13 0101FF04 05300301 01FF301A 0603551D 11041330
11820F43 6973636F 526F7574 65722E78 7878301F 0603551D 23041830 1680147B
412B6825 7F18E938 625074D1 B81F83EA 008EDE30 1D060355 1D0E0416 04147B41
2B68257F 18E93862 5074D1B8 1F83EA00 8EDE300D 06092A86 4886F70D 01010405
00038181 0059EBF6 F7E077EB 40E892C1 3F9A181B 0E62B0A5 E9551D2A F9C2048D
3D90CF53 1C17FE91 DF602FEB 91A8BA01 1BFE756C D1F1B0C0 441043E1 7DBE6B7D
9BA20FA0 CD8AAEE1 D1411DDA 861EC152 35091E09 A270CC64 F985F4CC E3060D2C
4BBA52BF 3B3D7092 B625B999 E57428FB 6AADCB1A 7AF62973 C3F317D8 C9082381
3E173779 94
quit
username admin privilege 15 secret 5 $1$Z/zp$Zm.n6HlUXxhmrlHsPfOe60
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
description lokalLAN
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description Til Internet$FW_OUTSIDE$$ES_WAN$$ETH-WAN$
ip address dhcp client-id FastEthernet4
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
ip classless
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool interval 192.168.1.10 192.168.1.150 netmask 255.255.255.0
ip nat inside source list 1 interface FastEthernet4 overload
!
logging trap debugging
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

 

[burtsbees]

router>en
router#conf t
router(config)#ip route 0.0.0.0 0.0.0.0 fa4

Burt

 

[kjems]

Hello again!

SOLVED!!

Just to make other people know, i solved the problem. I only use SDM, so i didnt try Burts solution.

Anyway the problem was that i DIDN´T turn on the firewall in the initial SDM setup guide. To me thats crazy, but apparently you have to enable the firewall to get internet-connection to work - maybe because the firewall-setup tells the router to allow internet-traffic.

I just turned it off to first get a connection, but thats a wrong way i finally found out.

Hope this can help other new-bees

Thanx anyway Burt.

Jesper

 

[burtsbees]

Say what???

Post the new config...

Burt

 

[kjems]

I will monday when i get back to work.

A small question: I have setup port forwarding to my local webserver (port 80)

It works fine from a computer not connected to the router (my home computer) but not from computers connected to the router??

Am i missing something ?

I will send the configuration monday, when i get back to my router.

Thanx for helping

Jesper

 

[kjems]

Heres the config.

It works, but port forwarding to my webserver only works outside lan. Local computers cant connect to webserver my public IP??

Kindly

Jesper


Building configuration...

Current configuration : 6540 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$ZXAT$vZi9Ybl/DSC3wkSfp4vrl0
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
ip subnet-zero
no ip source-route
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.151 192.168.1.254
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool sdm-pool1
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
!
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip tcp synwait-time 10
no ip bootp server
no ip domain lookup
ip domain name yourdomain.com
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-7395629
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-7395629
revocation-check none
rsakeypair TP-self-signed-7395629
!
!
crypto pki certificate chain TP-self-signed-7395629
certificate self-signed 01
30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
2E312C30 2A060355 04031323 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 37333935 36323930 1E170D30 38303431 36303930 3133355A
170D3230 30313031 30303030 30305A30 2E312C30 2A060355 04031323 494F532D
53656C66 2D536967 6E65642D 43657274 69666963 6174652D 37333935 36323930
819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 A73E97EC
F8375E4B BDA3C86F 7D75EE97 6069B028 02FFF8D6 B0F3E0CE CF543D68 8CE6A4C6
29943C8F ED2E55DB D9A80982 80315730 9C7FD67D 3B90AE02 6D34A2FB 9EA47C79
A2954D94 5C480ED1 6127094D 7A7BE5E2 54848995 5AA6E268 9791DB10 835FD377
D92546C6 B92C64FB B34646E8 18D28936 C79782CD D3C2996D 2A2E06EB 02030100
01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D 11041B30
19821779 6F75726E 616D652E 796F7572 646F6D61 696E2E63 6F6D301F 0603551D
23041830 1680149E CCF7C7DF 657B5535 84B67015 4D1C5062 CC35DD30 1D060355
1D0E0416 04149ECC F7C7DF65 7B553584 B670154D 1C5062CC 35DD300D 06092A86
4886F70D 01010405 00038181 00A3DF81 27420A1B 57275509 9FE41D68 09C93FFE
41F1A050 3C151D16 335252B1 81CB3967 7331E528 6AD8AB1C 0D448E06 596489FF
F09D232E 7BDE9196 B89DEE2E E1B62B4B 9BEA77DC 00D02AE8 7A4BA6CF A5A29D12
99D2BC74 E3812CE8 C26B0985 44AFA72D FDBDEFF4 D4844250 2FF85287 A0F8153A
EDA16486 33716F2C ECCF6662 8A
quit
username admin privilege 15 secret 5 $1$WpfV$Qfn9.3gJRxmO2vtROm7X3/
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ES_WAN$$FW_OUTSIDE$
ip address dhcp client-id FastEthernet4
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect DEFAULT100 out
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
ip classless
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.1.190 80 interface FastEthernet4 80
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit tcp any any eq www
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 deny ip 192.168.1.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip any any
no cdp run
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

 

[kjems]

My problem is explained here - i just dont know how to get that solution in my router SDM

From the page:

http://www.cisco.com/en/US/docs/ios/12_3/12_3y/release/notes/rn800ys.html

Inside to Inside NAT - NAT Virtual Interface Support
This feature allows NAT to be set up in such a way that both inside and outside users can see and ping an inside server on the same IP address as seen on the outside interface (i.e., static NAT set up to support the use of the inside server from the outside). This implies that a request from an internal host to the internal server would be routed through the router masking IP address of the destination host for the source host and masking the IP address of the source host from the destination host.

The purpose of this feature is to provide customers of the Cisco 830 and SOHO 90 routers, with the ability to allow the use of a single DNS name / DNS server external to the LAN to provide name resolution for internal servers to internal clients even if NAT is applied and the NAT global address is the known address from a DNS perspective.

This approach also has some side benefits, making it possible to share the outside users experience and also enabling immediate corrective action should the translations or applications not work properly over NAT, or should the DNS requests not resolve correctly making the service unavailable for external customers.

This feature has been implemented using the standard Cisco IOS feature called NAT virtual interface.

A sample configuration procedure is given below, followed by an explanation of the NAT commands.

interface Ethernet0
ip address 192.168.122.1 255.255.255.0
ip nat enable
!
interface Ethernet1
ip address 192.168.122.1 255.255.255.0
ip nat enable
duplex auto
!
interface Ethernet2
no ip address
shutdown
!
ip classless
!
ip http server
no ip http secure-server
!
ip nat pool POOL 192.168.25.20 192.168.25.30 netmask 255.255.255.0
ip nat source list 1 pool POOL overload
ip nat source static tcp 192.168.123.1 interface Ethernet1 1
ip nat source static tcp 192.168.125.10 interface Ethernet1 10
!
access-list 1 permit 192.168.122.0 0.0.0.255
!