Cisco 1841 with 2 public WAN IP's and NAT

OK currently the network is setup as follows:
Zyxel SHDSL Router --> Linksys Router --> 10/100 Switch --> PC's
x.x.x.145/28__________x.x.x.146/28____________________192.168.1.0/24
The Linksys router is running inbound one-to-many PAT (eg. x.x.x.146:80 --> 192.168.1.10:8080)
I'm looking to replace the setup with a Cisco 1841 router. Now normally I would configure the DSL interface as unnumbered to the internal LAN interface and use my public IP addys on this segment then passing through a PIX to NAT into private IP addys.
The problem I have is I want the 1841 to be an all in one box performing DSL, Firewall and NAT functions.
Now I thought I would configure the DSL as unnumbered to FastEthernet0/0 adding a secondary IP address of x.x.x.146/28. Interface configured as NAT outside.
Interface FastEthernet0/1 was configured with 192.168.1.1/24 with NAT inside and connected to the switch.
The problem was is that the FastEthernet0/0 interface line protocol was down as there was no need to connect it to anything.
I then tried assigning the dialer interface a static IP of x.x.x.145/28 and x.x.x.146/28 as a secondary IP running NAT outside. I tried again but during boot up the router said you cant assign a secondary IP to the dialer interface.
So my question is, how would you recommend setting up the interfaces to enable the router to have both x.x.x.145 and 146/28 as public IP's and NAT x.x.x.146:80 to 192.168.1.10:8080?
Any help much appreciated.

Answers:
1) DSL is terminating in the 1841 on a SHDSL WIC
2) No
3) IP is negotiated
4) Below is a config which I believe should work. Any recommended amendments?
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname trackgw
boot-start-marker
boot-end-marker
no aaa new-model
resource policy
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
no ip dhcp use vrf connected
username cisco privilege 15 secret xxx
controller DSL 0/0/0
mode atm
line-term cpe
dsl-mode SHDSL symmetric annex B
line-rate AUTO
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
interface FastEthernet0/1
no ip address
duplex auto
speed auto
interface ATM0/0/0
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
encapsulation ppp
no cdp enable
ppp authentication chap callin
ppp chap hostname username
ppp chap password 0 password
ppp ipcp dns request
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http authentication local
ip nat inside source list nat-acl interface Dialer1 overload
ip nat inside source static tcp 192.168.1.10 8080 x.x.x.146 80
ip access-list extended nat-acl
permit ip 192.168.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
no cdp run
control-plane
line con 0
logging synchronous
login local
transport output all
line aux 0
transport output all
line vty 0 4
privilege level 15
login local
transport input telnet
scheduler max-task-time 5000
end

Similar Messages

  • CISCO 1841 with SHDSL Problem?

    Hello,
    I´am new in cisco WIC configuration. I have a CISCO 1841 with a interface: 1SHDSL v3 and i want to connect to my ISP over a PPoE encapsulation.
    I just make the new interface connection in SDM, but the synchronism with the ISP not work. The ISP tell me that VPI/VCI is 0.35 and the annex is the A.
    I live in the Europe, but i think that the annex A is for POTS lines and Annex B for ISDN, right?? My line is ADSL Analog.
    My startup-configuration is that:
    Router#show run
    Building configuration...
    Current configuration : 2974 bytes
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname Router
    boot-start-marker
    boot-end-marker
    logging message-counter syslog
    no aaa new-model
    dot11 syslog
    ip source-route
    ip cef
    no ipv6 cef
    multilink bundle-name authenticated
    crypto pki trustpoint TP-self-signed-2879799878
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-2879799878
    revocation-check none
    rsakeypair TP-self-signed-2879799878
    crypto pki certificate chain TP-self-signed-2879799878
    certificate self-signed 01
      3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
      31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
      69666963 6174652D 32383739 37393938 3738301E 170D3131 30343233 32303532
      33345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
      4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 38373937
      39393837 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
      8100BE34 379A4D5D 1DA98B67 708AF8D4 221F1BE5 C5947EEA FF931EF4 37AD8A2C
      C786C8D9 88E97474 D32FE0F0 10C048B9 6F5DA580 55241E61 9B0D849A D9E7182A
      04D6C8E0 0C748DC7 0D8B4777 252CD4E1 01A1CEFC D57069CD C1B5E071 E591212D
      80BE3A50 9062884E 57F4BF0C C0EFBF12 6509E384 E1196B8B 11C42280 80806D4B
      F9290203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603
      551D1104 0A300882 06526F75 74657230 1F060355 1D230418 30168014 801FF21F
      B68B4902 F183264C 381B00FF 31E04AD1 301D0603 551D0E04 16041480 1FF21FB6
      8B4902F1 83264C38 1B00FF31 E04AD130 0D06092A 864886F7 0D010104 05000381
      810072E2 23CBEABC B0D8ED1B 09835CAD 6D4D92C7 31880AF1 B9EC00DC 12DBDC2B
      637FD4AB 39051AF3 04D3D948 180AB27A FFF66B33 6E44AB03 5280EC27 3C68C054
      B365F6E3 5272D96F 9BBBC96E 228CC9C7 84F3CC48 28479B47 D8ADD129 7BF495FF
      D8AFCA02 F8096B3C 581E68AA 16A00112 49FCED96 83DD2847 BA07F69D 9195248B EF31
            quit
    username INEM privilege 15 secret 5 $1$2Jgp$bV.OuBughjgSIOLuCr6Kn16FP.
    archive
    log config
      hidekeys
    controller DSL 0/0/0
    mode atm
    interface FastEthernet0/0
    no ip address
    shutdown
    duplex auto
    speed auto
    interface FastEthernet0/1
    description Conection to CISCO SDM
    ip address 10.10.10.1 255.255.255.248
    ip tcp adjust-mss 1412
    duplex auto
    speed auto
    interface ATM0/0/0
    no ip address
    no atm ilmi-keepalive
    interface ATM0/0/0.1 point-to-point
    pvc 0/35
      pppoe-client dial-pool-number 1
    interface Dialer0
    ip address dhcp
    ip mtu 1452
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    ppp authentication chap pap callin
    ppp chap hostname r353535
    ppp chap password 0 xdfgdfg
    ppp pap sent-username r353535 password 0  xdfgdfg
    ip forward-protocol nd
    ip http server
    ip http authentication local
    ip http secure-server
    dialer-list 1 protocol ip permit
    control-plane
    line con 0
    line aux 0
    line vty 0 4
    login
    scheduler allocate 20000 1000
    end
    Some one can help me please?
    thanks

    Hello,
    Can you explain me please the reason of my WIC 1SHDSL-v3 not work in ADSL lines ?
    Thank you,
    Best Regards

  • Cisco 1841 with PPP Internet link down

    Hi brothers, please help.
    We have Cisco 1841 with ATM card connect to Internet . Some days one Dialer interface of  ISP is down and only restart router to get Dialer interface up again. I check debug PPP negotiation & see that no inbound packets from ISP.
    I really need to fix this issue permanently, not need to restart router to recover Internet.
    Thanks!
    All line protocol from ATM0/0/0 & Dialer interfaces are up, but Dialer interface cannot get allocated IP addresses.
    interface ATM0/0/0
     description ISP Internet
     no ip address
     no atm ilmi-keepalive
     dsl operating-mode itu-dmt
     pvc 0/38
      encapsulation aal5mux ppp dialer
      dialer pool-member 2
    interface Dialer2
     description ISP Internet 1
     mtu 1492
     bandwidth 8000
     ip address negotiated
     ip nat outside
     no ip virtual-reassembly in
     encapsulation ppp
     dialer pool 2
     dialer-group 2
     ppp authentication chap callin
     ppp chap hostname xxx
     ppp chap password 7 xxx
     no cdp enable
    wr1#show ip int br
    Interface                  IP-Address      OK? Method Status                Protocol
    ATM0/0/0                   unassigned      YES NVRAM  up                    up      
    ATM0/1/0                   unassigned      YES NVRAM  up                    up      
    Dialer2                    unassigned      YES IPCP   up                    up     
    wr1#show int atm0/0/0
    ATM0/0/0 is up, line protocol is up
      Hardware is HWIC-DSLSAR (with Alcatel ADSL Module), address is 001f.9e87.xxx(bia 001f.9e87.xxx)
      Description: ISP Internet
      MTU 4470 bytes, sub MTU 4470, BW 832 Kbit/sec, DLY 610 usec,
         reliability 255/255, txload 1/255, rxload 1/255
      Encapsulation ATM, loopback not set
      Keepalive not supported
      Encapsulation(s): AAL5
      23 maximum active VCs, 256 VCs per VP, 1 current VCCs
      VC Auto Creation Disabled.
      VC idle disconnect time: 300 seconds
      Last input never, output 23:48:07, output hang never
      Last clearing of "show interface" counters never
      Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 1084
      Queueing strategy: Per VC Queueing
      5 minute input rate 0 bits/sec, 0 packets/sec
      5 minute output rate 0 bits/sec, 0 packets/sec
         58124 packets input, 30790858 bytes, 0 no buffer
         Received 0 broadcasts (0 IP multicasts)
         0 runts, 0 giants, 0 throttles
         0 input errors, 348 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
         51848 packets output, 16773091 bytes, 0 underruns
         6 output errors, 0 collisions, 0 interface resets
         0 unknown protocol drops
         0 output buffer failures, 0 output buffers swapped out
    wr1#show int dia2
    Dialer2 is up, line protocol is up (spoofing)
      Hardware is Unknown
      Description: ISP Internet
      Internet address will be negotiated using IPCP
      MTU 1492 bytes, BW 8000 Kbit/sec, DLY 20000 usec,
         reliability 255/255, txload 1/255, rxload 1/255
      Encapsulation PPP, LCP Closed, loopback not set
      Keepalive set (10 sec)
      DTR is pulsed for 1 seconds on reset
      Interface is bound to Vi2
      Last input never, output never, output hang never
      Last clearing of "show interface" counters 1d00h
      Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
      Queueing strategy: Class-based queueing
      Output queue: 0/1000/0 (size/max total/drops)
      5 minute input rate 0 bits/sec, 0 packets/sec
      5 minute output rate 0 bits/sec, 0 packets/sec
         52937 packets input, 30470954 bytes
         52931 packets output, 17287959 bytes
    Bound to:
    Virtual-Access2 is up, line protocol is down
      Hardware is Virtual Access interface
      MTU 1492 bytes, BW 8000 Kbit/sec, DLY 20000 usec,
         reliability 255/255, txload 1/255, rxload 1/255
      Encapsulation PPP, LCP REQsent
      PPPoATM vaccess, cloned from Dialer2
      Vaccess status 0x44
      Bound to ATM0/0/0 VCD: 1, VPI: 0, VCI: 38, loopback not set
      Keepalive set (10 sec)
      DTR is pulsed for 5 seconds on reset
      Interface is bound to Di2 (Encapsulation PPP)
      Last input 00:00:09, output never, output hang never
      Last clearing of "show interface" counters 1d00h
      Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 40403
      Queueing strategy: Class-based queueing
      Output queue: 65/1000/0 (size/max total/drops)
      5 minute input rate 0 bits/sec, 0 packets/sec
      5 minute output rate 0 bits/sec, 0 packets/sec
