Cisco 1841 with 2 public WAN IP's and NAT
OK currently the network is setup as follows:
Zyxel SHDSL Router --> Linksys Router --> 10/100 Switch --> PC's
x.x.x.145/28__________x.x.x.146/28____________________192.168.1.0/24
The Linksys router is running inbound one-to-many PAT (eg. x.x.x.146:80 --> 192.168.1.10:8080)
I'm looking to replace the setup with a Cisco 1841 router. Now normally I would configure the DSL interface as unnumbered to the internal LAN interface and use my public IP addys on this segment then passing through a PIX to NAT into private IP addys.
The problem I have is I want the 1841 to be an all in one box performing DSL, Firewall and NAT functions.
Now I thought I would configure the DSL as unnumbered to FastEthernet0/0 adding a secondary IP address of x.x.x.146/28. Interface configured as NAT outside.
Interface FastEthernet0/1 was configured with 192.168.1.1/24 with NAT inside and connected to the switch.
The problem was is that the FastEthernet0/0 interface line protocol was down as there was no need to connect it to anything.
I then tried assigning the dialer interface a static IP of x.x.x.145/28 and x.x.x.146/28 as a secondary IP running NAT outside. I tried again but during boot up the router said you cant assign a secondary IP to the dialer interface.
So my question is, how would you recommend setting up the interfaces to enable the router to have both x.x.x.145 and 146/28 as public IP's and NAT x.x.x.146:80 to 192.168.1.10:8080?
Any help much appreciated.
Answers:
1) DSL is terminating in the 1841 on a SHDSL WIC
2) No
3) IP is negotiated
4) Below is a config which I believe should work. Any recommended amendments?
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname trackgw
boot-start-marker
boot-end-marker
no aaa new-model
resource policy
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
no ip dhcp use vrf connected
username cisco privilege 15 secret xxx
controller DSL 0/0/0
mode atm
line-term cpe
dsl-mode SHDSL symmetric annex B
line-rate AUTO
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
interface FastEthernet0/1
no ip address
duplex auto
speed auto
interface ATM0/0/0
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
encapsulation ppp
no cdp enable
ppp authentication chap callin
ppp chap hostname username
ppp chap password 0 password
ppp ipcp dns request
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http authentication local
ip nat inside source list nat-acl interface Dialer1 overload
ip nat inside source static tcp 192.168.1.10 8080 x.x.x.146 80
ip access-list extended nat-acl
permit ip 192.168.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
control-plane
line con 0
logging synchronous
login local
transport output all
line aux 0
transport output all
line vty 0 4
privilege level 15
login local
transport input telnet
scheduler max-task-time 5000
end
Similar Messages
-
CISCO 1841 with SHDSL Problem?
Hello,
I´am new in cisco WIC configuration. I have a CISCO 1841 with a interface: 1SHDSL v3 and i want to connect to my ISP over a PPoE encapsulation.
I just make the new interface connection in SDM, but the synchronism with the ISP not work. The ISP tell me that VPI/VCI is 0.35 and the annex is the A.
I live in the Europe, but i think that the annex A is for POTS lines and Annex B for ISDN, right?? My line is ADSL Analog.
My startup-configuration is that:
Router#show run
Building configuration...
Current configuration : 2974 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router
boot-start-marker
boot-end-marker
logging message-counter syslog
no aaa new-model
dot11 syslog
ip source-route
ip cef
no ipv6 cef
multilink bundle-name authenticated
crypto pki trustpoint TP-self-signed-2879799878
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2879799878
revocation-check none
rsakeypair TP-self-signed-2879799878
crypto pki certificate chain TP-self-signed-2879799878
certificate self-signed 01
3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32383739 37393938 3738301E 170D3131 30343233 32303532
33345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 38373937
39393837 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BE34 379A4D5D 1DA98B67 708AF8D4 221F1BE5 C5947EEA FF931EF4 37AD8A2C
C786C8D9 88E97474 D32FE0F0 10C048B9 6F5DA580 55241E61 9B0D849A D9E7182A
04D6C8E0 0C748DC7 0D8B4777 252CD4E1 01A1CEFC D57069CD C1B5E071 E591212D
80BE3A50 9062884E 57F4BF0C C0EFBF12 6509E384 E1196B8B 11C42280 80806D4B
F9290203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603
551D1104 0A300882 06526F75 74657230 1F060355 1D230418 30168014 801FF21F
B68B4902 F183264C 381B00FF 31E04AD1 301D0603 551D0E04 16041480 1FF21FB6
8B4902F1 83264C38 1B00FF31 E04AD130 0D06092A 864886F7 0D010104 05000381
810072E2 23CBEABC B0D8ED1B 09835CAD 6D4D92C7 31880AF1 B9EC00DC 12DBDC2B
637FD4AB 39051AF3 04D3D948 180AB27A FFF66B33 6E44AB03 5280EC27 3C68C054
B365F6E3 5272D96F 9BBBC96E 228CC9C7 84F3CC48 28479B47 D8ADD129 7BF495FF
D8AFCA02 F8096B3C 581E68AA 16A00112 49FCED96 83DD2847 BA07F69D 9195248B EF31
quit
username INEM privilege 15 secret 5 $1$2Jgp$bV.OuBughjgSIOLuCr6Kn16FP.
archive
log config
hidekeys
controller DSL 0/0/0
mode atm
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
interface FastEthernet0/1
description Conection to CISCO SDM
ip address 10.10.10.1 255.255.255.248
ip tcp adjust-mss 1412
duplex auto
speed auto
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
interface ATM0/0/0.1 point-to-point
pvc 0/35
pppoe-client dial-pool-number 1
interface Dialer0
ip address dhcp
ip mtu 1452
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname r353535
ppp chap password 0 xdfgdfg
ppp pap sent-username r353535 password 0 xdfgdfg
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
dialer-list 1 protocol ip permit
control-plane
line con 0
line aux 0
line vty 0 4
login
scheduler allocate 20000 1000
end
Some one can help me please?
thanksHello,
Can you explain me please the reason of my WIC 1SHDSL-v3 not work in ADSL lines ?
Thank you,
Best Regards -
Cisco 1841 with PPP Internet link down
Hi brothers, please help.
We have Cisco 1841 with ATM card connect to Internet . Some days one Dialer interface of ISP is down and only restart router to get Dialer interface up again. I check debug PPP negotiation & see that no inbound packets from ISP.
I really need to fix this issue permanently, not need to restart router to recover Internet.
Thanks!
All line protocol from ATM0/0/0 & Dialer interfaces are up, but Dialer interface cannot get allocated IP addresses.
interface ATM0/0/0
description ISP Internet
no ip address
no atm ilmi-keepalive
dsl operating-mode itu-dmt
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 2
interface Dialer2
description ISP Internet 1
mtu 1492
bandwidth 8000
ip address negotiated
ip nat outside
no ip virtual-reassembly in
encapsulation ppp
dialer pool 2
dialer-group 2
ppp authentication chap callin
ppp chap hostname xxx
ppp chap password 7 xxx
no cdp enable
wr1#show ip int br
Interface IP-Address OK? Method Status Protocol
ATM0/0/0 unassigned YES NVRAM up up
ATM0/1/0 unassigned YES NVRAM up up
Dialer2 unassigned YES IPCP up up
wr1#show int atm0/0/0
ATM0/0/0 is up, line protocol is up
Hardware is HWIC-DSLSAR (with Alcatel ADSL Module), address is 001f.9e87.xxx(bia 001f.9e87.xxx)
Description: ISP Internet
MTU 4470 bytes, sub MTU 4470, BW 832 Kbit/sec, DLY 610 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ATM, loopback not set
Keepalive not supported
Encapsulation(s): AAL5
23 maximum active VCs, 256 VCs per VP, 1 current VCCs
VC Auto Creation Disabled.
VC idle disconnect time: 300 seconds
Last input never, output 23:48:07, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1084
Queueing strategy: Per VC Queueing
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
58124 packets input, 30790858 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 348 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
51848 packets output, 16773091 bytes, 0 underruns
6 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
wr1#show int dia2
Dialer2 is up, line protocol is up (spoofing)
Hardware is Unknown
Description: ISP Internet
Internet address will be negotiated using IPCP
MTU 1492 bytes, BW 8000 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Closed, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 1 seconds on reset
Interface is bound to Vi2
Last input never, output never, output hang never
Last clearing of "show interface" counters 1d00h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: Class-based queueing
Output queue: 0/1000/0 (size/max total/drops)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
52937 packets input, 30470954 bytes
52931 packets output, 17287959 bytes
Bound to:
Virtual-Access2 is up, line protocol is down
Hardware is Virtual Access interface
MTU 1492 bytes, BW 8000 Kbit/sec, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP REQsent
PPPoATM vaccess, cloned from Dialer2
Vaccess status 0x44
Bound to ATM0/0/0 VCD: 1, VPI: 0, VCI: 38, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 5 seconds on reset
Interface is bound to Di2 (Encapsulation PPP)
Last input 00:00:09, output never, output hang never
Last clearing of "show interface" counters 1d00h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 40403
Queueing strategy: Class-based queueing
Output queue: 65/1000/0 (size/max total/drops)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
58124 packets input, 30591958 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
93405 packets output, 17935575 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
syslog for debug ppp negotiation:
2014-09-10 08:49:31 Local7.Notice local IP address 801: wr1.lon: .Sep 10 01:51:33.803: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0/0/0, changed state to down
2014-09-10 08:49:32 Local7.Notice local IP address 804: wr1.lon: .Sep 10 01:51:35.247: %TRACKING-5-STATE: 3 ip sla 3 state Up->Down
2014-09-10 09:13:40 Local7.Error local IP address 808: wr1.lon: Sep 10 02:15:42.646: %LINK-3-UPDOWN: Interface ATM0/0/0, changed state to up
