Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4097
Views
0
Helpful
25
Replies

I need some help with my Cisco 851 Integrated Services Router

boduzapho
Level 1
Level 1

‎03-14-2011 09:03 AM - edited ‎03-04-2019 11:44 AM

I bought this router from a friend,

I got the Cisco Configuration Assistant and the Cisco Network Assistant along with the internal java based control application for it. I managed to set up everything I think properly. The Vlan has DHCP set up and it is giving out IP's The Outside WAN interface (Fastethernet4) is set to DHCP and is pulling an IP from my ISP (Cox).

The issue I am having is even though my PC is getting an IP I have no internet access. I made sure NAT was set up to forward unknows to the Fastethernet4 interface. I even turned off the Firewall to ensure it was not blocking me..

Can anyone tell me what I may be missing?

Thanks in advance!

Labels:
0 Helpful
25 Replies 25

Haris P
Level 4
Level 4

‎03-14-2011 11:03 AM

Could you please paste the running config for your router ?

The nat should be simple as given below

interface FastEthernet4

ip address dhcp

ip nat ouside

interface Vlan1

ip address 192.168.100.1 255.255.255.0

ip nat inside

access-list 123 permit ip 192.168.100.0 0.0.0255 any

ip nat inside souce-list 123 interface Fastethernet4 overload

regards

haris

0 Helpful

boduzapho
Level 1
Level 1
In response to Haris P

‎03-14-2011 01:52 PM

marks#show interface

FastEthernet0 is up, line protocol is up

  Hardware is Fast Ethernet, address is 0018.1849.a680 (bia 0018.1849.a680)

  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Keepalive set (10 sec)

  Full-duplex, 100Mb/s

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input never, output never, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 1000 bits/sec, 2 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     1127 packets input, 135733 bytes, 0 no buffer

     Received 72 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     0 input packets with dribble condition detected

     591 packets output, 367285 bytes, 0 underruns

     0 output errors, 0 collisions, 2 interface resets

     0 babbles, 0 late collision, 0 deferred

     0 lost carrier, 0 no carrier

     0 output buffer failures, 0 output buffers swapped out

FastEthernet1 is up, line protocol is down

  Hardware is Fast Ethernet, address is 0018.1849.a681 (bia 0018.1849.a681)

  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Keepalive set (10 sec)

  Auto-duplex, Auto-speed

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input never, output never, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     0 packets input, 0 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     0 input packets with dribble condition detected

     0 packets output, 0 bytes, 0 underruns

     0 output errors, 0 collisions, 2 interface resets

     0 babbles, 0 late collision, 0 deferred

     0 lost carrier, 0 no carrier

     0 output buffer failures, 0 output buffers swapped out

FastEthernet2 is up, line protocol is down

  Hardware is Fast Ethernet, address is 0018.1849.a682 (bia 0018.1849.a682)

  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Keepalive set (10 sec)

  Auto-duplex, Auto-speed

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input never, output never, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     0 packets input, 0 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     0 input packets with dribble condition detected

     0 packets output, 0 bytes, 0 underruns

     0 output errors, 0 collisions, 2 interface resets

     0 babbles, 0 late collision, 0 deferred

     0 lost carrier, 0 no carrier

     0 output buffer failures, 0 output buffers swapped out

FastEthernet3 is up, line protocol is down

  Hardware is Fast Ethernet, address is 0018.1849.a683 (bia 0018.1849.a683)

  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Keepalive set (10 sec)

  Auto-duplex, Auto-speed

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input never, output never, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     0 packets input, 0 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     0 input packets with dribble condition detected

     0 packets output, 0 bytes, 0 underruns

     0 output errors, 0 collisions, 2 interface resets

     0 babbles, 0 late collision, 0 deferred

     0 lost carrier, 0 no carrier

     0 output buffer failures, 0 output buffers swapped out

FastEthernet4 is up, line protocol is up

  Hardware is PQUICC_FEC, address is 0018.1849.a68a (bia 0018.1849.a68a)

  Description: $FW_OUTSIDE$

  Internet address is 192.168.0.4/24

  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  Keepalive set (10 sec)

  Full-duplex, 100Mb/s, 100BaseTX/FX

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:00:15, output 00:00:00, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     111 packets input, 7916 bytes

     Received 110 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     0 watchdog

     0 input packets with dribble condition detected

     205 packets output, 15229 bytes, 0 underruns

     0 output errors, 0 collisions, 3 interface resets

     0 babbles, 0 late collision, 0 deferred

     0 lost carrier, 0 no carrier

     0 output buffer failures, 0 output buffers swapped out

Vlan1 is up, line protocol is up

  Hardware is EtherSVI, address is 0018.1849.a680 (bia 0018.1849.a680)

  Description: $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$

  Internet address is 10.10.10.1/24

  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:00:00, output never, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 1000 bits/sec, 2 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     1093 packets input, 117777 bytes, 0 no buffer

     Received 212 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     440 packets output, 353415 bytes, 0 underruns

     0 output errors, 1 interface resets

     0 output buffer failures, 0 output buffers swapped out

NVI0 is up, line protocol is up

  Hardware is NVI

  MTU 1514 bytes, BW 10000000 Kbit, DLY 0 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation UNKNOWN, loopback not set

  Last input never, output never, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     0 packets input, 0 bytes, 0 no buffer

     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort

     0 packets output, 0 bytes, 0 underruns

     0 output errors, 0 collisions, 0 interface resets

     0 output buffer failures, 0 output buffers swapped out

-----------------------------------------------------------------------------------------------------------------------------------------------------------------
marks#show config
Using 4946 out of 131072 bytes
!
! Last configuration change at 15:16:08 PCTime Mon Mar 14 2011 by mark
! NVRAM config last updated at 15:16:21 PCTime Mon Mar 14 2011 by mark
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname marks
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
ip subnet-zero
no ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool sdm-pool
   import all
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
   domain-name cws.com
   dns-server 8.8.8.8 8.8.4.4
   lease 0 2
!
!
ip cef
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp router-traffic
ip inspect name SDM_LOW udp router-traffic
ip inspect name SDM_LOW vdolive
ip tcp synwait-time 10
no ip bootp server
ip domain name yourdomain.com
!
!
crypto pki trustpoint TP-self-signed-1837859499
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1837859499
revocation-check none
rsakeypair TP-self-signed-1837859499
!
!
crypto pki certificate chain TP-self-signed-1837859499
certificate self-signed 01 nvram:IOS-Self-Sig#3907.cer
username mark privilege 15 secret 5 $1$1Oay$GW0nGKmaNgKYBHmv17SoL1
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $FW_OUTSIDE$
ip address dhcp client-id FastEthernet4
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect SDM_LOW out
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
!
logging trap debugging
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration##NO_ACES_3##
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration##NO_ACES_11##
access-list 101 remark SDM_ACL Category=1
access-list 101 deny   ip 10.10.10.0 0.0.0.255 any
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip any any log
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.
Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.
username   privilege 15 secret 0
no username cisco
Replace and with the username and password you want to use.
For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

0 Helpful

Haris P
Level 4
Level 4
In response to boduzapho

‎03-14-2011 10:25 PM

Try  removing the ACL 101 from FastEthernet 4 , .The last statement in the ACL is  "access-list 101 deny   ip any any log" ,while it should be "

access-list 101 permit  ip any any log"

interface FastEthernet4
no ip access-group 101 in

Regards

Haris P

0 Helpful

boduzapho
Level 1
Level 1
In response to Haris P

‎03-14-2011 10:26 PM

Are these the config commands?

interface FastEthernet4
no ip access-group 101 in

0 Helpful

Haris P
Level 4
Level 4
In response to boduzapho

‎03-14-2011 10:30 PM

Yes .Try putting this commands and let me know if this solves the issue or not

interface FastEthernet4
no ip access-group 101 in

0 Helpful

boduzapho
Level 1
Level 1
In response to Haris P

‎03-14-2011 10:38 PM

Now I seem to have lost my FastEthernet4 port...

here is the config now

yourname#show config

Using 2521 out of 131072 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname yourname

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

no aaa new-model

!

resource policy

!

ip subnet-zero

no ip dhcp use vrf connected

ip dhcp excluded-address 10.10.10.1

!

ip dhcp pool sdm-pool

   import all

   network 10.10.10.0 255.255.255.248

   default-router 10.10.10.1

   lease 0 2

!

!

ip cef

no ip domain lookup

ip domain name yourdomain.com

!

!

crypto pki trustpoint TP-self-signed-1837859499

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1837859499

revocation-check none

rsakeypair TP-self-signed-1837859499

!

!

crypto pki certificate chain TP-self-signed-1837859499

certificate self-signed 01 nvram:IOS-Self-Sig#3906.cer

username cisco privilege 15 secret 5 $1$IC4h$/C4XPpTV2sPLwL1OffScd/

username mark privilege 15 secret 5 $1$VJhP$7fvxL41Unrqb8fQGhu7W/1

!

!

!

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

no ip address

shutdown

duplex auto

speed auto

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

ip address 10.10.10.1 255.255.255.248

ip tcp adjust-mss 1452

!

ip classless

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

access-list 23 permit 10.10.10.0 0.0.0.7

no cdp run

!

control-plane

!

banner login ^C

-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device.

This feature requires the one-time use of the username "cisco"

with the password "cisco". The default username and password have a privilege level of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.

Here are the Cisco IOS commands.

username   privilege 15 secret 0

no username cisco

Replace and with the username and password you want to use.

For more information about SDM please follow the instructions in the QUICK START

GUIDE for your router or go to http://www.cisco.com/go/sdm

-----------------------------------------------------------------------

^C

!

line con 0

login local

no modem enable

line aux 0

line vty 0 4

access-class 23 in

privilege level 15

login local

transport input telnet ssh

!

scheduler max-task-time 5000

end

0 Helpful

Haris P
Level 4
Level 4
In response to boduzapho

‎03-14-2011 11:12 PM

Dear ,

It's very strange . I dont know why the whole config went out ,. Anyway could you please try below config

int f4
ip address dhcp
no sh
ip nat outside

int vlan 1
ip address 10.10.10.1 255.255.255.0
ip nat inside

ip nat inside source list 1 interface FastEthernet4 overload


access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255

0 Helpful

boduzapho
Level 1
Level 1
In response to Haris P

‎03-15-2011 06:20 AM

Ok so I tried that, and The outside interface came back up. My Computer got an IP but still no access to the internet. Here is the Running Config now:

yourname#show config

Using 2731 out of 131072 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname yourname

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

no aaa new-model

!

resource policy

!

ip subnet-zero

no ip dhcp use vrf connected

ip dhcp excluded-address 10.10.10.1

!

ip dhcp pool sdm-pool

   import all

   network 10.10.10.0 255.255.255.248

   default-router 10.10.10.1

   lease 0 2

!

!

ip cef

no ip domain lookup

ip domain name yourdomain.com

!

!

crypto pki trustpoint TP-self-signed-1837859499

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1837859499

revocation-check none

rsakeypair TP-self-signed-1837859499

!

!

crypto pki certificate chain TP-self-signed-1837859499

certificate self-signed 01 nvram:IOS-Self-Sig#3906.cer

username cisco privilege 15 secret 5 $1$IC4h$/C4XPpTV2sPLwL1OffScd/

username mark privilege 15 secret 5 $1$VJhP$7fvxL41Unrqb8fQGhu7W/1

!

!

!

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

ip address dhcp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

ip classless

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 1 interface FastEthernet4 overload

!

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 10.10.10.0 0.0.0.255

access-list 23 permit 10.10.10.0 0.0.0.7

no cdp run

!

control-plane

!

banner login ^C

-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device.

This feature requires the one-time use of the username "cisco"

with the password "cisco". The default username and password have a privilege level of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.

Here are the Cisco IOS commands.

username   privilege 15 secret 0

no username cisco

Replace and with the username and password you want to use.

For more information about SDM please follow the instructions in the QUICK START

GUIDE for your router or go to http://www.cisco.com/go/sdm

-----------------------------------------------------------------------

^C

!

line con 0

login local

no modem enable

line aux 0

line vty 0 4

access-class 23 in

privilege level 15

login local

transport input telnet ssh

!

scheduler max-task-time 5000

end

0 Helpful

Haris P
Level 4
Level 4
In response to boduzapho

‎03-15-2011 06:58 AM

Dear ,

  • Are you able to ping any outside IP from router ?  If not able to ping from router try add

Like ping 8.8.8.8 from your router (8.8.8.8 is google-public-dns-a.google.com and is pingable)

  • Are you able to ping this IP from your PC ?? If yes try adding the DNS 8.8.8.8 in your PC statically and try to browse
  • Also please post ourtput of "  show ip nat translations "  and " ping 8.8.8.8 source vlan 1"

Awaiting yor response

Regards

0 Helpful

boduzapho
Level 1
Level 1
In response to Haris P

‎03-15-2011 07:02 AM

I got nothing...

yourname#ping 8.8.8.8 source vlan1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

Packet sent with a source address of 10.10.10.1

.....

Success rate is 0 percent (0/5)

yourname#show ip nat translations

yourname#

0 Helpful

boduzapho
Level 1
Level 1
In response to boduzapho

‎03-15-2011 07:08 AM

The funny thing is I also have a PIX515e and it just does not like to work as well.. I am begining to think cisco gear is more trouble than its worth

0 Helpful

Haris P
Level 4
Level 4
In response to boduzapho

‎03-15-2011 07:29 AM

The config. looks OK ,but may be something wrong with your connection ? .

Where are you connecting this Fastethernet4 ? to firewall ? and if firewall is not working how the router behind firewall will work ?

So just try to fix the firewall and then after that think abt router

Regards

Haris P

0 Helpful

johnlloyd_13
Level 9
Level 9

‎03-15-2011 07:29 AM

Hi,

Your LAN gatway is on a different subnet from your LAN range. Try to reconfigure your DHCP pool using network 10.10.10.0 255.255.255.0.

Sent from Cisco Technical Support iPhone App

0 Helpful

boduzapho
Level 1
Level 1
In response to johnlloyd_13

‎03-15-2011 08:36 AM

Ok so heres what I did and the resulting config:

yourname#config terminal

Enter configuration commands, one per line.  End with CNTL/Z.

yourname(config)#interface vlan1

yourname(config-if)#ip dhcp pool mypool

yourname(dhcp-config)#network 10.10.10.1 /24

yourname(dhcp-config)#dns-server 8.8.8.8 8.8.4.4

yourname(dhcp-config)#lease 7

yourname(dhcp-config)#exit

yourname(config)#wr

% Incomplete command.

yourname(config)#end

yourname#wr

Building configuration...

*Mar  1 00:37:25.011: %SYS-5-CONFIG_I: Configured from console by mark on console[OK]

yourname#show config

Using 2831 out of 131072 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname yourname

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

no aaa new-model

!

resource policy

!

ip subnet-zero

no ip dhcp use vrf connected

ip dhcp excluded-address 10.10.10.1

!

ip dhcp pool sdm-pool

   import all

   network 10.10.10.0 255.255.255.248

   default-router 10.10.10.1

   lease 0 2

!

ip dhcp pool mypool

   network 10.10.10.0 255.255.255.0

   dns-server 8.8.8.8 8.8.4.4

   lease 7

!

!

ip cef

no ip domain lookup

ip domain name yourdomain.com

!

!

crypto pki trustpoint TP-self-signed-1837859499

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1837859499

revocation-check none

rsakeypair TP-self-signed-1837859499

!

!

crypto pki certificate chain TP-self-signed-1837859499

certificate self-signed 01 nvram:IOS-Self-Sig#3906.cer

username cisco privilege 15 secret 5 $1$IC4h$/C4XPpTV2sPLwL1OffScd/

username mark privilege 15 secret 5 $1$VJhP$7fvxL41Unrqb8fQGhu7W/1

!

!

!

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

ip address dhcp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

ip classless

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 1 interface FastEthernet4 overload

!

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 10.10.10.0 0.0.0.255

access-list 23 permit 10.10.10.0 0.0.0.7

no cdp run

!

control-plane

!

banner login ^C

-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device.

This feature requires the one-time use of the username "cisco"

with the password "cisco". The default username and password have a privilege level of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.

Here are the Cisco IOS commands.

username   privilege 15 secret 0

no username cisco

Replace and with the username and password you want to use.

For more information about SDM please follow the instructions in the QUICK START

GUIDE for your router or go to http://www.cisco.com/go/sdm

-----------------------------------------------------------------------

^C

!

line con 0

login local

no modem enable

line aux 0

line vty 0 4

access-class 23 in

privilege level 15

login local

transport input telnet ssh

!

scheduler max-task-time 5000

end

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card