         58124 packets input, 30591958 bytes, 0 no buffer
         Received 0 broadcasts (0 IP multicasts)
         0 runts, 0 giants, 0 throttles
         0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
         93405 packets output, 17935575 bytes, 0 underruns
         0 output errors, 0 collisions, 0 interface resets
         0 unknown protocol drops
         0 output buffer failures, 0 output buffers swapped out
         0 carrier transitions
    syslog for debug  ppp negotiation:
    2014-09-10 08:49:31    Local7.Notice    local IP address    801: wr1.lon: .Sep 10 01:51:33.803: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0/0/0, changed state to down
    2014-09-10 08:49:32    Local7.Notice    local IP address    804: wr1.lon: .Sep 10 01:51:35.247: %TRACKING-5-STATE: 3 ip sla 3 state Up->Down
    2014-09-10 09:13:40    Local7.Error    local IP address    808: wr1.lon: Sep 10 02:15:42.646: %LINK-3-UPDOWN: Interface ATM0/0/0, changed state to up
    2014-09-10 09:13:40    Local7.Notice    local IP address    809: wr1.lon: Sep 10 02:15:43.646: %LINEPROTO-5-UPDOWN: Line protocol on Interface ATM0/0/0, changed state to up
    2014-09-10 09:13:45    Local7.Error    local IP address    810: wr1.lon: Sep 10 02:15:48.957: %LINK-3-UPDOWN: Interface Virtual-Access2, changed state to up
    2014-09-10 09:13:45    Local7.Debug    local IP address    811: wr1.lon: Sep 10 02:15:48.961: Interface Virtual-Access2 max_reserved_bandwidth config will not
    2014-09-10 09:13:45    Local7.Debug    local IP address    812: wr1.lon: take effect on the queueing features configured via service-policy
    2014-09-10 09:13:45    Local7.Info    local IP address    813: wr1.lon: Sep 10 02:15:48.965: %DIALER-6-BIND: Interface Vi2 bound to profile Di2
    2014-09-10 09:13:45    Local7.Debug    local IP address    814: wr1.lon: Sep 10 02:15:48.965: Vi2 PPP: Sending cstate UP notification
    2014-09-10 09:13:45    Local7.Debug    local IP address    815: wr1.lon: Sep 10 02:15:48.969: Vi2 PPP: Processing CstateUp message
    2014-09-10 09:13:45    Local7.Debug    local IP address    816: wr1.lon: Sep 10 02:15:48.973: PPP: Alloc Context [662C56A4]
    2014-09-10 09:13:45    Local7.Debug    local IP address    817: wr1.lon: Sep 10 02:15:48.973: ppp3 PPP: Phase is ESTABLISHING
    2014-09-10 09:13:45    Local7.Debug    local IP address    818: wr1.lon: Sep 10 02:15:48.973: Vi2 PPP: Using dialer call direction
    2014-09-10 09:13:45    Local7.Debug    local IP address    819: wr1.lon: Sep 10 02:15:48.973: Vi2 PPP: Treating connection as a callout
    2014-09-10 09:13:45    Local7.Debug    local IP address    820: wr1.lon: Sep 10 02:15:48.973: Vi2 PPP: Session handle[14000004] Session id[3]
    2014-09-10 09:13:45    Local7.Debug    local IP address    821: wr1.lon: Sep 10 02:15:48.973: Vi2 LCP: Event[OPEN] State[Initial to Starting]
    2014-09-10 09:13:45    Local7.Debug    local IP address    822: wr1.lon: Sep 10 02:15:48.973: Vi2 PPP: No remote authentication for call-out
    2014-09-10 09:13:45    Local7.Debug    local IP address    823: wr1.lon: Sep 10 02:15:48.973: Vi2 LCP: O CONFREQ [Starting] id 1 len 14
    2014-09-10 09:13:45    Local7.Debug    local IP address    824: wr1.lon: Sep 10 02:15:48.973: Vi2 LCP:    MRU 1492 (0x010405D4)
    2014-09-10 09:13:46    Local7.Debug    local IP address    825: wr1.lon: Sep 10 02:15:48.973: Vi2 LCP:    MagicNumber 0x24FF1F46 (0x050624FF1F46)
    2014-09-10 09:13:46    Local7.Debug    local IP address    826: wr1.lon: Sep 10 02:15:48.973: Vi2 LCP: Event[UP] State[Starting to REQsent]
    2014-09-10 09:13:48    Local7.Debug    local IP address    827: wr1.lon: Sep 10 02:15:50.965: Vi2 LCP: O CONFREQ [REQsent] id 2 len 14
    2014-09-10 09:13:48    Local7.Debug    local IP address    828: wr1.lon: Sep 10 02:15:50.965: Vi2 LCP:    MRU 1492 (0x010405D4)
    2014-09-10 09:13:48    Local7.Debug    local IP address    829: wr1.lon: Sep 10 02:15:50.965: Vi2 LCP:    MagicNumber 0x24FF1F46 (0x050624FF1F46)
    2014-09-10 09:13:48    Local7.Debug    local IP address    830: wr1.lon: Sep 10 02:15:50.965: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
    2014-09-10 09:13:50    Local7.Debug    local IP address    831: wr1.lon: Sep 10 02:15:52.981: Vi2 LCP: O CONFREQ [REQsent] id 3 len 14
    2014-09-10 09:13:50    Local7.Debug    local IP address    832: wr1.lon: Sep 10 02:15:52.981: Vi2 LCP:    MRU 1492 (0x010405D4)
    2014-09-10 09:13:50    Local7.Debug    local IP address    833: wr1.lon: Sep 10 02:15:52.981: Vi2 LCP:    MagicNumber 0x24FF1F46 (0x050624FF1F46)
    2014-09-10 09:13:50    Local7.Debug    local IP address    834: wr1.lon: Sep 10 02:15:52.981: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