2014-09-10 09:13:40 Local7.Notice local IP address 809: wr1.lon: Sep 10 02:15:43.646: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0/0/0, changed state to up
2014-09-10 09:13:45 Local7.Error local IP address 810: wr1.lon: Sep 10 02:15:48.957: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
2014-09-10 09:13:45 Local7.Debug local IP address 811: wr1.lon: Sep 10 02:15:48.961: Interface Virtual-Access2 max_reserved_bandwidth config will not
2014-09-10 09:13:45 Local7.Debug local IP address 812: wr1.lon: take effect on the queueing features configured via service-policy
2014-09-10 09:13:45 Local7.Info local IP address 813: wr1.lon: Sep 10 02:15:48.965: %DIALER-6-BIND: Interface Vi2 bound to profile Di2
2014-09-10 09:13:45 Local7.Debug local IP address 814: wr1.lon: Sep 10 02:15:48.965: Vi2 PPP: Sending cstate UP notification
2014-09-10 09:13:45 Local7.Debug local IP address 815: wr1.lon: Sep 10 02:15:48.969: Vi2 PPP: Processing CstateUp message
2014-09-10 09:13:45 Local7.Debug local IP address 816: wr1.lon: Sep 10 02:15:48.973: PPP: Alloc Context [662C56A4]
2014-09-10 09:13:45 Local7.Debug local IP address 817: wr1.lon: Sep 10 02:15:48.973: ppp3 PPP: Phase is ESTABLISHING
2014-09-10 09:13:45 Local7.Debug local IP address 818: wr1.lon: Sep 10 02:15:48.973: Vi2 PPP: Using dialer call direction
2014-09-10 09:13:45 Local7.Debug local IP address 819: wr1.lon: Sep 10 02:15:48.973: Vi2 PPP: Treating connection as a callout
2014-09-10 09:13:45 Local7.Debug local IP address 820: wr1.lon: Sep 10 02:15:48.973: Vi2 PPP: Session handle[14000004] Session id[3]
2014-09-10 09:13:45 Local7.Debug local IP address 821: wr1.lon: Sep 10 02:15:48.973: Vi2 LCP: Event[OPEN] State[Initial to Starting]
2014-09-10 09:13:45 Local7.Debug local IP address 822: wr1.lon: Sep 10 02:15:48.973: Vi2 PPP: No remote authentication for call-out
2014-09-10 09:13:45 Local7.Debug local IP address 823: wr1.lon: Sep 10 02:15:48.973: Vi2 LCP: O CONFREQ [Starting] id 1 len 14
2014-09-10 09:13:45 Local7.Debug local IP address 824: wr1.lon: Sep 10 02:15:48.973: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:13:46 Local7.Debug local IP address 825: wr1.lon: Sep 10 02:15:48.973: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:13:46 Local7.Debug local IP address 826: wr1.lon: Sep 10 02:15:48.973: Vi2 LCP: Event[UP] State[Starting to REQsent]
2014-09-10 09:13:48 Local7.Debug local IP address 827: wr1.lon: Sep 10 02:15:50.965: Vi2 LCP: O CONFREQ [REQsent] id 2 len 14
2014-09-10 09:13:48 Local7.Debug local IP address 828: wr1.lon: Sep 10 02:15:50.965: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:13:48 Local7.Debug local IP address 829: wr1.lon: Sep 10 02:15:50.965: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:13:48 Local7.Debug local IP address 830: wr1.lon: Sep 10 02:15:50.965: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:13:50 Local7.Debug local IP address 831: wr1.lon: Sep 10 02:15:52.981: Vi2 LCP: O CONFREQ [REQsent] id 3 len 14
2014-09-10 09:13:50 Local7.Debug local IP address 832: wr1.lon: Sep 10 02:15:52.981: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:13:50 Local7.Debug local IP address 833: wr1.lon: Sep 10 02:15:52.981: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:13:50 Local7.Debug local IP address 834: wr1.lon: Sep 10 02:15:52.981: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:13:52 Local7.Debug local IP address 835: wr1.lon: Sep 10 02:15:54.996: Vi2 LCP: O CONFREQ [REQsent] id 4 len 14
2014-09-10 09:13:52 Local7.Debug local IP address 836: wr1.lon: Sep 10 02:15:54.996: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:13:52 Local7.Debug local IP address 837: wr1.lon: Sep 10 02:15:54.996: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:13:52 Local7.Debug local IP address 838: wr1.lon: Sep 10 02:15:55.000: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:13:54 Local7.Debug local IP address 839: wr1.lon: Sep 10 02:15:57.012: Vi2 LCP: O CONFREQ [REQsent] id 5 len 14
2014-09-10 09:13:54 Local7.Debug local IP address 840: wr1.lon: Sep 10 02:15:57.012: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:13:54 Local7.Debug local IP address 841: wr1.lon: Sep 10 02:15:57.012: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:13:54 Local7.Debug local IP address 842: wr1.lon: Sep 10 02:15:57.012: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:13:56 Local7.Debug local IP address 843: wr1.lon: Sep 10 02:15:59.028: Vi2 LCP: O CONFREQ [REQsent] id 6 len 14
2014-09-10 09:13:56 Local7.Debug local IP address 844: wr1.lon: Sep 10 02:15:59.028: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:13:56 Local7.Debug local IP address 845: wr1.lon: Sep 10 02:15:59.028: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:13:56 Local7.Debug local IP address 846: wr1.lon: Sep 10 02:15:59.028: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:13:58 Local7.Debug local IP address 847: wr1.lon: Sep 10 02:16:01.044: Vi2 LCP: O CONFREQ [REQsent] id 7 len 14
2014-09-10 09:13:58 Local7.Debug local IP address 848: wr1.lon: Sep 10 02:16:01.044: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:13:58 Local7.Debug local IP address 849: wr1.lon: Sep 10 02:16:01.044: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:13:58 Local7.Debug local IP address 850: wr1.lon: Sep 10 02:16:01.044: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:14:00 Local7.Debug local IP address 851: wr1.lon: Sep 10 02:16:03.060: Vi2 LCP: O CONFREQ [REQsent] id 8 len 14
2014-09-10 09:14:00 Local7.Debug local IP address 852: wr1.lon: Sep 10 02:16:03.060: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:14:00 Local7.Debug local IP address 853: wr1.lon: Sep 10 02:16:03.060: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:14:00 Local7.Debug local IP address 854: wr1.lon: Sep 10 02:16:03.060: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:14:02 Local7.Debug local IP address 855: wr1.lon: Sep 10 02:16:05.075: Vi2 LCP: O CONFREQ [REQsent] id 9 len 14
2014-09-10 09:14:02 Local7.Debug local IP address 856: wr1.lon: Sep 10 02:16:05.075: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:14:02 Local7.Debug local IP address 857: wr1.lon: Sep 10 02:16:05.075: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:14:02 Local7.Debug local IP address 858: wr1.lon: Sep 10 02:16:05.075: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:14:04 Local7.Debug local IP address 859: wr1.lon: Sep 10 02:16:07.091: Vi2 LCP: O CONFREQ [REQsent] id 10 len 14
2014-09-10 09:14:04 Local7.Debug local IP address 860: wr1.lon: Sep 10 02:16:07.091: Vi2 LCP: MRU 1492 (0x010405D4)
2014-09-10 09:14:04 Local7.Debug local IP address 861: wr1.lon: Sep 10 02:16:07.091: Vi2 LCP: MagicNumber 0x24FF1F46 (0x050624FF1F46)
2014-09-10 09:14:04 Local7.Debug local IP address 862: wr1.lon: Sep 10 02:16:07.091: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
2014-09-10 09:14:06 Local7.Debug local IP address 863: wr1.lon: Sep 10 02:16:09.107: Vi2 PPP DISC: LCP failed to negotiate
2014-09-10 09:14:06 Local7.Debug local IP address 864: wr1.lon: Sep 10 02:16:09.107: PPP: NET STOP send to AAA.
2014-09-10 09:14:06 Local7.Debug local IP address 865: wr1.lon: Sep 10 02:16:09.107: Vi2 PPP: No remote authentication for call-out
2014-09-10 09:14:06 Local7.Debug local IP address 866: wr1.lon: Sep 10 02:16:09.107: Vi2 LCP: Event[Timeout-] State[REQsent to Stopped]
2014-09-10 09:14:06 Local7.Debug local IP address 867: wr1.lon: Sep 10 02:16:09.107: Vi2 LCP: Event[DOWN] State[Stopped to Starting]
2014-09-10 09:14:06 Local7.Debug local IP address 868: wr1.lon: Sep 10 02:16:09.107: Vi2 PPP: Phase is DOWNHello ,
As line comes up after reloading the device this does not looks like configuration issue but hardware .
Either connection between ATM card and modem is getting idle or some issue with ATM card .
Did you try replacing ATM card with a spare one to see if issue persists .
HTH
Sunil Bhadauria
! Kindly rate all helpful posts and accordingly mark correct answers to help forum ! -
RV042G fails to work with Public Wan IP when connected to Cisco SG300
Am using a RV042G with a Fiber Optic connection terminated on WAN1 It was working fine untill received a new IP pool . When we configure with the ip on wan 1 and connect the SG300 the WAN Status shows connected but no internet connection. The wan ip doesnt work. If i replace the RV042G with a Netgear Firewall router The connection works fine with the WAN IP.
The network connection is very simple. What is that is not letting RV042G work with SG300?Hi Tom, Thanks for the reply.
Yes when I connect a computer directly to the RV042G it works fine but as I connect back the SG300 to one of the ports the Internet goes down.
The SG300 is not working on Layer 3.
I tried Different ports but the same result.
This RV042G was working fine with the fiber optic line, We just requested the ISP to increase the Public IP pool and they Gave us New IP's. Nothing changed Just set the WAN1 to one of the new IP and it fails to work if connected with the switch
I removed the switch and connected the RVS4000 directly to RV42G and the users of RVS4000 have no issues. Not a single thing has been changed Just the new IP On wan.
I have upgraded the router, rest and configured internet settings i.e Changed wan IP but no go.
Thanks Sachin -
SRP541W WAN Load Balancing and NAT
Hello All,
New to the forums. Thanks for taking the time to read my post. I recently switched my office over from a RV042 to SRP541W. We have 2 DSL lines and have used the Load Balance feature on the RV42 to make the best of the connecton speeds. When setting up the SRP541W when i select load balancing it tells me NAT should be disabled. Why is that? I see a place to input static routes but Im not entirly sure what needs to be done here to set this up correctly. Any input would be appriciated. Also right off the bat we had some issues with access to Google Docs and Mail. I think its becuase those sites dont like seeing access from multiple IPs (fromt the Dual WAN) so I set up a entry in Policy Routing directing all traffic from port 443 to go through one WAN, is this the right way to do this?
Thanks!
Mike-Dear Mike,
Thank you and welcome to the Small Business Support Community.
It is possible to configure load balancing with NAT, however in this case, remote internet servers will potentially see sessions from remote hosts behind the SRP541W coming from different source IP addresses (the WAN IP addresses), causing the sessions to be reset unexpectedly.
The Policy Routing setting you setup is exactly what I would do in your case.
I hope these answer your question and please do not hesitate to reach me back if there is anything else I may assist you with.
Kind regards,
Jeffrey Rodriguez S. .:|:.:|:.
Cisco Customer Support Engineer
*Please rate the Post so other will know when an answer has been found. -
Cisco ASA Site to Site IPSEC VPN and NAT question
Hi Folks,
I have a question regarding both Site to Site IPSEC VPN and NAT. Basically what I want to achieve is to do the following:
ASA2 is at HQ and ASA1 is a remote site. I have no problem setting up a static static Site to Site IPSEC VPN between sites. Hosts residing at 10.1.0.0/16 are able to communicate with hosts at 192.168.1.0/24, but what i want is to setup NAT with IPSEC VPN so that host at 10.1.0.0/16 will communicate with hosts at 192.168.1.0/24 with translated addresses
Just an example:
Host N2 (10.1.0.1/16) will communicate with host N1 192.168.1.5 with destination lets say 10.23.1.5 not 192.168.1.5 (Notice the last octet should be the same in this case .5)
The same translation for the rest of the communication (Host N2 pings host N3 destination ip 10.23.1.6 not 192.168.1.6. again last octet is the same)
It sounds a bit confusing for me but i have seen this type of setup before when I worked for managed service provider where we had connection to our clients (Site to Site Ipsec VPN with NAT, not sure how it was setup)
Basically we were communicating with client hosts over site to site VPN but their real addresses were hidden and we were using translated address as mentioned above 10.23.1.0/24 instead of (real) 192.168.1.0/24, last octet should be the same.
Appreciate if someone can shed some light on it.Hi,
Ok so were going with the older NAT configuration format
To me it seems you could do the following:
Configure the ASA1 with Static Policy NAT
access-list L2LVPN-POLICYNAT permit ip 192.168.1.0 255.255.255.0 10.1.0.0 255.255.0.0
static (inside,outside) 10.23.1.0 access-list L2LVPN-POLICYNAT
Because the above is a Static Policy NAT it means that the translation will only be done when the destination network is 10.1.0.0/16
If you for example have a basic PAT configuration for inside -> outside traffic, the above NAT configuration and the actual PAT configuration wont interfere with eachother
On ASA2 side you can normally configure NAT0 / NAT Exemption for the 10.1.0.0/16 network
access-list INSIDE-NONAT remark L2LVPN NONAT
access-list INSIDE-NONAT permit ip 10.1.0.0 255.255.0.0 10.23.1.0 255.255.255.0
nat (inside) 0 access-list INSIDE-NONAT
You will have to take into consideration that your access-list defining the L2L-VPN encrypted traffic must reflect the new NAT network
ASA1: access-list L2LVPN-ENCRYPTIONDOMAIN permit ip 10.23.1.0 255.255.255.0 10.1.0.0 255.255.0.0
ASA2: access-list L2LVPN-ENCRYPTIONDOMAIN permit ip 10.1.0.0 255.255.0.0 10.23.1.0 255.255.255.0
I could test this setup tomorrow at work but let me know if it works out.
Please rate if it was helpful
- Jouni -
Problem with passive mode FTP server and NAT
Hi,
I have a problem with Passive mode FTP and NAT.
I am trying to run both an FTP server and sharing the Internet connection via NAT. I have by the way specified the passive ports to use in ftpaccess (65000-65534). Everything works fine until someone tries to connect via Passive mode. I have tracked the problem down to the firewall and the rule that handles NAT.
Firewall rule config without NAT:
00001 allow udp from any 626 to any dst-port 626
01000 allow ip from any to any via lo0
12300 allow ip from any to any
65535 allow ip from any to any
Firewall rule config with NAT
00001 allow udp from any 626 to any dst-port 626
00010 divert 8668 ip from any to any via en1
01000 allow ip from any to any via lo0
12300 allow ip from any to any
65535 allow ip from any to any
So, passive ports do not work when NAT is on. If I turn it off, Passive ftp works like a charm.
But how do I solve my problem? I have in my quest for the answer stumbled upon "-punch_fw" but do not know how to use it or if it even helps me at all?
Best regards,
Peter
B&W G3 Mac OS X (10.4.5)Media/Lacrosse-1-tiny.3gp
I can't find the file on your server.
They may also need to edit the .htaccess file to allow the .3gp file extension be used. Call them. -
Configuring - Cisco 2921 with Switch Module/POE PS and 3750-x 24 port switch
This is what I have
- Cisco 2921 router
with SM-ES2-24-P switch module and
POE power supply
-Cisco 3750x- 24 port Switch
I have port G1/0 (which connects to 24p Switch Module port g0/26 logically) configured with 3 sub interfaces (management, User and VOIP)
I want to connect 3750x to G0/1 on 2921 via fiber GBIC but want to use same three VLANs
I can not daisy chain 3750x via the switch module because it does not have fiber port.
