08-23-2010 08:53 AM - edited 03-04-2019 09:31 AM
Hi,
I've currently trying to trouble shoot a connection problem with an IDSL line that has been setup on our firewall for about a year but never used nor tested. I've had a look at the online help and believe our setup is correct give the details we were provided.
The configuration seems correct as the interface shows it is up, and add entries for the network to the routing table(see below) and the IDSL line it self has a dial tone. I've gone back to the provide to ask for them to investigate their end but while I wait I thought I ask all of you guys, so suggestions?
Thanks,
David.
Interface set ups
interface ATM0/0/0
description *** ISP ADSL Connection ***
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode auto
interface Dialer0
bandwidth 8192
ip address 66.106.163.44 255.255.240.0
ip access-group dialer in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname **************
ppp chap password 7 ****************
ppp pap sent-username ***************** password *****************
!
Information provided by ISP
VPI:0
VCI:38
Protocol: PPPoA/VC MUX
Modulation: Multimode/G.DMT
ADSL 1
IP: 66.106.163.44
No. IPs: 1
Route table as it stands
C 152.169.10.0/24 is directly connected, FastEthernet0/1
92.0.0.0/28 is subnetted, 1 subnets
C 92.111.145.209 is directly connected, FastEthernet0/0
66.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 66.106.160.0/20 is directly connected, Dialer0
C 66.106.129.19/32 is directly connected, Dialer0
146.101.0.0/32 is subnetted, 1 subnets
S 146.101.163.30 [1/0] via 92.111.145.209
C 152.169.51.0/24 is directly connected, BVI2
C 152.169.50.0/24 is directly connected, BVI1
S* 0.0.0.0/0 [1/0] via 92.111.145.209
Solved! Go to Solution.
08-25-2010 07:42 AM
Just add the necessary NAT statements and you should be good to go.
08-23-2010 10:34 AM
You are missing PVC configuration.
However, send "show dsl interface" to confirm the circuit syncs up.
08-25-2010 06:54 AM
Hi.
Sorry for the slow reply I got pulled on to something else. I had missed out the PVC configuration, my bad, just spotted it now(Copied in at the bottom of this post). Since my post I've had the line tested and the provider has confirmed that the line is working correctly.
The results of show dsl interface are below too.
If anyone has any ideas or tests I could perform please let me know.
interface ATM0/0/0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
no snmp trap link-status
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
ATM0/0/0
Alcatel 20190 chipset information
ATU-R (DS) ATU-C (US)
Modem Status: Showtime (DMTDSL_SHOWTIME)
DSL Mode: ITU G.992.1 (G.DMT) Annex A
ITU STD NUM: 0x03 0x1
Vendor ID: 'STMI' 'ALCB'
Vendor Specific: 0x0000 0x0000
Vendor Country: 0x0F 0x0F
Capacity Used: 78% 80%
Noise Margin: 12.5 dB 13.0 dB
Output Power: 19.0 dBm 12.0 dBm
Attenuation: 20.0 dB 11.0 dB
Defect Status: None None
Last Fail Code: None
Watchdog Counter: 0xB5
Watchdog Resets: 0
Selftest Result: 0x00
Subfunction: 0x00
Interrupts: 38309 (0 spurious)
PHY Access Err: 0
Activations: 6
LED Status: OFF
LED On Time: 0
LED Off Time: 0
Init FW: embedded
Operation FW: embedded
FW Version: 2.5.42
Interleave Fast Interleave Fast
Speed (kbps): 7616 0 832 0
Cells: 43065 0 339101686 0
Reed-Solomon EC: 0 0 0 0
CRC Errors: 0 0 6 0
Header Errors: 0 0 0 0
Total BER: 0E-0 0E-0Leakage Avarage BER: 0E-0 0E-0
LOM Monitoring : Disabled
DMT Bits Per Bin
000: 0 0 0 0 0 0 0 7 8 9 A A B B B C
010: B B B B B B B A A A A 9 9 8 0 0
020: 0 0 0 0 0 0 9 9 A A A A A A B B
030: B B B B B B C C C C C C C C C C
040: 0 B B B B B B B B B B B B B B B
050: B B B B B 2 B B B B B B B B B A
060: B B A A A B A A A A A A A A A A
070: A A A A A A A A 9 A A A A A A A
080: A A A 9 A A A 9 A A A 9 9 A 9 9
090: 9 9 9 9 9 9 9 9 A 9 A 9 9 9 9 9
0A0: 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9
0B0: 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9
0C0: 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9
0D0: 9 9 9 8 9 9 9 9 9 9 8 8 8 8 8 8
0E0: 8 8 8 8 8 8 8 8 8 8 8 8 8 7 7 8
0F0: 8 7 7 7 7 7 7 7 7 6 6 6 6 6 6 6
DSL: Training log buffer capability is not enabled
08-25-2010 07:42 AM
Just add the necessary NAT statements and you should be good to go.
