ACL's ON Cisco 1841 Router

Can you let me know what is the maximum no of ACL's that can be configured on Cisco 1841 router ?

Hmm I don't know if such metric is available out there. Perhaps a call/case with Cisco TAC would help! How many ACLs and ACEs do you need/plan to configure?
Thank you for rating helpful posts!

Similar Messages

How to enable routing between HWIC-4ESW and Onboard FE on cisco 1841 router..?

Hello All,
I have a cisco 1841 router, recently i have purchased HWIC-4ESW slot for my router. The module is working fine i could able to see additional FE ports(fe0/0/0,fe0/0/1...).Now problem comes in routing i.e. these HWIC-4ESW ports and Onboard FEs are not communicating.If any bode knows the solution kindly let me know the configuration details..
Thanks,Sazz

Hi,
Look at the configs below.
How can I use IP Routing so communication is possible across all subnets?
Router>en
Router#config t
Router(config)#int fa0/0
Router(config-if)#description ***INTERNET***
Router(config-if)#ip address xxx.xxx.xxx.xxx 255.255.255.252
Router(config-if)#no shut
Router(config-if)#ip nat outside
Router(config-if)#exit
!On-board interface
Router(config)#int fa0/1
Router(config-if)#description ***LAN***
Router(config-if)#ip address 10.0.xxx.xxx 255.255.255.0
Router(config-if)#no shut
Router(config-if)#ip nat inside
Router(config-if)#exit
Router#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
Router(vlan)#vlan 10
VLAN 10 modified:
Router(vlan)#vlan 20
VLAN 20 added:
Name: VLAN0020
Router(vlan)#exit
APPLY completed.
Exiting....
Router#config t
Router(config)#int vlan 10
Router(config-if)#ip address 172.16.xxx.xxx 255.255.255.0
Router(config-if)#ip nat inside
Router(config-if)#no shut
Router(config-if)#exit
Router(config)#int vlan 20
Router(config-if)#ip address 192.168.xxx.xxx 255.255.255.0
Router(config-if)#ip nat inside
Router(config-if)#no shut
Router(config-if)#exit
!HwIC-4ESW interface
Router(config)#int fa0/0/0
Router(config-if)#switchport mode access
Router(config-if)#switchport access vlan 10
Router(config-if)#exit
!HWIC-4ESW Interface
Router(config)#int fa0/0/1
Router(config-if)#switchport mode access
Router(config-if)#switchport access vlan 20
Router(config-if)#exit
Router(config)#exit
Router#copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
Router#config t
Router(config)#ip name-server xxx.xxx.xxx.xxx
Router(config)#ip name-server xxx.xxx.xxx.xxx
Router(config)#exit
Regards,

Need help regarding Cisco 1841 Router

hello everyone , i am need of help regarding configuring of FE 0/1 port. our company have a cisco 1841 router. The serial 0/0/0 is connected with VSAT for internet. The FE 0/0 is connected to switch(LAN) through which net connectivity is provided to all users. Recently a new VSAT has been installed at our site,with different IP series. So every time we want to switch between the two net connectivity we need to change the entire IP configuration of all users, which in turn prohibits the users from accessing the printers,data servers etc which are been set to our existing IP series. So, my idea was to configure the FE 0/1, so that just by changing the DNS will help us providing internet along with all other devices without changing the entire IP series. The new VSAT modem has a lan cable which can be connected to FE 0/1. Can any one help out in solving the problem. Our existing IP series is 192.168.3.1..... and the new VSAT series is 10.205.74.1......

Bao
Do I understand correctly that you will have 20 remote users who will telnet to the 2511 and from the 2511 will use reverse telnet to access the console of router1, router2, router3, etc which have their console ports connected to async ports of the 2511? If that understanding is correct then the firewall only needs to open TCP port 23 for telnet. The other ports (2001, 2002, etc) are between the 2511 and router1, router2, etc and will not be seen by the firewall. If my understanding is not correct then please clarify.
I do not believe that you will find an image for the 2500 that supports SSH.
HTH
Rick

Connection issue between Cisco 515 Pix and Cisco 1841 router

Hi,
I am having a problem getting a Cisco Pix 515 communicating to a Cisco 1841. I am currently studying for CCNA so forgive me if it's obvious to the rest of you where the problem lies.
The client currently has an ISDN service which is being moved over to a 2MB E1 connection.
I have configured the 1841 router with G.703 WIC according to the information given to me by the ISP. I have configured the 1841 to have the same internal IP as the ISDN Cisco 800 series router, hoping for a simple swap over. The Pix 515 sits behind the ISDN at present and will be behind the 1841 when it is active.
Once I unplug the 800 series ISDN router and plug the 1841 into the pix, I cannot get any response what so ever. I have tried changing the ethernet connection speeds between the pix and 1841 hoping it would be as simple as that without success. Can't get ping responses from either end but I can when the ISDN service is plugged in. Both ISDN and E1 link are supplied by the same ISP, Telstra Australia and the fixed IP's are able to move over to the E1 service.
I have not touched the pix in any way. A seperate company configured the router a couple of years ago.
I have included the configurations of the existing ISDN, Pix and the 1841 for you to review. Any advise/solutions would be greatly appreciated.
Thanks in Advance,

Hi,
The outside interface on your PIX is configured as 10BaseT which would be fine when using the original 800 series ISDN router.
Now with your new 1841, the interface that the PIX connects to is Fast Ethernet so you need to change your outside interface on the PIX to the same
If you want to use auto negotiation between the PIX and router then the command to do this on the PIX is
interface ethernet0 auto
I recommend using hard coded settings between the PIX and router and the command to do this on this PIX is
interface ethernet0 100full
You will also need to change your router as:
interface FastEthernet0/0
speed 100
duplex full
If you can't configure the PIX as you mentioned an external company did it, then i guess you could change your Fast Ethernet interface to "speed 10", "duplex half".
This won't create a bottleneck as you only have a 2 MB connection to your ISP
Everything else looks good, don't worry about asking questions on the forum, this is what its for.
HTH
Paddy

Novell Radius and Cisco 1841 router

I tried to setup NW Radius and it all seems to be setup perfectly accoriding to this TID# http://support.novell.com/cgi-bin/se...?/10078616.htm
But when someone tries to connect throgh my Cisco VPN I get this error:
[2005-05-19 05:03:26 PM] Access request dropped
<trusted IP>, <Cisco connect group>, Unkown radius client
I entered the <trusted ip> as a client in Console One and chose Cisco as the vendor (also tried Generic radius).
<cisco connect group> is the authentication group I setup in the router, and must be entered before connecting through VPN.
Any clues would be appreciated.

Jepe,
It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply.
Has your problem been resolved? If not, you might try one of the following options:
- Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
- Check all of the other support tools and options available at http://support.novell.com in both the "free product support" and "paid product support" drop down boxes.
- You could also try posting your message again. Make sure it is posted in the correct newsgroup. (http://support.novell.com/forums)
If this is a reply to a duplicate posting, please ignore and accept our apologies and rest assured we will issue a stern reprimand to our posting bot.
Good luck!
Your Novell Product Support Forums Team
http://support.novell.com/forums/

Hi, I have a question about CISCO 1841 router.

I have 4 devices which are named 1841.
But, I have trouble handling these..
To help my question, I suppose that router's name is set A, B respectively.
A (DCE) ------- (DTE) B (slot0 ,1 --> WIC-1T)
Now, I connected routers upper contents.
But WIC-1T's CONN LED does not shining...
I did below following steps...
1. I did commands in the routers : no shutdown, encapsulation ppp, clock rate 115200 (In this case, I designated at DCE)
2. Change another cable which was NEW one.
3. Change another router (Of course WIC-1T is put in)
I really don't know what can I do...to perform it.....
Ah... plz response my question...
Thank you.
Regards,

And I did "show ip interface brief" command.
Router#show ip int b
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES NVRAM up down
FastEthernet0/1 unassigned YES NVRAM up down
Serial0/0/0 unassigned YES unset down down
Serial0/1/0 unassigned YES unset down down
Router#
I definitely "show down" at f0/0, f0/1, s0/0/0, s0/1/0
But, only f0/0, f0/1 were up.
I don't know why Serial does not changed down to up
Hmmm....
It is really difficult to me ...
The harder study in network, the more difficult...
Anyway!
Please reply me!
Regards,

Internet Link Sharing on cisco 1841 router

Dear All,
We want to share our head office internet link with regional office users.
Existing Setup at head office = Internet Lease Link with bandwidth = 2Mbps over Ethernet interface.
Proposed setup = Additional point to point link between head office and regional office over ethernet.
Requirement = Serve internet to regional office lan users from head office internet pipe using subinterface on the internet router at head office and natting the regional office lan.
Do we need to enable dot1q on the switch where the regional office point to point link will terminate.
Pls suggest.
Regards

attached diagram

Cannot establish multiple simultaneous PPTP connections with the CISCO 1841.

Hello everyone;
I have recently tested a PPTP connection with a CISCO 1841 router and got success. I have configured a windows 7 client and successfully connected to the router and was able to access the documents in the server PC that I have mentioned in the attached diagram. I have created number of different users  in the CISCO 1841 too. While some one is having a connection, another user cannot connect to it, which means multiple simultaneous connections aren't possible. Do I have to create a ACL for the PPTP and if yes, How ?
FastEthernet0/0 is up, line protocol is up
Internet address is 192.168.100.1/25
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is 100
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
Inbound inspection rule is SDM_LOW
--------------------------------------------------------------------------------------------ACL 100-----------------------------
deny icmp any any echo-reply
deny ip host 255.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip host 66.163.169.186 any
permit ip any any (122467027 matches)