    2014-09-10 09:13:52    Local7.Debug    local IP address    835: wr1.lon: Sep 10 02:15:54.996: Vi2 LCP: O CONFREQ [REQsent] id 4 len 14
    2014-09-10 09:13:52    Local7.Debug    local IP address    836: wr1.lon: Sep 10 02:15:54.996: Vi2 LCP:    MRU 1492 (0x010405D4)
    2014-09-10 09:13:52    Local7.Debug    local IP address    837: wr1.lon: Sep 10 02:15:54.996: Vi2 LCP:    MagicNumber 0x24FF1F46 (0x050624FF1F46)
    2014-09-10 09:13:52    Local7.Debug    local IP address    838: wr1.lon: Sep 10 02:15:55.000: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
    2014-09-10 09:13:54    Local7.Debug    local IP address    839: wr1.lon: Sep 10 02:15:57.012: Vi2 LCP: O CONFREQ [REQsent] id 5 len 14
    2014-09-10 09:13:54    Local7.Debug    local IP address    840: wr1.lon: Sep 10 02:15:57.012: Vi2 LCP:    MRU 1492 (0x010405D4)
    2014-09-10 09:13:54    Local7.Debug    local IP address    841: wr1.lon: Sep 10 02:15:57.012: Vi2 LCP:    MagicNumber 0x24FF1F46 (0x050624FF1F46)
    2014-09-10 09:13:54    Local7.Debug    local IP address    842: wr1.lon: Sep 10 02:15:57.012: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
    2014-09-10 09:13:56    Local7.Debug    local IP address    843: wr1.lon: Sep 10 02:15:59.028: Vi2 LCP: O CONFREQ [REQsent] id 6 len 14
    2014-09-10 09:13:56    Local7.Debug    local IP address    844: wr1.lon: Sep 10 02:15:59.028: Vi2 LCP:    MRU 1492 (0x010405D4)
    2014-09-10 09:13:56    Local7.Debug    local IP address    845: wr1.lon: Sep 10 02:15:59.028: Vi2 LCP:    MagicNumber 0x24FF1F46 (0x050624FF1F46)
    2014-09-10 09:13:56    Local7.Debug    local IP address    846: wr1.lon: Sep 10 02:15:59.028: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
    2014-09-10 09:13:58    Local7.Debug    local IP address    847: wr1.lon: Sep 10 02:16:01.044: Vi2 LCP: O CONFREQ [REQsent] id 7 len 14
    2014-09-10 09:13:58    Local7.Debug    local IP address    848: wr1.lon: Sep 10 02:16:01.044: Vi2 LCP:    MRU 1492 (0x010405D4)
    2014-09-10 09:13:58    Local7.Debug    local IP address    849: wr1.lon: Sep 10 02:16:01.044: Vi2 LCP:    MagicNumber 0x24FF1F46 (0x050624FF1F46)
    2014-09-10 09:13:58    Local7.Debug    local IP address    850: wr1.lon: Sep 10 02:16:01.044: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
    2014-09-10 09:14:00    Local7.Debug    local IP address    851: wr1.lon: Sep 10 02:16:03.060: Vi2 LCP: O CONFREQ [REQsent] id 8 len 14
    2014-09-10 09:14:00    Local7.Debug    local IP address    852: wr1.lon: Sep 10 02:16:03.060: Vi2 LCP:    MRU 1492 (0x010405D4)
    2014-09-10 09:14:00    Local7.Debug    local IP address    853: wr1.lon: Sep 10 02:16:03.060: Vi2 LCP:    MagicNumber 0x24FF1F46 (0x050624FF1F46)
    2014-09-10 09:14:00    Local7.Debug    local IP address    854: wr1.lon: Sep 10 02:16:03.060: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
    2014-09-10 09:14:02    Local7.Debug    local IP address    855: wr1.lon: Sep 10 02:16:05.075: Vi2 LCP: O CONFREQ [REQsent] id 9 len 14
    2014-09-10 09:14:02    Local7.Debug    local IP address    856: wr1.lon: Sep 10 02:16:05.075: Vi2 LCP:    MRU 1492 (0x010405D4)
    2014-09-10 09:14:02    Local7.Debug    local IP address    857: wr1.lon: Sep 10 02:16:05.075: Vi2 LCP:    MagicNumber 0x24FF1F46 (0x050624FF1F46)
    2014-09-10 09:14:02    Local7.Debug    local IP address    858: wr1.lon: Sep 10 02:16:05.075: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
    2014-09-10 09:14:04    Local7.Debug    local IP address    859: wr1.lon: Sep 10 02:16:07.091: Vi2 LCP: O CONFREQ [REQsent] id 10 len 14
    2014-09-10 09:14:04    Local7.Debug    local IP address    860: wr1.lon: Sep 10 02:16:07.091: Vi2 LCP:    MRU 1492 (0x010405D4)
    2014-09-10 09:14:04    Local7.Debug    local IP address    861: wr1.lon: Sep 10 02:16:07.091: Vi2 LCP:    MagicNumber 0x24FF1F46 (0x050624FF1F46)
    2014-09-10 09:14:04    Local7.Debug    local IP address    862: wr1.lon: Sep 10 02:16:07.091: Vi2 LCP: Event[Timeout+] State[REQsent to REQsent]
    2014-09-10 09:14:06    Local7.Debug    local IP address    863: wr1.lon: Sep 10 02:16:09.107: Vi2 PPP DISC: LCP failed to negotiate
    2014-09-10 09:14:06    Local7.Debug    local IP address    864: wr1.lon: Sep 10 02:16:09.107: PPP: NET STOP send to AAA.
    2014-09-10 09:14:06    Local7.Debug    local IP address    865: wr1.lon: Sep 10 02:16:09.107: Vi2 PPP: No remote authentication for call-out
    2014-09-10 09:14:06    Local7.Debug    local IP address    866: wr1.lon: Sep 10 02:16:09.107: Vi2 LCP: Event[Timeout-] State[REQsent to Stopped]
    2014-09-10 09:14:06    Local7.Debug    local IP address    867: wr1.lon: Sep 10 02:16:09.107: Vi2 LCP: Event[DOWN] State[Stopped to Starting]
    2014-09-10 09:14:06    Local7.Debug    local IP address    868: wr1.lon: Sep 10 02:16:09.107: Vi2 PPP: Phase is DOWN

    Hello ,
    As line comes up after reloading the device this does not looks like configuration issue but hardware .
    Either connection between ATM card and modem is getting idle or some issue with ATM card .
    Did you try replacing ATM card with a spare one to see if issue persists .
    HTH
    Sunil Bhadauria
    ! Kindly rate all helpful posts and accordingly mark correct answers to help forum !

  • RV042G fails to work with Public Wan IP when connected to Cisco SG300

    Am using a RV042G with a Fiber Optic connection terminated on WAN1 It was working fine untill received a new IP pool . When we configure with the ip on wan 1 and connect the SG300 the WAN Status shows connected but no internet connection. The wan ip doesnt work. If i replace the RV042G with a Netgear Firewall router The connection works fine with the WAN IP.
    The network connection is very simple. What is that is not letting RV042G work with SG300?

    Hi Tom, Thanks for the reply.
    Yes when I connect a computer directly to the RV042G it works fine but as I connect back the SG300 to one of the ports the Internet goes down.
    The SG300 is not working on Layer 3.
    I tried Different ports but the same result.
    This RV042G was working fine with the fiber optic line, We just requested the ISP to increase the Public IP pool and they Gave us New IP's. Nothing changed Just set the WAN1 to one of the new IP and it fails to work if connected with the switch
    I removed the switch and connected the RVS4000 directly to RV42G and the users of RVS4000 have no issues. Not a single thing has been changed Just the new IP On wan.
    I have upgraded the router, rest  and configured internet settings i.e Changed wan IP but no go.
    Thanks Sachin

  • SRP541W WAN Load Balancing and NAT

    Hello All,
    New to the forums. Thanks for taking the time to read my post. I recently switched my office over from a RV042 to SRP541W. We have 2 DSL lines and have used the Load Balance feature on the RV42 to make the best of the connecton speeds. When setting up the SRP541W when i select load balancing it tells me NAT should be disabled. Why is that? I see a place to input static routes but Im not entirly sure what needs to be done here to set this up correctly. Any input would be appriciated. Also right off the bat we had some issues with access to Google Docs and Mail. I think its becuase those sites dont like seeing access from multiple IPs (fromt the Dual WAN) so I set up a entry in Policy Routing directing all traffic from port 443 to go through one WAN, is this the right way to do this?
    Thanks!
    Mike-

    Dear Mike,
    Thank you and welcome to the Small Business Support Community.
    It is possible to configure load balancing with NAT, however in this case, remote internet servers will potentially see sessions from remote hosts behind the SRP541W coming from different source IP addresses (the WAN IP addresses), causing the sessions to be reset unexpectedly.
    The Policy Routing setting you setup is exactly what I would do in your case.
    I hope these answer your question and please do not hesitate to reach me back if there is anything else I may assist you with.
    Kind regards,
    Jeffrey Rodriguez S. .:|:.:|:.
    Cisco Customer Support Engineer
    *Please rate the Post so other will know when an answer has been found.

  • Cisco ASA Site to Site IPSEC VPN and NAT question

    Hi Folks,
    I have a question regarding both Site to Site IPSEC VPN and NAT. Basically what I want to achieve is to do the following:
    ASA2  is at HQ and ASA1 is a remote site. I have no problem setting up a  static static Site to Site IPSEC VPN between sites. Hosts residing at  10.1.0.0/16 are able to communicate with hosts at 192.168.1.0/24, but  what i want is to setup NAT with IPSEC VPN so that host at 10.1.0.0/16  will communicate with hosts at 192.168.1.0/24 with translated addresses
    Just an example:
    Host N2 (10.1.0.1/16) will communicate with host N1 192.168.1.5 with  destination lets say 10.23.1.5 not 192.168.1.5 (Notice the last octet  should be the same in this case .5)
    The same  translation for the rest of the communication (Host N2 pings host N3  destination ip 10.23.1.6 not 192.168.1.6. again last octet is the same)
    It sounds a bit confusing for me but i have seen this type of setup  before when I worked for managed service provider where we had  connection to our clients (Site to Site Ipsec VPN with NAT, not sure how  it was setup)
    Basically we were communicating  with client hosts over site to site VPN but their real addresses were  hidden and we were using translated address as mentioned above  10.23.1.0/24 instead of (real) 192.168.1.0/24, last octet should be the  same.
    Appreciate if someone can shed some light on it.

    Hi,
    Ok so were going with the older NAT configuration format
    To me it seems you could do the following:
    Configure the ASA1 with Static Policy NAT 
    access-list L2LVPN-POLICYNAT permit ip 192.168.1.0 255.255.255.0 10.1.0.0 255.255.0.0
    static (inside,outside) 10.23.1.0 access-list L2LVPN-POLICYNAT
    Because the above is a Static Policy NAT it means that the translation will only be done when the destination network is 10.1.0.0/16
    If you for example have a basic PAT configuration for inside -> outside traffic, the above NAT configuration and the actual PAT configuration wont interfere with eachother
    On ASA2 side you can normally configure NAT0 / NAT Exemption for the 10.1.0.0/16 network 
    access-list INSIDE-NONAT remark L2LVPN NONAT
    access-list INSIDE-NONAT permit ip 10.1.0.0 255.255.0.0 10.23.1.0 255.255.255.0
    nat (inside) 0 access-list INSIDE-NONAT
    You will have to take into consideration that your access-list defining the L2L-VPN encrypted traffic must reflect the new NAT network 
    ASA1: access-list L2LVPN-ENCRYPTIONDOMAIN permit ip 10.23.1.0 255.255.255.0 10.1.0.0 255.255.0.0
    ASA2: access-list L2LVPN-ENCRYPTIONDOMAIN permit ip 10.1.0.0 255.255.0.0 10.23.1.0 255.255.255.0
    I could test this setup tomorrow at work but let me know if it works out.
    Please rate if it was helpful
    - Jouni

  • Problem with passive mode FTP server and NAT

    Hi,
    I have a problem with Passive mode FTP and NAT.
    I am trying to run both an FTP server and sharing the Internet connection via NAT. I have by the way specified the passive ports to use in ftpaccess (65000-65534). Everything works fine until someone tries to connect via Passive mode. I have tracked the problem down to the firewall and the rule that handles NAT.
    Firewall rule config without NAT:
    00001 allow udp from any 626 to any dst-port 626
    01000 allow ip from any to any via lo0
    12300 allow ip from any to any
    65535 allow ip from any to any
    Firewall rule config with NAT
    00001 allow udp from any 626 to any dst-port 626
    00010 divert 8668 ip from any to any via en1
    01000 allow ip from any to any via lo0
    12300 allow ip from any to any
    65535 allow ip from any to any
    So, passive ports do not work when NAT is on. If I turn it off, Passive ftp works like a charm.
    But how do I solve my problem? I have in my quest for the answer stumbled upon "-punch_fw" but do not know how to use it or if it even helps me at all?
    Best regards,
    Peter
    B&W G3 Mac OS X (10.4.5)

    Media/Lacrosse-1-tiny.3gp
    I can't find the file on your server.
    They may also need to edit the .htaccess file to allow the .3gp file extension be used. Call them.

  • Configuring - Cisco 2921 with Switch Module/POE PS and 3750-x 24 port switch

    This is what I have
    - Cisco 2921 router
             with SM-ES2-24-P switch module and
                     POE power supply
    -Cisco 3750x- 24 port Switch
    I have port G1/0 (which connects to 24p Switch Module port g0/26 logically) configured with 3 sub interfaces (management, User and VOIP)
    I want to connect 3750x to G0/1 on 2921 via fiber GBIC but want to use same three VLANs
    I can not daisy chain 3750x via the switch module because it does not have fiber port.
    I do not want to create another routed (g0/1) interface because I want to keep Users on both switches on the same subnet without further splitting the subnet in two.
    I hope I am not making this confusing.
    How can I bridge g1/0 and g0/1 so I can pass vlan traffic between two switches?
    Second problem i have is ...
    I have a VOIP connected to switch module (SM) and it is not getting any power.
    I went in to all the interfaces on SM and issued power inline auto command
    On the SM (sh power inline) - available is 0.0(w)
    on the 2921 (sh power inline)
       - power supply status is good,
       - maximun power available is 280.
       - interface G1/0( which connects to SM)
          *device is unknown
          * powered off
         * allocated 0.0 watts.
    I already tried resetting SM
    Is there any other command I need to issue?
    thanks for your help.

    I'm having a similar issue. I can get trunked connectivity between the switch module and the router if I put the IP address on the router sub interface, but not if I put it on a VLAN interface. I was hoping to have it on a VLAN sub interface on the router so I could use Gig0/1 and Gig0/2 to connect other switches and have them on the same VLANs. I'm using Gig1/0 on the router side and Gig0/51 on the switch side (48-port module).
    Any help? Am I on the wrong track altogether?

  • Cisco 5508 with 7.0.98.0 and GTK interval

    I am looking where I can change the GTK interval for my controller. Any pointers, appreciated.

    You cannot.
    It was possible on IOS but for some reason, it's not anymore on controllers.
    Sorry.
    Nicolas
    ===
    Don't forget to rate answers that you find useful

  • Proper setup for a network with Public Static IPs and Private IPs

    hello all-
    i am trying to setup a network with public static IP addresses and local (internal) IP addresses with 192.168.xxx.xxx format. i will try to explain as best i can how i have it set up and what my issues are.
    i have COX business services in my home and 8 static public IPs assigned to me. i have tried setting this up and everything internally (192.168.xxx.xxx) works fine and all the devices can get to the outside world fine but when i try to access ANY of the devices on the public IPs from outside the network i get absolutely nothing. the browser just times out and i cannot ping the devices even though COX can see and says the devices are bridging over. COX is unable to get a response when they ping the devices either.
    one of the devices is a Synology NAS with one Ethernet port that is using a public IP and the other using a 192.168.xxx.xxx address. when the Ethernet port is setup using a static public IP COX can see it but they get no response from a ping and when they go to the address to get the login page the browser times out. when i reconfigure the port for DHCP it grabs a public DHCP address and when COX pings that they get a response AND they are able to type the DHCP adress in their browser and get to the login page no problem. when i switch back to the static IP they can see it but again are unable to get a response from a ping and are unable to go to the login page.
    my setup is:
    COX Modem (only has 1 Ethernet port) ====>> 8 port NETGEAR Gigabit switch (all devices with Public IPs are plugged into the NETGEAR switch)
    NETGEAR switch ====>> WAN Port on Airport Extreme (latest version w/all software updates)
    LAN Port Airport Extreme ====>> CISCO 2960 48 port Gigabit Switch (all internal devices are plugged into the CISCO switch)
    like i said everything with the 192.168.xxx.xxx connects and i can connect to just fine but none of the devices with public static IPs can be pinged even though COX can see them bridging over. i have tried all new cables on the devices and that didn't work so it has to be something with my setup.
    do i need to add another router to this configuration because i have extra airport extremes lying around i can use if someone could just tell me how the setup should be. i also have a few ports open on the CISCO switch; is there a way i can use it for the 4-5 devices that have public IPs? or will that cause a problem with all the other devices plugged into it with the 192.168.xxx.xxx IP addresses?
    i'm not a networking guru (obviously) so if you are able to help me get this setup properly can you try not to use Doctoral Level syntax in your response? i would greatly appreciate it!
    i appreciate any and all help... thx in advance!

    Duplicate posts. 
    Go HERE.

  • How to setup Cisco IOS with multi public IP's

    I'd like to set up a little network environment. We have bought 2 different subnet from our ISP. 
    The WAN internet connection: xx.yy.81.61/26
    WAN gateway: xx.yy.81.1
    First subnet : xx.yy.81.80/30    (this has the same first 3 octet as the WAN, probably doesn't count, because it is a different subnet)
    Second subnet : zz.uu.156.48/29
    As you can see in the first diagram, the xx.yy.81.61/26 is assigned to the CISCO's outside(WAN) interface, the internet connection is alive, all hosts in LAN have internet connection. We want to assign some hosts with public IP address (for webserver sake). I'm not familiar with networking, so please forgive me if I make some silly questions. In brackets, I make the cisco router setup with the "Cisco Configuration Professional 2.8" PC program.
                 |     
                 |     ADSL or Optical cable (fiber link)
                 |
            +-----+
            |        |   modem
            |        |
            +-----+
                 |
                 |        WAN (xx.yy.81.61/26)
                 |     Gateway(xx.yy.81.1)
                 |
          +----------+
          |              |
          |              |    CISCO 881 (router/firewall)
          |              |    IOS 15.2(4)M6
          |              |
          +----------+
                 |
                 |
           -----+-------------   our local LAN segment (vlan)
            10.10.10.1/24
    I want to set up the CISCO:
    - The question is, that how can i make my subnets alive? I just want to transmit(NAT) some public IP from subnet to specific HOST computer(or inverse?). I have made the NAT rules (zz.uu.156.50 <- 10.10.10.xxx), but no result, the public IP is unreachable(no ping, no traceroute). 
    - Do I have to assign a second IP(virtual) address from subnets to the outside interface(WAN). If yes, than how? Or my ISP has to route the subnets to my WAN IP address(xx.yy.81.61) ?
    The truth is that the original setup was different, as you can see in the second diagram. In this case the both subnet was alive. Now, I unmounted the ISP owned HP router and I attached the CISCO directly to the modem output(first diagram), because we had some DNS issues and I think it is unnecessary to be 2 router sequentially. Please indicate if i was wrong. 
    I mention, that by the original setup, I could access the HP router (only the login interface) from internet with the first IP of the subnets (xx.yy.81.81 from the first subnet and  zz.uu.156.49 from the second subnet).
                 |     
                 |     ADSL or Optical cable (fiber link)
                 |
            +-----+
            |        |   modem
            |        |
            +-----+
                 |
                 |
                 |
           +-------+
           |          |    blackbox, no acces
           |          |    ISP owned HP router
           |          |
           +-------+
                 |
                 |        WAN (xx.yy.81.82/30)    or      WAN (zz.uu.156.50/29)
                 |     Gateway(xx.yy.81.81)            Gateway(zz.uu.156.49) 
                 |
          +----------+
          |              |
          |              |    CISCO 881 (router/firewall)
          |              |    IOS 15.2(4)M6
          |              |
          +----------+
                  |
                  |
            -----+-------------   our local LAN segment
              10.10.10.1/24
    Thanks for any answer or suggestion! 

    Hey,
    Proxy-ARP should take care of this!
    As long as you assign the NAT rules into the IOS Router it should start replying to any ARP request to those IPs on different subnets.
    Of course the ISP should forward this ARP requests to you!
    So make sure Proxy-ARP is enabled in the WAN interface and you should be good to go (as long as the NAT rules are good).
    Regards,
    Julio Carvajal
    Senior Network Security and Core Specialist
    CCIE #42930, 2-CCNP, JNCIS-SEC
    For inmediate assistance hire us at http://i-networks.us

  • Cannot establish multiple simultaneous PPTP connections with the CISCO 1841.

    Hello everyone;
    I have recently tested a PPTP connection with a CISCO 1841 router and got success. I have configured a windows 7 client and successfully connected to the router and was able to access the documents in the server PC that I have mentioned in the attached diagram. I have created number of different users  in the CISCO 1841 too. While some one is having a connection, another user cannot connect to it, which means multiple simultaneous connections aren't possible. Do I have to create a ACL for the PPTP and if yes, How ? 
     FastEthernet0/0 is up, line protocol is up
      Internet address is 192.168.100.1/25
      Broadcast address is 255.255.255.255
      Address determined by non-volatile memory
      MTU is 1500 bytes
      Helper address is not set
      Directed broadcast forwarding is disabled
      Outgoing access list is not set
      Inbound  access list is 100
    Proxy ARP is enabled
    Local Proxy ARP is disabled
    Security level is default
    Split horizon is enabled
    ICMP redirects are always sent
    ICMP unreachables are always sent
    ICMP mask replies are never sent
    IP fast switching is enabled
    IP fast switching on the same interface is disabled
    IP Flow switching is disabled
    IP CEF switching is enabled
    IP CEF Feature Fast switching turbo vector
    IP multicast fast switching is enabled
    IP multicast distributed fast switching is disabled
    IP route-cache flags are Fast, CEF
    Router Discovery is disabled
    IP output packet accounting is disabled
    IP access violation accounting is disabled
    TCP/IP header compression is disabled
    RTP/IP header compression is disabled
    Policy routing is disabled
    Network address translation is enabled, interface in domain inside
    BGP Policy Mapping is disabled
    WCCP Redirect outbound is disabled
    WCCP Redirect inbound is disabled
    WCCP Redirect exclude is disabled
    Inbound inspection rule is SDM_LOW
    --------------------------------------------------------------------------------------------ACL 100-----------------------------
    deny icmp any any echo-reply
    deny ip host 255.255.255.255 any
    deny ip 127.0.0.0 0.255.255.255 any
    deny ip host 66.163.169.186 any
    permit ip any any (122467027 matches)

    As long as you have the inspection engine enabled on the ASA, it shouldn't freak out of the different IP as it will inspect the call signalling and will NAT it accordingly, BUT, for simplicity, I agree with you, it would cause a lot of troubleshooting headache if there is problem as well as reconfiguration of IP on the host ends.
    Here is the NAT FYI:
    object network obj-10.10.96.0
       subnet 10.10.96.0 255.255.255.0
    object network obj-192.168.96.0
       subnet 192.168.96.0 255.255.255.0
    object network obj-10.10.14.0
       subnet 10.10.14.0 255.255.255.0
    object network obj-10.1.0.0
       subnet 10.1.0.0 255.255.255.0
    object network obj-192.168.1.0
       subnet 192.168.1.0 255.255.255.0
    object network obj-10.10.11.0
       subnet 10.10.11.0 255.255.255.0
    object network obj-192.168.11.0
       subnet 192.168.11.0 255.255.255.0
    nat (inside,outside) source static obj-10.10.96.0 obj-192.168.96.0 destination static obj-10.10.14.0 obj-10.10.14.0
    nat (inside,outside) source static obj-10.1.0.0 obj-192.168.1.0 destination static obj-10.10.14.0 obj-10.10.14.0
    nat (inside,outside) source static obj-10.10.11.0 obj-192.168.11.0 destination static obj-10.10.14.0 obj-10.10.14.0

  • QOS on Cisco 1841 between MS TMG and managed Cisco 1841?

    Replicating our VM data from our Site A to a Hosted Provider (Site B) for DR purposes.
    Crude annotaion of our network:
    VIRTUAL HOSTS-----NORTEL L3 SWITCH-----MS TMG 2010 EDGE FIREWALL-----ISP MANAGED CISCO 1841-------------------CLOUD---------------SITE B
    At times the replication traffic is hogging the connection and causing degraded performance for VPN clients amongst other things.
    TMG 2010 doesn't support QOS and we cannot make any changes to the ISP managed Cisco router, nor can we request changes to be made.
    My plan was to get a hold of a small switch that supported QOS and place this between the MS TMG and the managed router but we actually have another Cisco 1841 sitting doing nothing, would I be able to use the spare 1841 for this purpose?
    Many thanks
    Steve

    Disclaimer
    The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
    Liability Disclaimer
    In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
    Posting
    10 Mbps is around the limits of an 1841.  It might or might not have enough capacity.  You could try using it and monitor its CPU when it's dealing with saturated 10 Mbps.
    You can police or shape before the 10 Mbps bottleneck.  That will insure you can guarantee bandwidth for the non-replication traffic.
    You can only police after the 10 Mbps bottleneck.  If the replication traffic is TCP based, dropped packets should slow the sender, but the sender can often still burst saturate the link before it detects the drops and slows.  If you set a very low bandwidth allowance for the replication traffic, you can often keep it from burst saturating the link.  The other issue with policing, it cannot dynamically allow bandwidth utilization (i.e. prioritization) as you can do with a shaper.
    If most of the replication traffic bandwidth consumption is one way, insert the 1841 anywhere upstream (where all traffic will pass through it) of the 10 Mbps bottleneck, and shape or police.  I would recommend shaping with a very low bandwidth allowance for replication (e.g. 1%).  This will allow replication traffic to use all 10 Mbps, but any other traffic will get priority.
    If the replication traffic bandwidth consumption is two way, you'll really want a 2nd device, on the other side of the bottle neck.
    PS:
    BTW, in lieu of shaping, having your upstream (of bottleneck) also with a physical 10 Mbps interface works even better.  Again, de-prioritize the replication traffic.
    e.g.
    class-map replication
    match
    policy-map phy-10m
    class replication
    bandwidth percent 1
    (optionally random-detect)
    class class-default
    fair-queue
    int 10m
    service-policy output replication

  • Connection issue between Cisco 515 Pix and Cisco 1841 router

    Hi,
    I am having a problem getting a Cisco Pix 515 communicating to a Cisco 1841. I am currently studying for CCNA so forgive me if it's obvious to the rest of you where the problem lies.
    The client currently has an ISDN service which is being moved over to a 2MB E1 connection.
    I have configured the 1841 router with G.703 WIC according to the information given to me by the ISP. I have configured the 1841 to have the same internal IP as the ISDN Cisco 800 series router, hoping for a simple swap over. The Pix 515 sits behind the ISDN at present and will be behind the 1841 when it is active.
    Once I unplug the 800 series ISDN router and plug the 1841 into the pix, I cannot get any response what so ever. I have tried changing the ethernet connection speeds between the pix and 1841 hoping it would be as simple as that without success. Can't get ping responses from either end but I can when the ISDN service is plugged in. Both ISDN and E1 link are supplied by the same ISP, Telstra Australia and the fixed IP's are able to move over to the E1 service.
    I have not touched the pix in any way. A seperate company configured the router a couple of years ago.
    I have included the configurations of the existing ISDN, Pix and the 1841 for you to review. Any advise/solutions would be greatly appreciated.
    Thanks in Advance,

    Hi,
    The outside interface on your PIX is configured as 10BaseT which would be fine when using the original 800 series ISDN router.
    Now with your new 1841, the interface that the PIX connects to is Fast Ethernet so you need to change your outside interface on the PIX to the same
    If you want to use auto negotiation between the PIX and router then the command to do this on the PIX is
    interface ethernet0 auto
    I recommend using hard coded settings between the PIX and router and the command to do this on this PIX is
    interface ethernet0 100full
    You will also need to change your router as:
    interface FastEthernet0/0
    speed 100
    duplex full
    If you can't configure the PIX as you mentioned an external company did it, then i guess you could change your Fast Ethernet interface to "speed 10", "duplex half".
    This won't create a bottleneck as you only have a 2 MB connection to your ISP
    Everything else looks good, don't worry about asking questions on the forum, this is what its for.
    HTH
    Paddy

  • What is the maximum number of PVC's supported by Cisco BPX 8620 and 8680 chassis with BCC-4V 128MB DRAM and 4 MB BRAM?

    We are working on a capacity planning project for one of our customers and we need an estimate on the maximum number of PVCs supported in the following situations:
    a)Cisco BPX 8620 and 8680 chassis with BCC-4V 128MB DRAM and 4 MB BRAM ?
    b)Maximum number of PVC's supported by each of the following STM-1 cards:
    - model BXM-155-4D and 4DX ?
    - model BXM-155-8D and 8DX ?

    a)It depends upon software level. b) 16,000 per card, With release 9.3:
    60K Connections Support on BXM-E—Provides the ability to support a maximum of 60K per card for VSI applications for the BPX 8600, for example, PNNI or MPLS, used on enhanced BXM-E cards.

Maybe you are looking for