08-25-2010 08:58 AM
Ah ha!
I see, we did have a NAT already there but I believe the order of the NAT'ing for the inside interface are wrong causing the traffic to be NAT'ed with the external IP on our other line. I will test the change asap and let you know what happens.
Thanks,
David.
08-31-2010 06:34 AM
Hi Paolo,
I have marked you answer as correct because I do believe you are correct but I think I am missing something when adding the nat entries below, so it's still not quite there but I have a clear run at this so I'm investigating to figure out why it isn't working.
Running the command "show ip nat translations | include 192.168.10.55" shows my test address 192.168.10.55 being nat'd to the external IP of the IDSL connection 66.106.163.44 but still no luck.
Thanks,
David.
!
! Last configuration change at 17:05:24 London Wed Aug 25 2010 by root
! NVRAM config last updated at 17:09:33 London Wed Aug 25 2010 by root
!
version 12.4
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
!
boot-start-marker
boot-end-marker
!
logging buffered 8192 informational
logging console informational
logging monitor informational
!
aaa new-model
!
!
aaa authentication login userlist local
aaa authentication ppp default local
aaa authorization network groupauthor local
!
aaa session-id common
!
resource policy
!
memory-size iomem 20
clock timezone London 0
clock summer-time London date Mar 30 2003 1:00 Oct 26 2003 2:00
no ip source-route
ip icmp rate-limit unreachable 100
ip icmp rate-limit unreachable DF 1
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.50.254
ip dhcp excluded-address 192.168.50.10 192.168.50.11
!
ip dhcp pool Wireless
import all
network 192.168.50.0 255.255.255.0
dns-server 192.168.10.1 192.168.10.2
default-router 192.168.50.254
lease 3
!
!
no ip bootp server
ip domain name Hatter.co.uk
ip name-server 192.168.10.1
ip name-server 192.168.10.2
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect name outbound esmtp
ip inspect name outbound tcp
ip inspect name outbound udp
!
!
crypto pki trustpoint TP-self-signed-337632103
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-33763
revocation-check none
rsakeypair TP-self-signed-337632103
!
!
crypto pki certificate chain TP-self-signed-33763
certificate self-signed 01
30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
!
!
!
crypto isakmp policy 10
encr aes
authentication pre-share
lifetime 28800
!
crypto isakmp policy 20
encr 3des
authentication pre-share
group 2
crypto isakmp key blahblah address 166.111.123.21
crypto isakmp keepalive 20 10
crypto isakmp xauth timeout 20
!
crypto isakmp client configuration group VPNCLIENTGROUP
key timerightnow
dns 192.168.10.1 192.168.10.2
domain Hatter.co.uk
pool vpn1
acl Hattervpn_splitTunnelAcl
crypto isakmp profile VPNclient
description VPN clients profile
match identity group VPNCLIENTGROUP
client authentication list userlist
isakmp authorization list groupauthor
client configuration address respond
!
!
crypto ipsec transform-set 3des esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec transform-set HiRemote esp-aes esp-sha-hmac
!
crypto dynamic-map dynmap 20
set transform-set 3des
set isakmp-profile VPNclient
reverse-route
!