As long as you have the inspection engine enabled on the ASA, it shouldn't freak out of the different IP as it will inspect the call signalling and will NAT it accordingly, BUT, for simplicity, I agree with you, it would cause a lot of troubleshooting headache if there is problem as well as reconfiguration of IP on the host ends.
Here is the NAT FYI:
object network obj-10.10.96.0
   subnet 10.10.96.0 255.255.255.0
object network obj-192.168.96.0
   subnet 192.168.96.0 255.255.255.0
object network obj-10.10.14.0
   subnet 10.10.14.0 255.255.255.0
object network obj-10.1.0.0
   subnet 10.1.0.0 255.255.255.0
object network obj-192.168.1.0
   subnet 192.168.1.0 255.255.255.0
object network obj-10.10.11.0
   subnet 10.10.11.0 255.255.255.0
object network obj-192.168.11.0
   subnet 192.168.11.0 255.255.255.0
nat (inside,outside) source static obj-10.10.96.0 obj-192.168.96.0 destination static obj-10.10.14.0 obj-10.10.14.0
nat (inside,outside) source static obj-10.1.0.0 obj-192.168.1.0 destination static obj-10.10.14.0 obj-10.10.14.0
nat (inside,outside) source static obj-10.10.11.0 obj-192.168.11.0 destination static obj-10.10.14.0 obj-10.10.14.0

Cisco 1841 with 2 public WAN IP's and NAT

OK currently the network is setup as follows:
Zyxel SHDSL Router --> Linksys Router --> 10/100 Switch --> PC's
x.x.x.145/28__________x.x.x.146/28____________________192.168.1.0/24
The Linksys router is running inbound one-to-many PAT (eg. x.x.x.146:80 --> 192.168.1.10:8080)
I'm looking to replace the setup with a Cisco 1841 router. Now normally I would configure the DSL interface as unnumbered to the internal LAN interface and use my public IP addys on this segment then passing through a PIX to NAT into private IP addys.
The problem I have is I want the 1841 to be an all in one box performing DSL, Firewall and NAT functions.
Now I thought I would configure the DSL as unnumbered to FastEthernet0/0 adding a secondary IP address of x.x.x.146/28. Interface configured as NAT outside.
Interface FastEthernet0/1 was configured with 192.168.1.1/24 with NAT inside and connected to the switch.
The problem was is that the FastEthernet0/0 interface line protocol was down as there was no need to connect it to anything.
I then tried assigning the dialer interface a static IP of x.x.x.145/28 and x.x.x.146/28 as a secondary IP running NAT outside. I tried again but during boot up the router said you cant assign a secondary IP to the dialer interface.
So my question is, how would you recommend setting up the interfaces to enable the router to have both x.x.x.145 and 146/28 as public IP's and NAT x.x.x.146:80 to 192.168.1.10:8080?
Any help much appreciated.

Answers:
1) DSL is terminating in the 1841 on a SHDSL WIC
2) No
3) IP is negotiated
4) Below is a config which I believe should work. Any recommended amendments?
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname trackgw
boot-start-marker
boot-end-marker
no aaa new-model
resource policy
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
no ip dhcp use vrf connected
username cisco privilege 15 secret xxx
controller DSL 0/0/0
mode atm
line-term cpe
dsl-mode SHDSL symmetric annex B
line-rate AUTO
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
interface FastEthernet0/1
no ip address
duplex auto
speed auto
interface ATM0/0/0
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
encapsulation ppp
no cdp enable
ppp authentication chap callin
ppp chap hostname username
ppp chap password 0 password
ppp ipcp dns request
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http authentication local
ip nat inside source list nat-acl interface Dialer1 overload
ip nat inside source static tcp 192.168.1.10 8080 x.x.x.146 80
ip access-list extended nat-acl
permit ip 192.168.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
control-plane
line con 0
logging synchronous
login local
transport output all
line aux 0
transport output all
line vty 0 4
privilege level 15
login local
transport input telnet
scheduler max-task-time 5000
end

Cisco 877 router - Cisco IP phone won't register with SIP provider

Hi all,
I'm having a problem with a Cisco SPA504G phone not registering with the SIP carrier over the Internet. We've recently rolled out a Cisco 877 router onto a new NBN business connection and can't get the pre-configured IP phone to register.
When we tested the phone with the NBN-provided Netgear router, it worked fine, as it did with the previous Cisco 1841 router we were using on a different link.
The way it's setup is using VLANs to define the internal subnets, which are then assigned to the physical interfaces (since the 887 doesn't allow IP assignments to the interfaces directly).
VLAN 100 is the internal network and has a SBS2011 server – assigned to F0 – IP range is 192.168.1.0
VLAN 200 is the guest network and has Internet access only – assigned to F1 – IP range is 10.1.1.0
VLAN 500 is the WAN network and connects to the NBN upstream box – assigned to F3 – external IP address assigned by DHCP
I've been playing around with access lists, nat rules, basically everything in my limited Cisco knowledge to try and figure this out, but to no avail. I have even configured what I believe is unrestricted access to IP, UDP and TCP outbound and inbound to all VLANs and still can't get it to register.
Tried isolating the issue by creating a new VLAN and assigning it to the spare interface and basically allowing everything in and out, but still no luck.
The problem has to be something on the router – probably some small line of config I haven’t removed or added.
I am going to pull my hair out soon, so would really appreciate some assistance from the Cisco gurus out there.
My client has just purchased about 10 of these handsets from their provider so I need to fix this ASAP. The guy who provided them wasn't very helpful, and basically said I'm on my own once we tested using the NBN-provided Netgear router.
Happy to post my config as well.
Please help!!!!

Current configuration : 4912 bytes
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router1
boot-start-marker
boot-end-marker
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
no ip source-route
ip dhcp excluded-address 10.1.1.1
ip dhcp pool GUEST
network 10.1.1.0 255.255.255.0
dns-server 10.1.1.1 203.50.2.71 139.130.4.4
default-router 10.1.1.1
ip cef
no ip domain lookup
ip domain name network.local
ip name-server 192.168.1.123
ip name-server 203.23.53.12
ip name-server 197.12.32.86
ip name-server 8.8.8.8
no ipv6 cef
license udi pid CISCO887VA-K9 sn FGL171220XY
username admin privilege 15 secret 5 $1$aNsm$N1BCQYkoi8gnURyvloYEX/
controller VDSL 0
interface Ethernet0
no ip address
shutdown
interface ATM0
no ip address
no atm ilmi-keepalive
bridge-group 10
pvc 8/35
interface FastEthernet0
description NAC - Internal network
switchport access vlan 100
no ip address
interface FastEthernet1
description NAC - Guest network
switchport access vlan 200
no ip address
interface FastEthernet2
no ip address
shutdown
interface FastEthernet3
description **** WAN Port ****
switchport access vlan 500
no ip address
interface Vlan1
no ip address
bridge-group 10
hold-queue 100 out
interface Vlan100
description NAC - Internal Vlan
ip address 192.168.1.1 255.255.255.0
ip access-group IN-100 in
ip access-group OUT-100 out
ip nat inside
ip virtual-reassembly in
interface Vlan200
description NAC - Guest Vlan
ip address 10.1.1.1 255.255.255.0
ip access-group IN-200 in
ip access-group OUT-200 out
ip nat inside
ip virtual-reassembly in
interface Vlan500
description **** WAN Vlan ****
ip address dhcp
ip nat outside
no ip virtual-reassembly in
no ip forward-protocol nd
ip http server
ip http access-class 23
ip http secure-server
ip dns server
ip nat inside source list NAT-100 interface Vlan500 overload
ip nat inside source list NAT-200 interface Vlan500 overload
ip nat inside source static tcp 192.168.1.123 25 interface Vlan500 25
ip nat inside source static tcp 192.168.1.123 443 interface Vlan500 443
ip nat inside source static tcp 192.168.1.123 3389 interface Vlan500 3399
ip nat inside source static tcp 192.168.1.123 80 interface Vlan500 80
ip nat inside source static tcp 192.168.1.123 4125 interface Vlan500 4125
ip nat inside source static tcp 192.168.1.124 3389 interface Vlan500 3390
ip nat inside source static tcp 192.168.1.123 987 interface Vlan500 987
ip nat inside source static tcp 192.168.1.123 1723 interface Vlan500 1723
ip route 0.0.0.0 0.0.0.0 55.234.52.43
ip access-list extended IN-100
permit udp any any range bootps bootpc
deny ip 10.1.1.0 0.0.0.255 any
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended IN-200
permit udp any any range bootps bootpc
permit ip 10.1.1.0 0.0.0.255 any
ip access-list extended NAT-100
deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended NAT-200
deny ip 10.1.0.0 0.0.255.255 10.1.0.0 0.0.255.255
permit ip 10.1.1.0 0.0.0.255 any
ip access-list extended OUT-100
permit udp any range bootps bootpc any
deny ip 10.1.1.0 0.0.0.255 any
permit ip any 192.168.1.0 0.0.0.255
ip access-list extended OUT-200
permit udp any range bootps bootpc any
deny ip 10.1.1.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip any 10.1.1.0 0.0.0.255
access-list 23 permit 59.23.164.52
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 23 permit 10.1.1.0 0.0.0.255
access-list 23 permit 120.146.0.0 0.0.255.255
access-list 23 permit 149.185.12.0 0.0.0.255
access-list 23 permit 110.44.28.0 0.0.0.255
access-list 23 permit 110.44.26.0 0.0.0.255
access-list 23 permit 103.25.212.0 0.0.0.255
access-list 23 permit any
bridge 10 protocol ieee
banner motd ^C
* Authorized personnel only! *
^C
line con 0
login local
no modem enable
line aux 0
line vty 0 4
password password01
login local
transport input all
end

Creating "A" record in Cisco 1841

Hello All,
We are using Cisco 1841 router. Our requirement is to configure "A" record in the router i.e. we wanted this router to act as a Primary DNS server.
I can bit explain the scenario.
We have connected Internet Lease line ILL to this router with a static ip assigned to it. We have a domain name registered say e.g. www.xyz.com at www.namecheap.com. We wanted to host the web server inside our office network for our website. We did the necessary changes at www.namecheap.com to the domain www.xyz.com pointing it to our static ip. But we are not able to ping or browse the domain www.xyz.com and we contacted www.namecheap.com technical support and they informed us that we need to create a "A" record where ever the web server is hosted.
I tried to search the internet and i couldn't able to find the necessary online resources for creating "A" record in the router for the domain name. But i could find the below link for creating soa record http://blog.ipspace.net/2006/09/use-your-cisco-router-as-primary-dns.html and created a namesever entries like ns1.xyz.com
But this doesn't create "A" record
Any assistance would be really helpful.
Thanks
Sundar

Dear Daniele,
Thanks for your reply.
You solution worked great for me.
We are able to ping the domain name.
Now we are facing another problem in reaching our web server. I will explain it below.
1. When i type the domain name in the browser we are getting a authentication popup asking for username & password, the popup says "a username and password are being requested by says level_15_access ..."
2. I provided the router username & password it redirect to the following link http://www.sitename.com/archive/flash:home/html/home_aux.shtml. and load the SDM (Cisco router and security device manager) page.
NOTE: we have installed Cisco SDM.
What i wanted is, the site should reach our website hosted in our IIS server inside the network. The IIS server has an local IP address 192.168.1.x and the router gateway has a IP address 192.168.1.y
Any assistance would be really helpful.
Thanks
Sundar

Cisco 1841 as PPTP client Does not work

Dear All,
I have Cisco 1841 router running the below roles
1) SSL VPN Server
2) PPTP Server
3) Site to Site Connection with Sonicwall router
I want the router to be configured a pptp client to internet vpn server (so that i will get a fixed public ip )
Once i get this ip address i want to use this connection to accept in coming connection and forward ports to internal host,
I went through below
http://www.mreji.eu/content/cisco-router-pptp-client
https://supportforums.cisco.com/thread/2167562
But it does not work as i do not have the option for the below 2 commands in vpdn-group 2 section.(Please see section in blue)
protocol pptp
rotary-group 4
Please Advise and Help
Regards
Hasan Reza
My Current Config is as below
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.06.09 17:55:23 =~=~=~=~=~=~=~=~=~=~=~=
exit
Gateway#show run |
Building configuration...
Current configuration : 25109 bytes
! Last configuration change at 13:33:57 UTC Sun Jun 9 2013 by admin
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname Gateway
boot-start-marker
boot system flash c1841-advsecurityk9-mz.151-2.T1.bin
boot-end-marker
logging buffered 4096
no logging console
enable secret 5 $1$SciF$TlX1tR5qaG9ZE7pdZHcRJ/
no aaa new-model
dot11 syslog
ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 10.236.5.1 10.236.5.20
ip dhcp excluded-address 10.236.5.21 10.236.5.50
ip dhcp excluded-address 172.21.51.2 172.21.51.50
ip dhcp pool ContosoPool
   network 10.236.5.0 255.255.255.0
   default-router 10.236.5.254
   dns-server 213.42.20.20 195.229.241.222
ip dhcp pool DMZ
   network 172.21.51.0 255.255.255.0
   dns-server 172.21.51.10
   default-router 172.21.51.1
   domain-name contoso.local
ip cef
ip domain name contoso.local
ip name-server 213.42.20.20
ip name-server 195.229.241.22
ip name-server 195.229.241.222
ip ddns update method dyndns
HTTP
add http://xxxxxx:[email protected]/nic/update?system=dyndns&hostname=<h>&myip=<a>
remove http://xxxxxx:yyyyy@@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
interval maximum 0 1 0 0
multilink bundle-name authenticated
vpdn enable
vpdn-group 2
request-dialin
protocol l2tp
initiate-to ip 173.195.0.42
vpdn-group RAS-VPN
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
l2tp tunnel timeout no-session 15
crypto pki token default removal timeout 0
crypto pki trustpoint TP.StartSSL.CA
enrollment terminal pem
revocation-check none
crypto pki trustpoint TP.StartSSL-vpn
enrollment terminal pem
usage ssl-server
serial-number none
fqdn ssl.spktelecom.com
ip-address none
revocation-check crl
rsakeypair RSA.StartSSL-vpn
crypto pki trustpoint TP-self-signed-1981248591
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1981248591
revocation-check none
rsakeypair TP-self-signed-1981248591
crypto pki trustpoint VMWare
enrollment terminal
revocation-check crl
crypto pki trustpoint OWA
enrollment terminal pem
revocation-check crl
crypto pki certificate chain TP.StartSSL.CA
certificate ca 01
(removed the certificate info for clarity)
   quit
crypto pki certificate chain TP.StartSSL-vpn
certificate 0936E1
    (removed the certificate info for clarity)9
   quit
certificate ca 18
(removed the certificate info for clarity)
   quit
crypto pki certificate chain TP-self-signed-1981248591
certificate self-signed 01
    (removed the certificate info for clarity)
   quit
crypto pki certificate chain VMWare
certificate ca 008EDCE6DBCE6B
    (removed the certificate info for clarity)
   quit
crypto pki certificate chain OWA
   (removed the certificate info for clarity)
license udi pid CISCO1841 sn FCZ122191TW
archive
log config
hidekeys
username admin privilege 15 password 7 1304131F02023B7B7977
username ali password 7 06070328
redundancy
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 84000
crypto isakmp key admin_123 address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10
crypto ipsec security-association lifetime seconds 28800
crypto ipsec transform-set vpnset esp-3des esp-sha-hmac
crypto ipsec transform-set strongsha esp-3des esp-sha-hmac
crypto dynamic-map mydyn 10
set transform-set strongsha
crypto map Dxb-Auh 1000 ipsec-isakmp dynamic XXXXXXXXXX
interface FastEthernet0/0
description Internal Network (Protected Interface)
ip address 10.236.5.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface FastEthernet0/1
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface ATM0/0/0
no ip address
shutdown
no atm ilmi-keepalive
interface BRI0/1/0
no ip address
encapsulation hdlc
shutdown
interface Virtual-Template1
ip unnumbered Dialer1
peer default ip address dhcp-pool ContosoPool
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2 eap
interface Dialer1
ip ddns update hostname XXXXXXX.dyndns.org
ip ddns update dyndns
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1450
dialer pool 1
ppp pap sent-username vermam password 7 13044E155E0913323B
crypto map Dxb-Auh
interface Dialer2
mtu 1460
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer in-band
dialer idle-timeout 0
dialer string 123
dialer vpdn
dialer-group 2
ppp pfc local request
ppp pfc remote apply
ppp encrypt mppe auto
ppp authentication ms-chap ms-chap-v2 callin
ppp eap refuse
ppp chap hostname hasanreza
ppp chap password 7 070E2541470726544541
interface Dialer995
no ip address
ip local pool webssl 10.236.6.10 10.236.6.30
ip forward-protocol nd
ip http server
ip http secure-server
ip nat inside source list nat interface Dialer1 overload
ip nat inside source static tcp 10.236.5.12 25 interface Dialer1 25
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 172.21.51.0 255.255.255.0 10.236.5.253
ip access-list extended internal
permit ip any 10.236.5.0 0.0.0.255
ip access-list extended nat
deny   ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
deny   ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255
permit ip 10.236.5.0 0.0.0.255 any
ip access-list extended nonat
permit ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255
permit ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
ip access-list extended sslacl
ip access-list extended webvpn
permit tcp any any eq 443
logging esm config
access-list 101 permit ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
control-plane
line con 0
line aux 0
line vty 0 4
exec-timeout 0 0
login local
transport preferred ssh
transport input telnet ssh
line vty 5 15
exec-timeout 0 0
login local
transport preferred ssh
transport input telnet ssh
scheduler allocate 20000 1000
webvpn gateway gateway1
ip interface Dialer1 port 443
ssl encryption rc4-md5
ssl trustpoint TP.StartSSL-vpn
inservice
webvpn install svc flash:/webvpn/anyconnect-win-3.1.00495-k9.pkg sequence 1
webvpn install csd flash:/webvpn/sdesktop.pkg
webvpn context webvpn
ssl authenticate verify all
url-list "Webservers"
   heading "SimpleIT Technologies NBNS Servers"
   url-text "Google" url-value "www.google.com"
   url-text "Mainframe" url-value "10.236.5.2"
   url-text "Mainframe2" url-value "https://10.236.5.2"
nbns-list "ContosoServer"
   nbns-server 10.236.5.10
   nbns-server 10.236.5.11
   nbns-server 10.236.5.12
port-forward "PortForwarding"
   local-port 3389 remote-server "10.236.5.10" remote-port 3389 description "Server-DC01"
policy group policy1
   url-list "Webservers"
   port-forward "PortForwarding"
   nbns-list "ContosoServer"
   functions file-access
   functions file-browse
   functions file-entry
   functions svc-enabled
   svc address-pool "webssl"
   svc default-domain "Contoso.Local"
   svc keep-client-installed
   svc split include 10.236.5.0 255.255.255.0
   svc split include 10.236.6.0 255.255.255.0
   svc split include 172.31.1.0 255.255.255.0
   svc split include 172.21.51.0 255.255.255.0
   svc dns-server primary 172.21.51.10
default-group-policy policy1
gateway gateway1
inservice
end
Gateway#

