Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2363
Views
0
Helpful
3
Replies

HWIC-3G-CDMA-S is DRIVING ME CRAZY! No incoming WAN access.

Vittorio Alfieri
Level 1
Level 1

‎04-01-2012 12:26 PM - edited ‎03-04-2019 03:52 PM

The problem is I can't access the router from the internet. I am also an ocean away from the site. I have an ugly hack set up where I access an inside PC with Teamviewer and then puTTy to the router, but it is slow, ugly, and doesn't fix my problem. I need to be able to set up internet accessible servers at this location for VOIP, VPN, and REAL remote access.

Everything else works fine. Connection is stable. Speed is kinda shitty, but that's not so important.

First off some specs:

  • Cisco 2801
  • c2801-ipvoicek9-mz.124-24.T1.bin
  • hwic-3g-cdma-s
  • Sprint 3G data plan

Ok, I have set up the previous equipment as a router for a branch office where 3G access is the only available internet access.

I have had the excruciating experience of talking with Sprint Tech Support, and would rather shoot myself in the foot than do so again.

Here is what they told me: "They block ports, but they can't tell me which ones."

Here is relevant info I have been able to gather.

  • The IP connection the ISP gives us is not NATTED. That is the address at wimi.com and show int dialer 0 is the same one.
  • Most forums say Sprint only blocks port 80.
  • Zenmap (nmap for windows) says the router has NO open ports but DOES exist.
  • Router does not respond to pings
  • Can't SSH into router from internet
  • Can't access a test local server with port 8080 or 8081 open with the correct nat statement in Cisco router
  • No filtering access-list for testing

The config should be just fine as a base config for using hwic-3g-cdma-s as the main internet access interface for a router. Everything works fine aside from the lack of remote access.

So in my head it has to be one of 3 problems.

1. The card is doing some weird stuff to incoming requests

2. Sprint is blocking WAN requests on port 22, 2200, 8080, and 8081 and pings (tested). Maybe they block all WAN requests?

3. There is something wrong with my config.

Any suggestions as to why I can't remote access into my router or things to try with the config?

Thank you in advance for your help

-Vittorio

Below are some config pastes:

chat-script cdma "" "ATDT#777" TIMEOUT 60 "CONNECT"

!

ip ssh authentication-retries 2

ip ssh port 2200 rotary 1

ip ssh version 2

!

!

!

!

interface FastEthernet0/0

no ip address

shutdown

duplex auto

speed auto

no cdp enable

!

interface FastEthernet0/1

ip address 192.168.30.1 255.255.255.0

ip nat inside

ip virtual-reassembly

speed auto

full-duplex

no cdp enable

no mop enabled

!

interface Cellular0/3/0

no ip address

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer in-band

dialer pool-member 1

dialer-group 1

async mode interactive

!

interface Dialer0

ip ddns update hostname DYNDNSHOSTNAME

ip ddns update dyndns

ip address negotiated

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer idle-timeout 0 either

dialer string cdma

dialer persistent delay 5

dialer persistent max-attempts 5

dialer-group 1

no cdp enable

ppp chap password 7 WOOGYBOOGY

ppp ipcp dns request

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer0

!

no ip http server

no ip http secure-server

!

ip dns server

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source static tcp 192.168.30.103 8081 interface Dialer0 8081


!

access-list 1 permit any

dialer-list 1 protocol ip list 1

no cdp run

!

line 0/3/0

script dialer cdma

login local

rotary 1

no exec

transport input ssh

rxspeed 3100000

txspeed 1800000

line vty 0 4

password 7 02565D58030F01264340

logging synchronous

login local

rotary 1

transport input ssh

!

Labels:
0 Helpful
3 Replies 3

paolo bevilacqua
Hall of Fame
Hall of Fame

‎04-01-2012 02:21 PM

That is a very well know NAT issue. Configure:

no access-list 1

access-list 1 permit ip 192.168.0.0 0.0.255.255

and you will be able to telnet in.

0 Helpful

Vittorio Alfieri
Level 1
Level 1
In response to paolo bevilacqua

‎04-02-2012 09:47 AM

Thank you Paolo for your quick response.

I did the modification as you said, however the problem persists on this router.

I actually had another router with a similar problem, and the command you wrote did help me fix remote access with that router, but it is not the one the post is about.

This is what it shows after the modification. (I tried 192.168.0.0 0.0.255.255 as well as 192.168.30.0 0.0.0.255)

show access-list

Standard IP access list 1

    10 permit 192.168.30.0, wildcard bits 0.0.0.255 (1735 matches)

Any other suggestions?

P.S. Zenmap still shows all ports as closed from a 1000 port scan.

0 Helpful

Vittorio Alfieri
Level 1
Level 1

‎04-21-2012 03:37 AM

Hello again,

Just following up.

I really need help on this one. It's driving me nuts.

I will try anything!!!!!

Does anybody else have a similar set up with the HWIC-3G-CDMA-S with Sprint? If so, do you have remote access to the router via the CDMA card?

I would love to be able to blame it on Sprint because that would mean the solution would be as easy as switching providers, and Verizon has their new fangled LTE in my city.

I do not want to switch providers if it is not necessary however.

Please help!

Vittorio Alfieri

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card