Re: router 831 - SMS2k - ADSL Problems

simon.dever · ‎05-30-2005

I am installing a Cisco Ethernet Router 831 on a network to act as a gateway to the Internet. The internet is ADSL and terminates at a modem which is then connected via ethernet into the WAN link on the router (E1). There is a SMS2k server and about 15 workstations (XP/2k) on the network connected to an unmanaged 24 port switch. The switch is connected to (E0) an ethernet port on the router's built-in switch. The workstations and server can see the router but cannot see the Internet or the WAN link. Here is my configuration:

------------------------------

dms#sh run

Building configuration...

Current configuration : 1223 bytes

!

version 12.3

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname dms

!

enable secret 5 <omitted>

enable password 7 <omitted>

!

no aaa new-model

ip subnet-zero

no ip domain lookup

!

ip audit notify log

ip audit po max-events 100

no ftp-server write-enable

!

interface Ethernet0

ip address 192.168.16.10 255.255.255.0

ip nat inside

no cdp enable

hold-queue 32 in

!

interface Ethernet1

ip address 203.x.x.106 255.255.255.252

ip nat outside

duplex auto

no cdp enable

!

interface FastEthernet1

no ip address

duplex auto

speed auto

!

interface FastEthernet2

no ip address

duplex auto

speed auto

!

interface FastEthernet3

no ip address

duplex auto

speed auto

!

interface FastEthernet4

no ip address

duplex auto

speed auto

!

ip default-gateway 203.x.x.106

ip nat inside source static 192.168.16.2 203.x.x.106

ip classless

ip http server

no ip http secure-server

!

line con 0

exec-timeout 120 0

password 7 <omitted>

login

no modem enable

stopbits 1

line aux 0

line vty 0 4

access-class 23 in

exec-timeout 120 0

password 7 <omitted>

login

!

scheduler max-task-time 5000

!

end

------------------------------

Any help would be highly appreciated, nothing I do seems to make a difference (adding acls, deleting them, static ip routes, router rip, NAT/PAT, etc).

Thanks in advance for any and all help regarding this matter.

Simon

thisisshanky · ‎05-30-2005

In this mode, apply following commands.

Router(config)#

no ip default-gateway 203.x.x.106

no ip nat inside source static 192.168.16.2 203.x.x.106

ip route 0.0.0.0 0.0.0.0 203.x.x.Y

ip nat inside source list 1 interface e1 overload

access-list 1 permit 192.168.16.0 0.0.0.255

PS: In your configuration the E1 interface has an address 203.x.x.106, and the default-gateway command has been configured as 203.x.x.106. This is not correct. Your ISP should have given you a gateway of last resort (default gateway). Note that I have specified the command,

ip route 0.0.0.0 0.0.0.0 203.x.x.Y. YOu need to find out from your provider what the default gateway is. and replace Y with the last octet of the IP address you get from the service provider.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

simon.dever · ‎05-30-2005

So it would be wrong to use a static one to one mapping of NAT for the server?

simon.dever · ‎06-02-2005

Hey guys,

Well I made the changes i also tried both versions of:

ip route 0.0.0.0 0.0.0.0 203.x.x.Y

ip route 0.0.0.0 0.0.0.0 Ethernet1

in which Y was replaced with the gateway from the ISP

in what case would I have reason to use the command:

router(config)#ip routing

At the moment the workstations and server can see the router, even

the WAN link (ethernet1) side. But can see no further toward the

Internet.

I think thats where the problem is, some misconfiguration on

ethernet1 or acl/nat/pat.

How would I go about setting up pat for services like ftp, smtp etc?

when i changed the access list to extended acls and allowed tcp and ip through from all andresses i got this:

(attachment 1)

Then when I setup the nat and did a "debug ip nat translations detail" I got a bunch of output:

(attachment 2)

And "show ip nat translations" showed:

Pro Inside global Inside local Outside local Outside global

tcp 203.x.x.106:3389 203.x.x.106:3389 211.x.x.136:4028 211.x.x.136:4028

tcp 203.x.x.106:25 203.x.x.106:25 221.x.x.143:1181 221.x.x.143:1181

Very confused,

Simon