Dear All,
I have Cisco 1841 router running the below roles
1) SSL VPN Server
2) PPTP Server
3) Site to Site Connection with Sonicwall router
I want the router to be configured a pptp client to internet vpn server (so that i will get a fixed public ip )
Once i get this ip address i want to use this connection to accept in coming connection and forward ports to internal host,
I went through below
http://www.mreji.eu/content/cisco-router-pptp-client
https://supportforums.cisco.com/thread/2167562
But it does not work as i do not have the option for the below 2 commands in vpdn-group 2 section.(Please see section in blue)
protocol pptp
rotary-group 4
Please Advise and Help
Regards
Hasan Reza
My Current Config is as below
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2013.06.09 17:55:23 =~=~=~=~=~=~=~=~=~=~=~=
exit
Gateway#show run |
Building configuration...
Current configuration : 25109 bytes
! Last configuration change at 13:33:57 UTC Sun Jun 9 2013 by admin
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname Gateway
boot-start-marker
boot system flash c1841-advsecurityk9-mz.151-2.T1.bin
boot-end-marker
logging buffered 4096
no logging console
enable secret 5 $1$SciF$TlX1tR5qaG9ZE7pdZHcRJ/
no aaa new-model
dot11 syslog
ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 10.236.5.1 10.236.5.20
ip dhcp excluded-address 10.236.5.21 10.236.5.50
ip dhcp excluded-address 172.21.51.2 172.21.51.50
ip dhcp pool ContosoPool
   network 10.236.5.0 255.255.255.0
   default-router 10.236.5.254
   dns-server 213.42.20.20 195.229.241.222
ip dhcp pool DMZ
   network 172.21.51.0 255.255.255.0
   dns-server 172.21.51.10
   default-router 172.21.51.1
   domain-name contoso.local
ip cef
ip domain name contoso.local
ip name-server 213.42.20.20
ip name-server 195.229.241.22
ip name-server 195.229.241.222
ip ddns update method dyndns
HTTP
add http://xxxxxx:[email protected]/nic/update?system=dyndns&hostname=<h>&myip=<a>
remove http://xxxxxx:yyyyy@@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>
interval maximum 0 1 0 0
multilink bundle-name authenticated
vpdn enable
vpdn-group 2
request-dialin
protocol l2tp
initiate-to ip 173.195.0.42
vpdn-group RAS-VPN
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
l2tp tunnel timeout no-session 15
crypto pki token default removal timeout 0
crypto pki trustpoint TP.StartSSL.CA
enrollment terminal pem
revocation-check none
crypto pki trustpoint TP.StartSSL-vpn
enrollment terminal pem
usage ssl-server
serial-number none
fqdn ssl.spktelecom.com
ip-address none
revocation-check crl
rsakeypair RSA.StartSSL-vpn
crypto pki trustpoint TP-self-signed-1981248591
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1981248591
revocation-check none
rsakeypair TP-self-signed-1981248591
crypto pki trustpoint VMWare
enrollment terminal
revocation-check crl
crypto pki trustpoint OWA
enrollment terminal pem
revocation-check crl
crypto pki certificate chain TP.StartSSL.CA
certificate ca 01
(removed the certificate info for clarity)
   quit
crypto pki certificate chain TP.StartSSL-vpn
certificate 0936E1
    (removed the certificate info for clarity)9
   quit
certificate ca 18
(removed the certificate info for clarity)
   quit
crypto pki certificate chain TP-self-signed-1981248591
certificate self-signed 01
    (removed the certificate info for clarity)
   quit
crypto pki certificate chain VMWare
certificate ca 008EDCE6DBCE6B
    (removed the certificate info for clarity)
   quit
crypto pki certificate chain OWA
   (removed the certificate info for clarity)
license udi pid CISCO1841 sn FCZ122191TW
archive
log config
hidekeys
username admin privilege 15 password 7 1304131F02023B7B7977
username ali password 7 06070328
redundancy
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
lifetime 84000
crypto isakmp key admin_123 address 0.0.0.0 0.0.0.0
crypto isakmp keepalive 10
crypto ipsec security-association lifetime seconds 28800
crypto ipsec transform-set vpnset esp-3des esp-sha-hmac
crypto ipsec transform-set strongsha esp-3des esp-sha-hmac
crypto dynamic-map mydyn 10
set transform-set strongsha
crypto map Dxb-Auh 1000 ipsec-isakmp dynamic XXXXXXXXXX
interface FastEthernet0/0
description Internal Network (Protected Interface)
ip address 10.236.5.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface FastEthernet0/1
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface ATM0/0/0
no ip address
shutdown
no atm ilmi-keepalive
interface BRI0/1/0
no ip address
encapsulation hdlc
shutdown
interface Virtual-Template1
ip unnumbered Dialer1
peer default ip address dhcp-pool ContosoPool
ppp encrypt mppe auto required
ppp authentication ms-chap ms-chap-v2 eap
interface Dialer1
ip ddns update hostname XXXXXXX.dyndns.org
ip ddns update dyndns
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1450
dialer pool 1
ppp pap sent-username vermam password 7 13044E155E0913323B
crypto map Dxb-Auh
interface Dialer2
mtu 1460
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer in-band
dialer idle-timeout 0
dialer string 123
dialer vpdn
dialer-group 2
ppp pfc local request
ppp pfc remote apply
ppp encrypt mppe auto
ppp authentication ms-chap ms-chap-v2 callin
ppp eap refuse
ppp chap hostname hasanreza
ppp chap password 7 070E2541470726544541
interface Dialer995
no ip address
ip local pool webssl 10.236.6.10 10.236.6.30
ip forward-protocol nd
ip http server
ip http secure-server
ip nat inside source list nat interface Dialer1 overload
ip nat inside source static tcp 10.236.5.12 25 interface Dialer1 25
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 172.21.51.0 255.255.255.0 10.236.5.253
ip access-list extended internal
permit ip any 10.236.5.0 0.0.0.255
ip access-list extended nat
deny   ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
deny   ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255
permit ip 10.236.5.0 0.0.0.255 any
ip access-list extended nonat
permit ip 10.236.5.0 0.0.0.255 172.19.19.0 0.0.0.255
permit ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
ip access-list extended sslacl
ip access-list extended webvpn
permit tcp any any eq 443
logging esm config
access-list 101 permit ip 10.236.5.0 0.0.0.255 172.31.1.0 0.0.0.255
control-plane
line con 0
line aux 0
line vty 0 4
exec-timeout 0 0
login local
transport preferred ssh
transport input telnet ssh
line vty 5 15
exec-timeout 0 0
login local
transport preferred ssh
transport input telnet ssh
scheduler allocate 20000 1000
webvpn gateway gateway1
ip interface Dialer1 port 443
ssl encryption rc4-md5
ssl trustpoint TP.StartSSL-vpn
inservice
webvpn install svc flash:/webvpn/anyconnect-win-3.1.00495-k9.pkg sequence 1
webvpn install csd flash:/webvpn/sdesktop.pkg
webvpn context webvpn
ssl authenticate verify all
url-list "Webservers"
   heading "SimpleIT Technologies NBNS Servers"
   url-text "Google" url-value "www.google.com"
   url-text "Mainframe" url-value "10.236.5.2"
   url-text "Mainframe2" url-value "https://10.236.5.2"
nbns-list "ContosoServer"
   nbns-server 10.236.5.10
   nbns-server 10.236.5.11
   nbns-server 10.236.5.12
port-forward "PortForwarding"
   local-port 3389 remote-server "10.236.5.10" remote-port 3389 description "Server-DC01"
policy group policy1
   url-list "Webservers"
   port-forward "PortForwarding"
   nbns-list "ContosoServer"
   functions file-access
   functions file-browse
   functions file-entry
   functions svc-enabled
   svc address-pool "webssl"
   svc default-domain "Contoso.Local"
   svc keep-client-installed
   svc split include 10.236.5.0 255.255.255.0
   svc split include 10.236.6.0 255.255.255.0
   svc split include 172.31.1.0 255.255.255.0
   svc split include 172.21.51.0 255.255.255.0
   svc dns-server primary 172.21.51.10
default-group-policy policy1
gateway gateway1
inservice
end
Gateway#

Help needed with AT&T 3G MicroCell going through 1841 Router

I am trying to get an AT&T 3G MicroCell (made by Cisco) to communicate to the Internet through our Cisco 1841 Router.
The router has only basic NAT and no Firewall setting.
The AT&T 3G MicroCell is not a configurable device and it directly connected to a switch port on the router.
DHCP is supplied to it by the router.
We are using Comcast Business Class modem but it is set as a passive gateway pass through device so by passing the router is not an option.
The MicroCell is unable to establish connectivity with the AT&T auto-configuration on the Internet.
So far AT&T support has not been very helpful or knowledgeable.
Anyone have experience with the MicroCell device and connectivity?
They recommend some advanced settings for UPD and TCP ports but the router shows them as open.
It primarily uses ipsec ports
Any ideas?

I have this same issue with the MicroCell plugged directly into the WAN (DHCP) connection to the house from the ISP...................
I also have this same issue with the unit plugged into the DMZ on the router with pass all, all protocol's in and out .....
My problem is GPS related, as in the new 911 database has "virtually" moved my 2 bedroom house 4 miles east of my "physical" location.
Ain't modern tech great......(now if we could just get people great) only problem with high tech is............GARBAGE IN >> GARBAGE OUT........it still depends on "intelligent" life to program everything.

CUCM express on 1841 router?

As this router is an ISR will call manager express work on it ok?
Thanks

Hi Corey,
CME is not supported on the 1841 (minimum 1861)
Here's why;
Both slots on the Cisco 1841 router are HWIC slots and provide compatibility with WICs and multiflex trunk (VWICs) interface cards
(for data only).
VoIP Support
Voice-over-IP (VoIP) pass-through only
http://www.cisco.com/en/US/prod/collateral/routers/ps5853/product_data_sheet0900aecd8016a59b.html
Cheers!
Rob

Is 1841 router compatible with wic module U WIC -2MFT –G703 ( 2 E1 ports) ?

Hi frainds
I have cisco 1841 router
1841 Software (C1841-ADVSECURITYK9-M), Version 12.4(3g)
ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
with
2 FastEthernet interfaces
2 Serial(sync/async) interfaces
1 Virtual Private Network (VPN) Module
will this router supoort Uwic 2 mft-g703 card ( with 2 E1ports) ,

These are the following modules supported on the 1841.
http://www.cisco.com/en/US/prod/collateral/routers/ps5853/product_data_sheet0900aecd8016a59b.html
The one you listed only works with the 1700 series which is end of life.
"If this post answers your question, please click the "Correct Answer" button"

ACL's ON Cisco 1841 Router

Similar Messages

Maybe you are looking for