09-17-2004 02:22 AM - edited 03-02-2019 06:33 PM
i've set up a dsl vpn using cisco 837
need to be able to use tacacs and other stuff (such as tftp) but the connections appear to be attempting with the internet IP address rather than the routed LAN IP(inside the VPN on the b-end)
Ping (extended) works when specifying the thernet port of the router.
Is there a command in the config so that this IP address is used as a default for connections with TACACS+ and TFTP etc?
Thanks
09-17-2004 04:34 AM
ip tftp source-interface
ip tacacs source-interface
09-24-2004 02:23 AM
is it possible to set the "inside" interface as default for all connections out?
i'm able to ping etc. from PC's behind the router, but it seems to me that any other connections from the router itself have their source as the "external" IP address.....
What's the debug command to prove if this is true?
Thanks
Inside Interface:
interface Ethernet0
ip address 172.x.y.1 255.255.255.128
ip nat inside
ip tcp adjust-mss 1452
no ip mroute-cache
no cdp enable
hold-queue 100 out
Dialer :
interface Dialer1
ip address a.b.c.d 255.255.255.252
ip access-group 111 in
ip mtu 1492
ip nat outside
ip inspect myfw out
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname username@isp.domain
ppp chap password
ppp pap sent-username username@isp.domain password
ppp ipcp dns request
ppp ipcp wins request
crypto map
hold-queue 224 in
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit tcp 172.a.b.0 0.0.7.255 any eq telnet
access-list 111 permit tcp 172.c.d.0 0.0.0.255 any eq telnet
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
access-list 111 deny ip any any
(other access-lists but i don't think they're relevant!)
any ideas anyone?
09-24-2004 02:32 AM
Packets sourced from the router usually have the source address of the interface through which the destination is reachable. I am not aware of any command that influences all communication originated from the router. When people do have a requirement to alter the source addresses for FTP, TFTP, TACACS, RADIUs, etc communication initiated from the router they use the commands like i posted in the previous message. What is your exact requirement?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide