06-23-2014 02:49 AM
Hopefully someone can help me with this,
One of our customers has a broadband connection with 2 vlans, one for internet wan and one in a private ip-VPN for VoIP. both of them require PPPoE on outgoing packets.
I used an old cisco 878 to do the PPPoE part.
Cisco 878 (MPC8272) processor (revision 0x200) with 118784K/12288K bytes of memory.
Processor board ID FHK10142401
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
4 FastEthernet interfaces
System image file is "flash:c870-advipservicesk9-mz.124-4.T2.bin"
Ports 1 and 2 connect to the providers CPE, 3 and 4 to the customers Voice Lan and Firewall. All working fine untill the cisco suddenly lost its configuration.
I restored most of it but now NAT from the voice lan (10.2.18.0/24) to the wan is not working.
*Aug 15 04:36:55.547: NAT*: Can't create new inside entry - forced_punt_flags: 0
*Aug 15 04:36:55.547: NAT: translation failed (A), dropping packet s=10.2.18.7 d=8.8.8.8
*Aug 15 04:36:55.551: NAT*: Can't create new inside entry - forced_punt_flags: 0
*Aug 15 04:36:55.555: NAT: translation failed (A), dropping packet s=10.2.18.7 d=8.8.8.8
Config:
Current configuration : 4557 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool voip
network 10.2.18.0 255.255.255.0
default-router 10.2.18.1
option 66 ascii "http://xsp.voipit.nl/dms/cisco504/504.xml"
dns-server 8.8.8.8
!
!
no ip domain lookup
ip domain name yourdomain.com
!
!
crypto pki trustpoint TP-self-signed-956426022
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-956426022
revocation-check none
rsakeypair TP-self-signed-956426022
!
!
crypto pki certificate chain TP-self-signed-956426022
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 39353634 32363032 32301E17 0D303830 37323730 36303831
355A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3935 36343236
30323230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
C8617A6F A7C1F3EA B653F2E5 2B35AE4F F607F3E3 7FA758D5 0499BA23 16F678C9
2CD306CE BA15B41E EDCBF7B3 A457884C 4542210F E66E17FE 54E85D8E 7B242CAB
62E0F717 71483B45 B05C9469 06B5A559 A8A6B560 0F0B859F E8FB36AB 5BCCC8A8
2E6F5E10 DF42FABC 1ED7D35D 7AAF98F6 B248C356 5363A70C D5E0079C 2ACBFA97
02030100 01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D
11041B30 19821779 6F75726E 616D652E 796F7572 646F6D61 696E2E63 6F6D301F
0603551D 23041830 16801458 FB686326 8A85B691 799CDE83 F613E6F2 7D8E8F30
1D060355 1D0E0416 041458FB 6863268A 85B69179 9CDE83F6 13E6F27D 8E8F300D
06092A86 4886F70D 01010405 00038181 006C08E8 90FAF645 2D95F35B 9E7B8B4F
A6C69725 44B54654 4728239E 507F3A6F B0E4BF43 26D98EFC F0E79B1A A4C05C21
924C3DE4 8969D0CC 69AEC787 3B8D87A8 95E1D55A 14938D3A 86189BC3 03BB369F
88A42FFC 047AE5C4 8CEE9853 4FC4A6A2 16732BD4 30F0A727 EEB33BAD 5072EC8C
76035FB6 F6087C55 7646081C 5C695193 8C
quit
username ftadmin privilege 15 secret 5 $1$S0KM$rLTNOGqEeNV4/irr1uqFU/
!
!
controller DSL 0
line-term cpe
!
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet0
description Naar KPN - DATA
!
interface FastEthernet1
description Naar KPN - Voice
switchport access vlan 2
!
interface FastEthernet2
description Naar Juniper - Data
switchport access vlan 3
!
interface FastEthernet3
description Naar Switch - Voice
switchport access vlan 4
!
interface Vlan1
description PPPoE - Data
no ip address
ip tcp adjust-mss 1452
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Vlan4
description DATA
ip address 37.153.199.221 255.255.255.252
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Vlan3
description VOIP
ip address 10.2.18.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Vlan2
description PPPoE - Voice
no ip address
ip tcp adjust-mss 1452
pppoe enable group global
pppoe-client dial-pool-number 2
!
interface Dialer1
description Dialer voor DATA
mtu 1492
ip unnumbered Vlan4
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username ******** password 0 **********
!
interface Dialer2
description Dialer voor VOICE
mtu 1492
ip unnumbered Vlan3
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation ppp
dialer pool 2
dialer-group 2
no cdp enable
ppp authentication pap callin
ppp pap sent-username ******** password 0 **********
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.3.180.0 255.255.255.0 Dialer2
ip route 172.31.161.240 255.255.255.240 Dialer2
ip route 172.31.255.22 255.255.255.255 Dialer2
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 100 interface Dialer1 overload
!
access-list 100 permit ip 10.2.18.0 0.0.0.255 any
no cdp run
!
!
control-plane
!
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide