cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4784
Views
15
Helpful
41
Replies
dallen0
Beginner

Need help configuring 1841 Router with a WIC-ADSL1 Module

Hello folks...

I am new to using this forum so please bare with me...

I only know a little about programming a CISCO router but I know the config I setup is not working...

Here is what I want to do...

  • The ISP provides us with IP Addresses via DHCP. Our public address is NOT static so the interface on the DSL Module needs to be provisioned to get a DHCP address with a CLASS C License.
  • The IP address of the Router should be 10.0.0.10 subnet=255.255.255.0
  • The LAN Clients need receive their IP address via DHCP EXCEPT for a range of 100 addresses. The lan Clients only need about 40 DHCP addresses.
  • ONE of the Lan Clients (10.0.0.3) needs to have ports 25, 1723, and others forwarded to it.

Below is the config I am trying to use but I can't even ping the router from the LAN. What am I doing wrong?

Can anyone tell me how to fix this and can you send examples or even rewrite my config for me? I would be grateful!

Please advise...

Dale Allen

41 REPLIES 41
Peter Paluch
Hall of Fame Cisco Employee

Dale,

Thanks for the untruncated version of the show controllers output. Sadly, I am still missing some information from that output.

You are telling me that there is no command similar to the show controllers dsl right? Does the show controllers dsl command alone exist? Try using the question mark sign to verify its correct syntax (perhaps it requires a special number or additional keyword after it).

Also, can you see if there is a command show dsl interface atm0 or show dsl interface atm0/0/0 or - again - a similar command you could run and post the output?

Best regards,

Peter


I found the command...

Please see attached

The command was sh dsl interface atm0/0/0

Dale

Peter Paluch
Hall of Fame Cisco Employee

Dale,

Thank you for the output. I wanted to verify whether your DSL modem is able to link to the DSLAM, and apparently, it is - the speeds are 5120 Kbps download/512 Kbps upload. Nice!

However, the debugs still show that you are trying to start the PPP link negotiation but the opposite side simply does not respond. It is as if it was not receiving your PPP datagrams at all.

Let us try to make a change: the PPP can be encapsulated into ATM cells either using direct AAL5 and devoting the virtual circuit to a single protocol only, or a SNAP header can be added. These two methods are called aal5mux and aal5snap, respectively. They are not compatible - a mismatch in this encapsulation may result in the other party not understanding your datagrams.

Can you try to modify your ATM configuration as follows?

interface ATM0/0/0

no ip address

no ip mroute-cache

no atm ilmi-keepalive

dsl operating-mode auto

pvc 0/35

  encapsulation aal5snap ! THIS IS THE CHANGED LINE

  dialer pool-member 1

!

!

This is just a blind shot but I guess it is worth trying. When this change is performed, please again run the debugs as before - you may need to shutdown and reactivate the ATM0/0/0 interface.

Can you also inspect the "official" modem settings for AAL5MUX/AAL5SNAP hints? Is it actually possible to dump the configuration of the "official" modem?

Best regards,

Peter

Well Peter!

Today, YOU ARE THE MAN!

As you can see from the attached capture, you hit the nail on the head and I am connected now. I am SOOOO much happier but we are not quite there yet...

As you can see from my origional posts,

  • ONE of the Lan Clients (10.0.0.3) needs to have ports 25, 1723, and others forwarded to it.

How do you do that?

AND...

The ISP Issues an IP address for the DHCP to use for a DNS server. In other words, the LAN interface, gets the DNS Server to use from the ISP's DSL connection when we use the Thomson Modem. How can we do that for this Cisco Router?

AND:

How can we tell the DHCP server on the Router to use more that ONE DNS Server

AND how can we issue the Time to the DHCP clients on my LAN?

So as I said, we are not yet where I want to be but we ARE A HECK OF A LOT CLOSER now that we were before THANKS TO YOU!

Please get back to me ASAP.


Thanks in advance...

Dale Allen

Peter Paluch
Hall of Fame Cisco Employee

Hi Dale,

Well, your ISP is running a strange kind of encapsulation... the SNAP has quite a large overhead with respect to ATM cell size. The AAL5MUX would be more effective, but well, I guess nobody's perfect.

ONE of the Lan Clients (10.0.0.3) needs to have ports 25, 1723, and others forwarded to it.

Add the following lines to your configuration:

ip nat inside source static tcp 10.0.0.3 25 interface Dialer1 25

ip nat inside source static tcp 10.0.0.3 1723 interface Dialer1 1723

and continue with other ports as appropriate. Note, however, that the port 1723 is used for PPTP tunnel signalling but the PPTP itself is a GRE-derived protocol that has no concept of ports. It is practically impossible to run PPTP tunnels over NAT/PAT.

The ISP Issues an IP address for the DHCP to use for a DNS server. In  other words, the LAN interface, gets the DNS Server to use from the  ISP's DSL connection when we use the Thomson Modem. How can we do that  for this Cisco Router?

In your ip dhcp pool dhcppool01 section, remove the dns-server line and instead, enter the import all configuration command so that the entire DHCP pool configuration looks as follows:

ip dhcp pool dhcppool01

   import all

   network 10.0.0.0 255.255.255.0

   default-router 10.0.0.10

How can we tell the DHCP server on the Router to use more that ONE DNS Server

Using the import all command, that depends solely on the number of DNS servers provided by the ISP. Alternatively, you could use the dns-server command in which you would list mutiple DNS servers, for example:

dns-server 4.2.2.2 8.8.8.8

AND how can we issue the Time to the DHCP clients on my LAN?

We could configure the router to run NTP and provide exact time to your stations. However, I do not believe it is reasonable because each Windows station is already capable of contacting timeservers out there on internet, and it does not care about the NTP service on your router. In fact, it would be more tedious to direct your Windows stations to use your router as a time service than to leave them to make their own time synchronization. The DHCP itself is not capable of providing time service. At most, it is capable of providing the IP address of an NTP server but I am not sure if the Windows stations honor that setting.

Best regards,

Peter

Ok folks:

We have the hurricane behind us now so we dont have power. But I have my iPhone!

I have to ask this question...

How does the router know that the ISP has changed ip addresses as they so often do? I see that the router inserts an ip address into the routing table when it establishes it's first call.

But how does it know to change it's public ip address? It's automated, right?

Please advise...

Dale Allen

Sent from my iPhone

Peter Paluch
Hall of Fame Cisco Employee

Hello Dale,

Oh, a hurricane? I am so sorry to hear about that. I hope you are OK and the power outage is the only damage you've been exposed to...

Regarding the change of an IP address: the IP address is assigned to your router's Dialer interface during the PPP link initialization, and after that, it stays the same. In fact, until the PPP session is terminated and reestablished, you are constantly in possession of the same IP address you have been assigned at the beginning. If the ISP decides for whatever reason that your IP address must change, he will simply terminate your PPP session. Your router will build it anew in a couple of seconds or minutes, and obtain a new IP address in the process.

Best regards,

Peter

Hello again Peter!

There seems to be another problem that has risen after we got everything else working....

I use DDNS.  My domain (domain.com) uses ZONEEDIT for the DNS Servers.  My Exchange server is on the inside of my network.

The problem is that I cannot connect to the Exchange server while inside the network.  If I type https://www.domain.com/remote it will usually give me the expected certificate error and then I get a 404 error.   (I think it is 404, the page cannot be found).

However when I establish a VPN connection, and then I try the web address, it will work.  And when I use a computer OUTSIDE of my network, IT WORKS GREAT.  (Fast too!)

I ran into this problem once before and we all thought it was because I was behind a PIX Firewall.  They used something called DNS Doctor, to fix the problem.  Can this be the same kind of problem? 

How can I fix this issue?

Please advise....

Dale Allen

Please see attached current config...

Peter Paluch
Hall of Fame Cisco Employee

Dale,

I am sorry but i do not quite understand your setup here. What you are telling me that if you connect to the server from your internal network, it behaves differently than to connections initiated from outside. Yet, you are able to talk to that server from both inside and outside, am I correct?

Assuming that the connections initiated from inside and outside land on the same server (verify that using the ping and verifying what IP address is being pinged, or better, using WIreshark on the server to see if the ping packets are arriving and are being answered), I would say this is a problem of the server configuration, not on the router. If you can talk to the server both from inside and outside, then the IP connectivity is working. This may require diving into more depths of your website configuration. Are you running MS webserver or Apache? Is it configured to provide virtual web sites? How is it matching the virtuals when a connection comes in?

Sorry for not being able to answer more precisely but this issue is, so far, very vague.

Best regards,

Peter

What you are telling me that if you connect to the server from your internal network, it behaves differently than to connections initiated from outside.

Yes, that is correct...

Yet, you are able to talk to that server from both inside and outside, am I correct? 

No, not exectly....  I can talk to it inside the network if I use a local IP address.  I CANNOT use the public FQDN inside the network.  It fails to show the page.

However if I use a VPN connection, the router thinks I am coming in from the outside and it will work OR if I connect to the site from the outside,  again, it will work.

However if I connect the old SpeedTouch from Thomson, EVERYTHING works, no matter if your inside or outside of the LAN. So this is not a server issue. It most certainly is an issue with the NAT on the Cisco router....

If you read up on doctor DNS or DNS Doctor, it tells about the problem when using NAT on a CISCO router.  I don't however, totally understand all of that.

Any ideas?

Dale Allen

Peter Paluch
Hall of Fame Cisco Employee

Hello Dale,

I cannot find / connect to a page referenced to as "dns doctor" via Google so I am relying on the information you can provide me with.

In my last post, I have asked you for a couple of technical information. I still need it. Do you believe you could pass me the answers? I will repeat my questions here for better overview:

  1. Can you ping the internal server from inside by referring to its name (not to its address)?
  2. Regardless of the previous step, when you try ping the internal server from inside by its name, what IP address does the ping command appear to send packets to?
  3. What kind of webserver are you running - Apache or MS?
  4. Can you tell me any details its config, especially with respect to virtual websites?

Thanks!

Best regards,

Peter

Hi Peter,

Was reading again your posts from yesterday while on my way to work. I learned a lot from this discussion and the way how our 1841s are configured.

as you can see, my approach is more of the trial and error type. This will encourage me to lab up PAP/CHAP.

My respect and +5 goes to you sir!

Sent from Cisco Technical Support iPhone App