!
crypto map map1 10 ipsec-isakmp
set peer 166.111.123.21
set transform-set HiRemote
match address 100
crypto map map1 20 ipsec-isakmp dynamic dynmap
!
bridge irb
!
!
!
interface FastEthernet0/0
description $ETH-WAN$
bandwidth 2048
ip address 80.101.105.214 255.255.255.240
ip access-group outside_acl in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip inspect outbound in
ip inspect outbound out
ip virtual-reassembly
no ip route-cache cef
ip route-cache flow
ip tcp adjust-mss 1452
no ip mroute-cache
duplex auto
speed auto
no cdp enable
arp timeout 1800
no mop enabled
crypto map map1
!
interface FastEthernet0/1
description $ETH-LAN$
ip address 192.168.10.254 255.255.255.0
ip access-group inside_acl in
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat inside
ip inspect outbound in
ip inspect outbound out
ip virtual-reassembly
ip tcp adjust-mss 1452
speed 100
full-duplex
!
interface ATM0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no ip mroute-cache
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0/0/0.1 point-to-point
no ip redirects
no ip unreachables
no ip proxy-arp
no snmp trap link-status
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dot11Radio0/1/0
description Wireless interface
no ip address
no ip redirects
ip local-proxy-arp
ip virtual-reassembly
!
broadcast-key vlan 1 change 45
!
broadcast-key vlan 2 change 45
!
!
encryption vlan 1 mode ciphers tkip
!
encryption vlan 2 mode ciphers tkip
!
encryption mode ciphers tkip
!
ssid Hatter01
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2452
station-role root
no cdp enable
!
interface Dot11Radio0/1/0.1
description Hatter UnSecure
encapsulation dot1Q 1 native
ip virtual-reassembly
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dialer0
bandwidth 8192
ip address 66.106.163.44 255.255.240.0
ip access-group dialer in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication **************
ppp chap hostname **************
ppp chap password 7 **************
ppp pap sent-username ************** password 7 **************
!
interface BVI1
description Wireless LAN
ip address 192.168.50.254 255.255.255.0
ip access-group inside_acl in
ip nat inside
ip virtual-reassembly
!
interface BVI2
mtu 1514
ip address 192.168.51.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip local pool vpn1 192.168.11.1 192.168.11.20
ip route 0.0.0.0 0.0.0.0 80.101.105.205
ip route 146.101.163.30 255.255.255.255 80.101.105.205
!
ip flow-top-talkers
top 20
sort-by bytes
!
ip http server
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool pool1 80.101.105.214 80.101.105.214 netmask 255.255.255.240
ip nat inside source list 111 pool pool1 overload
ip nat inside source route-map dialer interface Dialer0 overload
!
ip access-list extended Hattervpn_splitTunnelAcl
permit ip 192.168.10.0 0.0.0.255 any
ip access-list extended dialer
permit ip 192.168.10.0 0.0.0.255 any
permit ip 192.168.50.0 0.0.0.255 any
deny ip any any
ip access-list extended general
permit ip any any
ip access-list extended inside_acl
permit udp host 192.168.10.1 host 172.16.1.78 eq domain
permit udp host 192.168.10.1 host 172.16.1.80 eq domain
permit udp host 192.168.10.2 host 172.16.1.78 eq domain
permit udp host 192.168.10.2 host 172.16.1.80 eq domain
permit tcp host 192.168.10.50 host 172.16.1.90 eq 8080
permit tcp host 192.168.10.50 host 172.16.1.90 eq 8081
permit tcp host 192.168.10.48 host 172.16.1.92 eq 8080
permit tcp host 192.168.10.48 host 172.16.1.92 eq 8081
permit tcp host 192.168.10.63 host 172.16.1.92 eq 8080
permit tcp host 192.168.10.54 host 172.16.1.10 eq 3389
permit tcp host 192.168.10.54 host 172.16.1.11 eq 3389
permit tcp host 192.168.10.54 host 172.16.1.13 eq 3389
permit tcp host 192.168.10.54 host 172.16.1.14 eq 3389
permit tcp host 192.168.10.54 host 172.16.1.15 eq 3389
permit tcp 192.168.10.0 0.0.0.255 host 172.16.1.20 eq 1433
permit tcp 192.168.10.0 0.0.0.255 host 172.16.1.22 eq 1433
permit tcp 192.168.10.0 0.0.0.255 host 172.16.1.24 eq 1433
permit tcp 192.168.10.0 0.0.0.255 host 172.16.1.26 eq 1433
permit tcp 192.168.10.0 0.0.0.255 host 172.16.1.28 eq 1433
permit tcp 192.168.10.0 0.0.0.255 host 172.16.1.30 eq 1433
permit tcp 192.168.10.0 0.0.0.255 host 172.16.1.32 eq 1433
permit tcp 192.168.10.0 0.0.0.255 host 172.16.1.34 eq 1433
permit tcp 192.168.10.0 0.0.0.255 host 172.16.1.36 eq 1433
permit tcp 192.168.10.0 0.0.0.255 host 172.16.1.100 eq 1433
permit tcp 192.168.10.0 0.0.0.255 host 172.16.2.118 eq 1433
permit ip host 192.168.10.50 172.16.0.0 0.0.255.255
permit ip host 192.168.10.51 172.16.0.0 0.0.255.255
permit ip host 192.168.10.57 172.16.0.0 0.0.255.255
permit ip host 192.168.10.66 172.16.0.0 0.0.255.255
permit ip host 192.168.10.61 172.16.0.0 0.0.255.255
permit ip host 192.168.10.67 172.16.0.0 0.0.255.255
permit ip host 192.168.10.83 172.16.0.0 0.0.255.255
permit ip host 192.168.10.84 172.16.0.0 0.0.255.255
permit ip host 192.168.10.55 172.16.0.0 0.0.255.255
permit ip host 192.168.10.160 172.16.0.0 0.0.255.255
permit ip host 192.168.10.163 172.16.0.0 0.0.255.255
permit ip host 192.168.10.203 172.16.0.0 0.0.255.255
permit tcp 192.168.10.0 0.0.0.255 172.16.0.0 0.0.255.255 eq www
permit tcp 192.168.10.0 0.0.0.255 172.16.0.0 0.0.255.255 eq 443
permit tcp 192.168.10.0 0.0.0.255 host 172.16.1.90 eq 7099
permit tcp 192.168.10.0 0.0.0.255 host 172.16.1.93 eq ftp
permit tcp 192.168.10.0 0.0.0.255 host 172.16.1.93 eq 22
deny ip 192.168.10.0 0.0.0.255 172.16.0.0 0.0.255.255
deny ip 192.168.11.0 0.0.0.255 172.16.0.0 0.0.255.255
deny tcp any any eq 4662
deny tcp any 128.121.20.0 0.0.0.15 eq www
deny tcp any 128.121.4.0 0.0.0.255 eq www
permit ip any any
permit icmp 192.168.10.0 0.0.0.255 any echo
permit icmp 192.168.10.0 0.0.0.255 any echo-reply
ip access-list extended outside_acl
remark SDM_ACL Category=17
permit ahp host 146.101.163.30 host 80.101.105.214
permit ahp any host 80.101.105.214
permit esp host 146.101.163.30 host 80.101.105.214
permit esp any host 80.101.105.214
permit udp host 146.101.163.30 host 80.101.105.214 eq isakmp
permit udp any host 80.101.105.214 eq isakmp
permit udp host 146.101.163.30 host 80.101.105.214 eq non500-isakmp
permit udp any host 80.101.105.214 eq non500-isakmp
permit ip 172.16.0.0 0.0.255.255 192.168.0.0 0.0.255.255
permit udp host 146.101.163.30 any eq isakmp
permit udp host 146.101.163.30 eq isakmp any
permit esp host 146.101.163.30 any
permit udp any eq isakmp any
permit udp any any eq non500-isakmp
permit udp any any eq isakmp
permit ahp any any
permit esp any any
permit tcp any host 80.101.105.212 eq 995
permit tcp any host 80.101.105.212 eq 587
permit tcp any host 80.101.105.212 eq www
permit tcp any host 80.101.105.212 eq 443
permit tcp any host 80.101.105.212 eq smtp
permit tcp any host 80.101.105.212 eq 993
permit tcp any host 80.101.105.213 eq www
permit tcp any host 80.101.105.214 eq www
permit tcp any host 80.101.105.215 eq www
permit tcp any host 80.101.105.215 eq 443
permit tcp any host 80.101.105.216 eq www
permit tcp any host 80.101.105.216 eq 443
permit tcp host 80.177.153.32 host 80.101.105.214 eq 8080
permit tcp host 146.101.163.30 host 80.101.105.214 eq 8080
permit icmp any any
deny ip any any log
!
no logging trap
logging 192.168.10.203
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 100 permit ip 192.168.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 101 deny ip 192.168.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 101 permit ip any host 146.101.162.209
access-list 101 permit ip any host 146.101.250.35
access-list 101 permit ip any host 80.64.57.160
access-list 101 permit ip any host 80.64.57.161
access-list 101 permit ip any host 166.111.123.78
access-list 101 permit ip any host 166.111.123.79
access-list 101 deny ip host 192.168.10.203 any
access-list 101 deny ip 192.168.10.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 101 deny ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 101 deny ip any 192.168.11.0 0.0.0.255
access-list 101 deny ip 192.168.10.50 0.0.0.1 any
access-list 101 deny ip 192.168.10.52 0.0.0.3 any
access-list 101 deny ip 192.168.10.56 0.0.0.7 any
access-list 101 deny ip 192.168.10.64 0.0.0.31 any
access-list 101 deny ip 192.168.10.96 0.0.0.3 any
access-list 101 deny ip host 192.168.10.100 any
access-list 101 deny ip host 192.168.10.204 any
access-list 101 deny ip host 192.168.10.205 any
access-list 101 deny ip host 192.168.10.206 any
access-list 101 deny ip host 192.168.10.207 any
access-list 101 deny ip host 192.168.10.208 any
access-list 101 deny ip host 192.168.10.209 any
access-list 101 deny ip host 192.168.10.210 any
access-list 101 deny ip host 192.168.10.220 any
access-list 101 deny ip host 192.168.10.221 any
access-list 101 permit ip 192.168.50.0 0.0.0.255 any
access-list 101 permit ip 192.168.10.0 0.0.0.31 any
access-list 101 permit ip 192.168.10.32 0.0.0.15 any
access-list 101 permit ip 192.168.10.48 0.0.0.1 any
access-list 101 permit ip host 192.168.10.101 any
access-list 101 permit ip 192.168.10.102 0.0.0.1 any
access-list 101 permit ip 192.168.10.104 0.0.0.7 any
access-list 101 permit ip 192.168.10.112 0.0.0.15 any
access-list 101 permit ip 192.168.10.128 0.0.0.63 any
access-list 101 permit ip 192.168.10.192 0.0.0.31 any
access-list 101 permit ip 192.168.10.224 0.0.0.15 any
access-list 101 permit ip 192.168.10.240 0.0.0.7 any
access-list 101 permit ip 192.168.10.248 0.0.0.3 any
access-list 101 permit ip 192.168.10.252 0.0.0.1 any
access-list 102 permit ip any any
access-list 103 deny ip any any dscp 1 log
access-list 103 permit ip any any
access-list 104 deny ip 192.168.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 104 deny ip host 192.168.10.203 172.16.0.0 0.0.255.255
access-list 104 deny ip host 192.168.10.203 192.168.11.0 0.0.0.255
access-list 104 deny ip any 192.168.11.0 0.0.0.255
access-list 104 permit ip host 192.168.10.203 any
access-list 104 permit ip host 192.168.10.204 any
access-list 104 permit ip host 192.168.10.205 any
access-list 104 permit ip host 192.168.10.206 any
access-list 104 permit ip host 192.168.10.207 any
access-list 104 permit ip host 192.168.10.208 any
access-list 104 permit ip host 192.168.10.209 any
access-list 104 permit ip host 192.168.10.210 any
access-list 104 permit ip host 192.168.10.220 any
access-list 104 permit ip host 192.168.10.221 any