I do not want to create another routed (g0/1) interface because I want to keep Users on both switches on the same subnet without further splitting the subnet in two.
I hope I am not making this confusing.
How can I bridge g1/0 and g0/1 so I can pass vlan traffic between two switches?
Second problem i have is ...
I have a VOIP connected to switch module (SM) and it is not getting any power.
I went in to all the interfaces on SM and issued power inline auto command
On the SM (sh power inline) - available is 0.0(w)
on the 2921 (sh power inline)
- power supply status is good,
- maximun power available is 280.
- interface G1/0( which connects to SM)
*device is unknown
* powered off
* allocated 0.0 watts.
I already tried resetting SM
Is there any other command I need to issue?
thanks for your help.I'm having a similar issue. I can get trunked connectivity between the switch module and the router if I put the IP address on the router sub interface, but not if I put it on a VLAN interface. I was hoping to have it on a VLAN sub interface on the router so I could use Gig0/1 and Gig0/2 to connect other switches and have them on the same VLANs. I'm using Gig1/0 on the router side and Gig0/51 on the switch side (48-port module).
Any help? Am I on the wrong track altogether? -
Cisco 5508 with 7.0.98.0 and GTK interval
I am looking where I can change the GTK interval for my controller. Any pointers, appreciated.
You cannot.
It was possible on IOS but for some reason, it's not anymore on controllers.
Sorry.
Nicolas
===
Don't forget to rate answers that you find useful -
Proper setup for a network with Public Static IPs and Private IPs
hello all-
i am trying to setup a network with public static IP addresses and local (internal) IP addresses with 192.168.xxx.xxx format. i will try to explain as best i can how i have it set up and what my issues are.
i have COX business services in my home and 8 static public IPs assigned to me. i have tried setting this up and everything internally (192.168.xxx.xxx) works fine and all the devices can get to the outside world fine but when i try to access ANY of the devices on the public IPs from outside the network i get absolutely nothing. the browser just times out and i cannot ping the devices even though COX can see and says the devices are bridging over. COX is unable to get a response when they ping the devices either.
one of the devices is a Synology NAS with one Ethernet port that is using a public IP and the other using a 192.168.xxx.xxx address. when the Ethernet port is setup using a static public IP COX can see it but they get no response from a ping and when they go to the address to get the login page the browser times out. when i reconfigure the port for DHCP it grabs a public DHCP address and when COX pings that they get a response AND they are able to type the DHCP adress in their browser and get to the login page no problem. when i switch back to the static IP they can see it but again are unable to get a response from a ping and are unable to go to the login page.
my setup is:
COX Modem (only has 1 Ethernet port) ====>> 8 port NETGEAR Gigabit switch (all devices with Public IPs are plugged into the NETGEAR switch)
NETGEAR switch ====>> WAN Port on Airport Extreme (latest version w/all software updates)
LAN Port Airport Extreme ====>> CISCO 2960 48 port Gigabit Switch (all internal devices are plugged into the CISCO switch)
like i said everything with the 192.168.xxx.xxx connects and i can connect to just fine but none of the devices with public static IPs can be pinged even though COX can see them bridging over. i have tried all new cables on the devices and that didn't work so it has to be something with my setup.
do i need to add another router to this configuration because i have extra airport extremes lying around i can use if someone could just tell me how the setup should be. i also have a few ports open on the CISCO switch; is there a way i can use it for the 4-5 devices that have public IPs? or will that cause a problem with all the other devices plugged into it with the 192.168.xxx.xxx IP addresses?
i'm not a networking guru (obviously) so if you are able to help me get this setup properly can you try not to use Doctoral Level syntax in your response? i would greatly appreciate it!
i appreciate any and all help... thx in advance!Duplicate posts.
Go HERE. -
How to setup Cisco IOS with multi public IP's
I'd like to set up a little network environment. We have bought 2 different subnet from our ISP.
The WAN internet connection: xx.yy.81.61/26
WAN gateway: xx.yy.81.1
First subnet : xx.yy.81.80/30 (this has the same first 3 octet as the WAN, probably doesn't count, because it is a different subnet)
Second subnet : zz.uu.156.48/29
As you can see in the first diagram, the xx.yy.81.61/26 is assigned to the CISCO's outside(WAN) interface, the internet connection is alive, all hosts in LAN have internet connection. We want to assign some hosts with public IP address (for webserver sake). I'm not familiar with networking, so please forgive me if I make some silly questions. In brackets, I make the cisco router setup with the "Cisco Configuration Professional 2.8" PC program.
|
| ADSL or Optical cable (fiber link)
|
+-----+
| | modem
| |
+-----+
|
| WAN (xx.yy.81.61/26)
| Gateway(xx.yy.81.1)
|
+----------+
| |
| | CISCO 881 (router/firewall)
| | IOS 15.2(4)M6
| |
+----------+
|
|
-----+------------- our local LAN segment (vlan)
10.10.10.1/24
I want to set up the CISCO:
- The question is, that how can i make my subnets alive? I just want to transmit(NAT) some public IP from subnet to specific HOST computer(or inverse?). I have made the NAT rules (zz.uu.156.50 <- 10.10.10.xxx), but no result, the public IP is unreachable(no ping, no traceroute).
- Do I have to assign a second IP(virtual) address from subnets to the outside interface(WAN). If yes, than how? Or my ISP has to route the subnets to my WAN IP address(xx.yy.81.61) ?
The truth is that the original setup was different, as you can see in the second diagram. In this case the both subnet was alive. Now, I unmounted the ISP owned HP router and I attached the CISCO directly to the modem output(first diagram), because we had some DNS issues and I think it is unnecessary to be 2 router sequentially. Please indicate if i was wrong.
I mention, that by the original setup, I could access the HP router (only the login interface) from internet with the first IP of the subnets (xx.yy.81.81 from the first subnet and zz.uu.156.49 from the second subnet).
|
| ADSL or Optical cable (fiber link)
|
+-----+
| | modem
| |
+-----+
|
|
|
+-------+
| | blackbox, no acces
| | ISP owned HP router
| |
+-------+
|
| WAN (xx.yy.81.82/30) or WAN (zz.uu.156.50/29)
| Gateway(xx.yy.81.81) Gateway(zz.uu.156.49)
|
+----------+
| |
| | CISCO 881 (router/firewall)
| | IOS 15.2(4)M6
| |
+----------+
|
|
-----+------------- our local LAN segment
10.10.10.1/24
Thanks for any answer or suggestion!Hey,
Proxy-ARP should take care of this!
As long as you assign the NAT rules into the IOS Router it should start replying to any ARP request to those IPs on different subnets.
Of course the ISP should forward this ARP requests to you!
So make sure Proxy-ARP is enabled in the WAN interface and you should be good to go (as long as the NAT rules are good).
Regards,
Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2-CCNP, JNCIS-SEC
For inmediate assistance hire us at http://i-networks.us -
Cannot establish multiple simultaneous PPTP connections with the CISCO 1841.
Hello everyone;
I have recently tested a PPTP connection with a CISCO 1841 router and got success. I have configured a windows 7 client and successfully connected to the router and was able to access the documents in the server PC that I have mentioned in the attached diagram. I have created number of different users in the CISCO 1841 too. While some one is having a connection, another user cannot connect to it, which means multiple simultaneous connections aren't possible. Do I have to create a ACL for the PPTP and if yes, How ?
FastEthernet0/0 is up, line protocol is up
Internet address is 192.168.100.1/25
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is 100
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
Inbound inspection rule is SDM_LOW
--------------------------------------------------------------------------------------------ACL 100-----------------------------
deny icmp any any echo-reply
deny ip host 255.255.255.255 any
deny ip 127.0.0.0 0.255.255.255 any
deny ip host 66.163.169.186 any
permit ip any any (122467027 matches)As long as you have the inspection engine enabled on the ASA, it shouldn't freak out of the different IP as it will inspect the call signalling and will NAT it accordingly, BUT, for simplicity, I agree with you, it would cause a lot of troubleshooting headache if there is problem as well as reconfiguration of IP on the host ends.
Here is the NAT FYI:
object network obj-10.10.96.0
subnet 10.10.96.0 255.255.255.0
object network obj-192.168.96.0
subnet 192.168.96.0 255.255.255.0
object network obj-10.10.14.0
subnet 10.10.14.0 255.255.255.0
object network obj-10.1.0.0
subnet 10.1.0.0 255.255.255.0
object network obj-192.168.1.0
subnet 192.168.1.0 255.255.255.0
object network obj-10.10.11.0
subnet 10.10.11.0 255.255.255.0
object network obj-192.168.11.0
subnet 192.168.11.0 255.255.255.0
nat (inside,outside) source static obj-10.10.96.0 obj-192.168.96.0 destination static obj-10.10.14.0 obj-10.10.14.0
nat (inside,outside) source static obj-10.1.0.0 obj-192.168.1.0 destination static obj-10.10.14.0 obj-10.10.14.0
nat (inside,outside) source static obj-10.10.11.0 obj-192.168.11.0 destination static obj-10.10.14.0 obj-10.10.14.0 -
QOS on Cisco 1841 between MS TMG and managed Cisco 1841?
Replicating our VM data from our Site A to a Hosted Provider (Site B) for DR purposes.
Crude annotaion of our network:
VIRTUAL HOSTS-----NORTEL L3 SWITCH-----MS TMG 2010 EDGE FIREWALL-----ISP MANAGED CISCO 1841-------------------CLOUD---------------SITE B
At times the replication traffic is hogging the connection and causing degraded performance for VPN clients amongst other things.
TMG 2010 doesn't support QOS and we cannot make any changes to the ISP managed Cisco router, nor can we request changes to be made.
My plan was to get a hold of a small switch that supported QOS and place this between the MS TMG and the managed router but we actually have another Cisco 1841 sitting doing nothing, would I be able to use the spare 1841 for this purpose?
Many thanks
SteveDisclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
10 Mbps is around the limits of an 1841. It might or might not have enough capacity. You could try using it and monitor its CPU when it's dealing with saturated 10 Mbps.
You can police or shape before the 10 Mbps bottleneck. That will insure you can guarantee bandwidth for the non-replication traffic.
You can only police after the 10 Mbps bottleneck. If the replication traffic is TCP based, dropped packets should slow the sender, but the sender can often still burst saturate the link before it detects the drops and slows. If you set a very low bandwidth allowance for the replication traffic, you can often keep it from burst saturating the link. The other issue with policing, it cannot dynamically allow bandwidth utilization (i.e. prioritization) as you can do with a shaper.
If most of the replication traffic bandwidth consumption is one way, insert the 1841 anywhere upstream (where all traffic will pass through it) of the 10 Mbps bottleneck, and shape or police. I would recommend shaping with a very low bandwidth allowance for replication (e.g. 1%). This will allow replication traffic to use all 10 Mbps, but any other traffic will get priority.
If the replication traffic bandwidth consumption is two way, you'll really want a 2nd device, on the other side of the bottle neck.
PS:
BTW, in lieu of shaping, having your upstream (of bottleneck) also with a physical 10 Mbps interface works even better. Again, de-prioritize the replication traffic.
e.g.
class-map replication
match
policy-map phy-10m
class replication
bandwidth percent 1
(optionally random-detect)
class class-default
fair-queue
int 10m
service-policy output replication -
Connection issue between Cisco 515 Pix and Cisco 1841 router
Hi,
I am having a problem getting a Cisco Pix 515 communicating to a Cisco 1841. I am currently studying for CCNA so forgive me if it's obvious to the rest of you where the problem lies.
The client currently has an ISDN service which is being moved over to a 2MB E1 connection.
I have configured the 1841 router with G.703 WIC according to the information given to me by the ISP. I have configured the 1841 to have the same internal IP as the ISDN Cisco 800 series router, hoping for a simple swap over. The Pix 515 sits behind the ISDN at present and will be behind the 1841 when it is active.
Once I unplug the 800 series ISDN router and plug the 1841 into the pix, I cannot get any response what so ever. I have tried changing the ethernet connection speeds between the pix and 1841 hoping it would be as simple as that without success. Can't get ping responses from either end but I can when the ISDN service is plugged in. Both ISDN and E1 link are supplied by the same ISP, Telstra Australia and the fixed IP's are able to move over to the E1 service.
I have not touched the pix in any way. A seperate company configured the router a couple of years ago.
I have included the configurations of the existing ISDN, Pix and the 1841 for you to review. Any advise/solutions would be greatly appreciated.
Thanks in Advance,Hi,
The outside interface on your PIX is configured as 10BaseT which would be fine when using the original 800 series ISDN router.
Now with your new 1841, the interface that the PIX connects to is Fast Ethernet so you need to change your outside interface on the PIX to the same
If you want to use auto negotiation between the PIX and router then the command to do this on the PIX is
interface ethernet0 auto
I recommend using hard coded settings between the PIX and router and the command to do this on this PIX is
interface ethernet0 100full
You will also need to change your router as:
interface FastEthernet0/0
speed 100
duplex full
If you can't configure the PIX as you mentioned an external company did it, then i guess you could change your Fast Ethernet interface to "speed 10", "duplex half".
This won't create a bottleneck as you only have a 2 MB connection to your ISP
Everything else looks good, don't worry about asking questions on the forum, this is what its for.
HTH
Paddy -
We are working on a capacity planning project for one of our customers and we need an estimate on the maximum number of PVCs supported in the following situations:
a)Cisco BPX 8620 and 8680 chassis with BCC-4V 128MB DRAM and 4 MB BRAM ?
b)Maximum number of PVC's supported by each of the following STM-1 cards:
- model BXM-155-4D and 4DX ?
- model BXM-155-8D and 8DX ?a)It depends upon software level. b) 16,000 per card, With release 9.3:
60K Connections Support on BXM-E—Provides the ability to support a maximum of 60K per card for VSI applications for the BPX 8600, for example, PNNI or MPLS, used on enhanced BXM-E cards.
Maybe you are looking for
-
I have an iphone 4 16 gb and got an ipod touch 64 gb because i needed more momory. i need to sycn everything from my iphone 4 to my ipod touch 5th gen i just bought. i just downloaded the latest version of itunes as well. To be honest, the newest
-
Jumping to First & Last Pages of a PDF Doc.
I am using Acrobat 9 Pro with Windows XP Pro. In Acrobat 8 Standard, I was able to jump to the first or last pages of a documents without have to use the page navigation arrows. Can I jump to the first and last pages of a PDF doc. in Acrobat 9 Pro? I
-
[picture removed by host] Why does my computer not want to download anything? It says " could not be downloaded". No explanation, or anything! Might be my settings but, Im not real computer savey! Im trying to download the flash player!!!! Help!? T
-
Optical out via the headphone socket?
Hi does anyone know whether the G4 power pc 12 inch laptops have an optical out via the headphone socket as per later machines? only guessing re the os, may be even earlier. cheers Nigel.
-
Is this a good design -- XI and another EAI tool in the same landscape
Hi All, I am working in a project wherein the client already has an EAI tool which is based on SOA(Web Services). They are implementing SAP systems in their landscape. They now want to use SAP XI in the landscape for the purpose of integration. They