Basic 877 configuration for a beginner

NickRamsey · ‎07-26-2005

Hi

I am a beginner in the field of Cisco, having decided I am tired of consumer products that regularly crash. So I bought a Cisco 877 router to connct to my broadband ADSL here in the UK.

I was led to believe the SDM would allow me to set up the firewall/router easily, but it's much more complex than the consumer devices!

So I have a number of basic beginners questions. Here's what I want to achieve, and if I can do it via SDM that would be great. If not, I'd need help to do it from scratch at the command line (a place I don't really want to go!).

1. Connect to my PPoA provider (who I believe uses MUX rather than SNAP).

2. Run a web server, Exchange server and FTP from inside my LAN

3. Collect POP3 mail from external email accounts into Exchange (with a POP3 connector)

4. Use Remote Desktop to get into my server from out of office

5. Access the LAN using a simple Microsoft VPN

6. Allow one of my LAN workstations to access streaming radio (I know the ports and protocols it uses)

All this is simple in, for example, a Netgear consumer box. Port forwarding and port range forwarding are easy and there's no trouble with NAT - it just works. But making any of this work with the Cisco 877 has been impossible for me.

HELP!!!

Please bear in mind that I don't understand all the terminology (thoughh I do understand basic networks, IP addressing etc). The number of interfaces on the Cisco are a bit confusing, whether the switch ports need me to assign them IP adresses etc, ACLs and inspection rules etc are a bit of a dark area!

Can anyone help?

Nick

NickRamsey · ‎07-27-2005

Further tests:

I reset the router to factory defaults, changed the LAN IP address, turned on NAT but left the firewall off.

Though the DSL interface shows as UP, I can't access the internet even with this simple configuration. I'd have thought NAT and no firewall should work?

Can anyone help? For Cisco experts I'd have thought this would be a fairly basic configuration, but I can find nobody who knows how to do this.

Nick

johnd2310 · ‎07-27-2005

Nick,

Personally I find the command line best for configuring Cisco devices.I suggest you get comfortable with the command line.

Have a look at the following link for help configuring your device.

www.cisco.com/en/US/products/hw/routers/ps380/products_configuration_guide_book09186a008011a32f.html

**Please rate posts you find helpful**

NickRamsey · ‎07-28-2005

I actually downloaded the 877 guide, but though it's good, some of the example settings are confusing (for example the bit about loopback interfaces and being placeholders for static IP).

And it looks as if it requires far greater knowledge than I have, and a considerable effort to work out all the ACLs etc. It doesn't really deal with the concepts that you are trying to implement, just the implementation itself. And the mix of IP addresses in the examples is confusig - the same router seems to have 10.x.x.x, 200.x.x.x and 192.168.x.x addresses inside it!

I think I have to return this router as unusable and go to something els. It has to be more reliable than Netgear, Linksys etc, but easier to configure than Cisco.

Perhaps there's a 3Com model to suit, or maybe Nortel make something?

I need something reliable but configurable.

Cisco has been a frustrating experience.

Thanks anyway

Nick

laszlo.pal · ‎08-22-2005

Did you find a solution for your problem? I'm fighting with very similar one. I think the secret is in NAT configuration what I should understand for CCNP :)

Laszlo

NickRamsey · ‎08-27-2005

Hi Laszlo

No I never really got a response that allowed me to set this up without learning the entire Cisco command set and the detail of how to set up everything from scratch - a major undertaking that people study Cisco exams for! So I have abandoned the product and returned it.

Nick

jmia · ‎08-27-2005

Hello Nick,

Firstly, sorry to hear your fustration on getting the c877 router configured. Yes it is hard to configure cisco routers if you don't have the basic knowledge but cisco routers are the leaders in the networking world - but that's my view as I'm a cisco biased engineer.

Anyway my point for replying is - you can achive all you asked for on your original post by using a Cisco PIX firewall, say a PIX 501 or 506 model depending on your user limits instead of the router.The PIX 501 is relatively cheap to purcahse.

And if you need help in configuration then let me know either here on this forum or you can e-mail me direct: jmia@ohgroup.co.uk

I have deployed 100's of PIX firewalls with ADSL braodband here in the UK.

Also, you would have got a better response on your original post if you had poted it in the LAN/WAN section on this forum as the security side mainly deals with firewalls (PIX and Routers).

Good luck.

- Jay

hichyenn69 · ‎05-05-2008

Dear Lazlo,

I am also new to Cisco's gear. I have the 877W that I would like to use with my BT ADSL service here in the UK.

Do you know if there is a link to how I can configure it please?

I would prefer GUI and not CLI as I am not technical.

Many thanks.

Hicham

laszlo.pal · ‎08-30-2005

Hi,

I think you've give it up too early :) to learn basics of IOS is useful and if your would give some more time for yourself you could learn a lot and you'd have a well working network device. As I can read you've already given back this stuff, so I'll not send you the configuration needed for the things above :)

Regards

Laszlo

NickRamsey · ‎08-30-2005

Well, Laszlo, I have an RMA for the router but I haven't yet returned it.

However, there are so many settings to configure to get what I need that I have pretty well given up the idea. I read the manual for configuring it and though it seemed to make sense, the examples seemed inconsistent as mentioned in previous items in this post. That's either because they ARE inconsistent or because I'm missing something - and I couldn't make out which of those it was.

I guess a consistent set of commands might make things clearer, but I had given up hope of getting that!

Nick

laszlo.pal · ‎05-06-2008

hi

let me put some guidlines for you here

1. Connect to my PPoA provider (who I believe uses MUX rather than SNAP).

included device manager through the web interface is perfect for this. just click on the appropriate options and your connection will be established. of course you'll need some basic information regarding to the ip addressing and authentication from your provider

2. Run a web server, Exchange server and FTP from inside my LAN

first of all you need a permanent IP address on the wan side for this. also you can try to use some kind of dynamic dns service for this (dyndns)

also you'll need to set-up nat translation for this, so the packets destined to your external address will reach the server within your internal or dmz zone

3. Collect POP3 mail from external email accounts into Exchange (with a POP3 connector)

it is simple. established connections should be leave your internal zone w/o any problem

4. Use Remote Desktop to get into my server from out of office

another nat rule should play here

5. Access the LAN using a simple Microsoft VPN

this router has some internal vpn functionality both for client vpn and ssl vpn, but I never tried this

6. Allow one of my LAN workstations to access streaming radio (I know the ports and protocols it uses)

it is also established connection, so shouldn't be any problem

Another issue with this stuff. When I tried to use the modern stateful version of the FW included in this software it never worked, so I had to revert to the old fashioned nat/access-list based FW config. Maybe you'll have more luck with this, so just click next next finish :)

altought, Cisco FW is not a beginner level stuff, so if you need advanced config (even if you need server in a dmz), you should hire someone to configure it for your needs

regards

Laszlo