access-list 105 deny ip 192.168.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 105 deny ip host 192.168.10.203 any
access-list 105 deny ip 192.168.10.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 105 deny ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 105 deny ip any 192.168.11.0 0.0.0.255
access-list 105 deny ip 192.168.10.0 0.0.0.31 any
access-list 105 deny ip 192.168.10.32 0.0.0.15 any
access-list 105 deny ip 192.168.10.48 0.0.0.1 any
access-list 105 deny ip host 192.168.10.101 any
access-list 105 deny ip 192.168.10.102 0.0.0.1 any
access-list 105 deny ip 192.168.10.104 0.0.0.7 any
access-list 105 deny ip 192.168.10.112 0.0.0.15 any
access-list 105 deny ip 192.168.10.128 0.0.0.63 any
access-list 105 deny ip 192.168.10.192 0.0.0.31 any
access-list 105 deny ip 192.168.10.224 0.0.0.15 any
access-list 105 deny ip 192.168.10.240 0.0.0.7 any
access-list 105 deny ip 192.168.10.248 0.0.0.3 any
access-list 105 deny ip 192.168.10.252 0.0.0.1 any
access-list 105 deny ip host 192.168.10.204 any
access-list 105 deny ip host 192.168.10.205 any
access-list 105 deny ip host 192.168.10.206 any
access-list 105 deny ip host 192.168.10.207 any
access-list 105 deny ip host 192.168.10.208 any
access-list 105 deny ip host 192.168.10.209 any
access-list 105 deny ip host 192.168.10.210 any
access-list 105 deny ip host 192.168.10.220 any
access-list 105 deny ip host 192.168.10.221 any
access-list 105 permit ip 192.168.10.50 0.0.0.1 any
access-list 105 permit ip 192.168.10.52 0.0.0.3 any
access-list 105 permit ip 192.168.10.56 0.0.0.7 any
access-list 105 permit ip 192.168.10.64 0.0.0.31 any
access-list 105 permit ip 192.168.10.96 0.0.0.3 any
access-list 105 permit ip host 192.168.10.100 any
access-list 105 permit ip 192.168.50.0 0.0.0.255 any
access-list 106 permit ip any any
access-list 107 permit ip any any
access-list 109 permit ip 0.0.0.0 255.255.0.0 0.0.0.0 255.255.0.0
access-list 109 permit ip 0.0.0.0 255.255.0.0 0.0.0.0 255.255.255.0
access-list 109 permit ip any 0.0.0.0 255.255.255.0
access-list 109 permit ip 0.0.0.0 255.255.255.0 0.0.0.0 255.255.255.0
access-list 110 deny ip 192.168.10.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 110 permit ip host 192.168.10.55 any
access-list 110 deny ip 192.168.10.0 0.0.0.255 any
access-list 110 deny ip 192.168.50.0 0.0.0.255 any
access-list 111 deny ip 192.168.0.0 0.0.255.255 172.16.0.0 0.0.255.255
access-list 111 deny ip 192.168.10.0 0.0.0.255 172.16.0.0 0.0.255.255
access-list 111 deny ip 192.168.10.0 0.0.0.255 192.168.11.0 0.0.0.255
access-list 111 deny ip any 192.168.11.0 0.0.0.255
access-list 111 permit ip 192.168.10.0 0.0.0.255 any
access-list 111 permit ip 192.168.50.0 0.0.0.255 any
dialer-list 1 protocol ip permit
snmp-server community
snmp-server host 192.168.10.203
arp 192.168.10.110 03bf.c0a8.0a6e ARPA
arp 192.168.10.111 03bf.c0a8.0a6e ARPA
!
!
!
route-map dialer permit 20
match ip address 110
set interface Dialer0
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
!
scheduler allocate 20000 1000
end
08-31-2010 08:54 AM
Ok, I found the error....
I required "ip nat outside" and then everything started working.
David.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide