Solved: Re: Cisco 881-k9 and port forwarding, will this work?

Daniel Jansma · ‎01-08-2013

Hi Guys,

Before I will go live with this Router I want to know if this is going to work.

I got two questions:

1. I can't ping to a dns domain name like, www.google.nl form the cli. With my laptop is no problem wich got DHCP from router, so is this my misstake somewhere?

2. is my port forwarding going to work, see config.

I'm new in Cisco command line world so don't break me ;-) Thanks for your time!!!

!

! Last configuration change at 20:48:56 UTC Tue Jan 8 2013 by

! NVRAM config last updated at 21:04:03 UTC Tue Jan 8 2013 by

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

no aaa new-model

memory-size iomem 10

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-133882138

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-133882138

revocation-check none

rsakeypair TP-self-signed-133882138

!

crypto pki certificate chain TP-self-signed-133882138

certificate self-signed 01 nvram:IOS-Self-Sig#3.cer

ip source-route

!

ip dhcp excluded-address 192.168.10.1 192.168.10.100

ip dhcp excluded-address 192.168.10.150 192.168.100.254

!

ip dhcp pool Test

network 192.168.10.0 255.255.255.0

default-router 192.168.10.1

dns-server 213.144.235.1 213.144.235.2

lease 8

!

ip cef

no ipv6 cef

!

license udi pid CISCO881-K9 sn FCZ1649C3SD

!

archive

path ftp://ipaddress/httpdocs/fiber_

write-memory

username admin privilege 15 secret 4 BLABLA

!

ip ftp username hello

ip ftp password typo

ip ssh version 2

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface FastEthernet4

description WAN

no ip address

duplex full

speed 100

pppoe-client dial-pool-number 1

!

interface Vlan1

description LAN

ip address 192.168.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

!

interface Dialer1

mtu 1492

ip address negotiated

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication pap callin

ppp pap sent-username USERNAME password 0 PASSWORD

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

!

ip dns server

ip nat inside source list 101 interface Dialer1 overload

ip nat inside source static tcp 192.168.10.6 1723 interface Dialer1 1723

ip nat inside source static tcp 192.168.10.253 444 interface Dialer1 444

ip nat inside source static tcp 192.168.10.3 25 interface Dialer1 25

ip nat inside source static tcp 192.168.10.3 443 interface Dialer1 443

ip nat inside source static tcp 192.168.10.4 3389 interface Dialer1 3389

ip nat inside source static tcp 192.168.10.150 5060 interface Dialer1 5060

ip route 0.0.0.0 0.0.0.0 Dialer1

!

access-list 23 permit 172.31.255.0 0.0.0.255

access-list 23 permit 84.246.25.0 0.0.0.255

access-list 23 permit 212.121.121.0 0.0.0.255

access-list 23 remark acl_remote_management

access-list 23 permit 192.168.10.0 0.0.0.255

access-list 101 permit ip 192.168.10.0 0.0.0.255 any

dialer-list 1 protocol ip permit

!

line con 0

login local

line aux 0

line vty 0 4

access-class 23 in

privilege level 15

login local

transport input all

!

end

Ahad Aboss · ‎01-08-2013

What version of IOS are you running?

Add this to the config;

ip name-server 213.144.235.1

ip name-server 213.144.235.2

ip name-server 8.8.8.8 this is google's PUB DNS in case you have problems with your own DNS.

ip domain name (put the name server domain here - ns1.yourdomain.com) if you have one.

let me know how you go.

View solution in original post

Emmanuel Valdez · ‎01-08-2013

Hi,

Do you have public IP addrees on Dialer interface?

Can you post a show ip int brief please?

Regards.

Sent from Cisco Technical Support iPhone App

Daniel Jansma · ‎01-08-2013

Hi,

Wel the ip on the dialer is as DHcp client from ISP. Can't do more on the dialer i think.

I get the same information when i do the show ip int brief. There i see the external ip.

Thanks for your quick reply.

Sent from Cisco Technical Support iPhone App

Ahad Aboss · ‎01-08-2013

1. In config terminal type (config)#ip domain-lookup then hit enter.

2. Under interface Dialer1 you configured ip address negotiated which mean your ISP radius server will issue the IP. Once the PPP session is established, your port forwarding will work fine.

Hope this helps.

Ahad

Daniel Jansma · ‎01-08-2013

Hi,

1. When I ping to www.google.nl i receive:
Translating www.google.nl ... Domain server 255.255.255.255

Unregonized host .....

2. Thanks, i Will try It!

Sent from Cisco Technical Support iPhone App

Ahad Aboss · ‎01-08-2013

What version of IOS are you running?

Add this to the config;

ip name-server 213.144.235.1

ip name-server 213.144.235.2

ip name-server 8.8.8.8 this is google's PUB DNS in case you have problems with your own DNS.

ip domain name (put the name server domain here - ns1.yourdomain.com) if you have one.

let me know how you go.

Emmanuel Valdez · ‎01-08-2013

What is the output form the sh ip int brief?

Maybe you did not received an IP public address from your ISP, if you don´t receive it you can not navigate to Internet.

Regards.