cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
462
Views
0
Helpful
3
Replies

Simple Internet Connection 887 Router

Kyal
Level 1
Level 1

Hi all, using a 887 router to connect to our PTP internet connection. Have setup exactly as I have previously and i've got absolutely nothing. I've trimmed down the config to relevant + a fraction more probably. IP address from ISP is 121.200.44.62, subnet /30 and gateway 121.200.44.61. Also have a DMVPN tunnel running on same config just as heads up. 

spanning-tree uplinkfast
spanning-tree vlan 1 priority 8192
spanning-tree vlan 10 priority 8192
spanning-tree vlan 100 priority 8192
spanning-tree vlan 500 priority 8192
!
!
!
!
!
interface Ethernet0
no ip address
shutdown
!
interface FastEthernet0
description *** CLIENT ACCESS ***
switchport allowed vlan 10
no ip address
!
interface FastEthernet1
description *** CLIENT ACCESS ***
switchport allowed vlan 10
no ip address
!
interface FastEthernet2
description *** CLIENT ACCESS ***
switchport allowed vlan 10
no ip address
!
interface FastEthernet3
description ** WAN CONNECTION **
switchport access vlan 100
no ip address
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
description *** CLIENT VLAN ***
ip address 192.168.65.1 255.255.255.0
ip nat inside
no ip virtual-reassembly in
!
interface Vlan100
description ** WAN Connection **
ip address 121.200.44.62 255.255.255.252
ip nat outside
ip virtual-reassembly in
!
!
!
router eigrp 100
network 172.16.0.0
network 192.168.65.0
!
ip forward-protocol nd
no ip http server
ip http secure-server
!
!
ip dns server
ip nat inside source list NONAT interface Vlan100 overload
ip route 0.0.0.0 0.0.0.0 121.200.44.61

We are currently using the ADSL connection to keep us online but its driving me nuts. If anyone cant point me in the right direction thank you!!

3 Replies 3

Hello,

I understand this is not the full configuration, can you post that ?

I don't see an access list NONAT as specified in your configuration. Make sure it exists and that you have included::

access-list NONAT permit ip 192.168.65.0 0.0.0.255 any

#sh run
Building configuration...

Current configuration : 13933 bytes
!
! Last configuration change at 13:50:59 WAST Mon May 22 2017 by #####
! NVRAM config last updated at 13:36:03 WAST Mon May 22 2017 by #####
! NVRAM config last updated at 13:36:03 WAST Mon May 22 2017 by #####
version 15.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname #######
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
enable secret 5 ######
!
no aaa new-model
clock timezone WAST 8 0
!
crypto pki trustpoint TP-self-signed-####
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-####
revocation-check none
rsakeypair TP-self-signed-######
!
!
crypto pki certificate chain TP-self-signed-####
certificate self-signed 01
####################
!
!
!
!


!
ip dhcp excluded-address 192.168.65.1 192.168.65.100
!
ip dhcp pool LAN-DHCP
network 192.168.65.0 255.255.255.0
default-router 192.168.65.1
dns-server 8.8.8.8 8.8.4.4
!
!
!
ip domain name gsfs.com.au
ip name-server 139.130.4.4
ip name-server 203.50.2.71
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid ####
!
!
!
spanning-tree uplinkfast
spanning-tree vlan 1 priority 8192
spanning-tree vlan 10 priority 8192
spanning-tree vlan 100 priority 8192
spanning-tree vlan 500 priority 8192
username ###### privilege 15 secret 5 ##############
!
!
!
!
controller VDSL 0
!
ip tftp blocksize 8192
ip ssh version 2
!
!
crypto isakmp policy 5
encr 3des
hash md5
authentication pre-share
group 2
lifetime 28800
crypto isakmp key ############ address ############
crypto isakmp key ############ address ############
crypto isakmp keepalive 15 5
!
!
crypto ipsec transform-set md5set esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile CRYPTOVPN
set transform-set md5set
!
!
!
!
!
!
!
!
interface Tunnel1
description *** DMVPN TUNNEL ***
ip address 172.16.10.4 255.255.255.0
no ip redirects
no ip split-horizon eigrp 100
ip pim sparse-dense-mode
ip nhrp authentication ####
ip nhrp map multicast 202.72.154.219
ip nhrp map 172.16.10.1 202.72.154.219
ip nhrp map multicast 203.27.187.50
ip nhrp map 172.16.10.2 203.27.187.50
ip nhrp network-id 100
ip nhrp holdtime 360
ip nhrp nhs 172.16.10.2
ip nhrp nhs 172.16.10.1
ip nhrp registration no-unique
ip nhrp shortcut
ip nhrp redirect
ip tcp adjust-mss 1416
tunnel source Dialer1
tunnel mode gre multipoint
tunnel key 100
tunnel protection ipsec profile CRYPTOVPN
!
interface ATM0
description *** INTERNET ***
mtu 1452
no ip address
no atm ilmi-keepalive
pvc 8/35
dialer pool-member 1
protocol ppp dialer
!
!
interface Ethernet0
no ip address
shutdown
!
interface FastEthernet0
description *** CLIENT ACCESS ***
switchport access vlan 10
switchport mode trunk
no ip address
spanning-tree portfast
!
interface FastEthernet1
description *** CLIENT ACCESS ***
switchport access vlan 10
switchport mode trunk
no ip address
spanning-tree portfast
!
interface FastEthernet2
description *** CLIENT ACCESS ***
switchport access vlan 10
switchport mode trunk
no ip address
!
interface FastEthernet3
description ** WAN CONNECTION **
switchport access vlan 100
no ip address
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
description *** CLIENT VLAN ***
ip address 192.168.65.1 255.255.255.0
ip nat inside
no ip virtual-reassembly in
!
interface Vlan100
description ** WAN Connection **
ip address 121.200.44.62 255.255.255.252
ip nat outside
ip virtual-reassembly in
!
interface Dialer1
description *** INTERNET DIALER ***
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname #
ppp chap password #
no cdp enable
!
!
router eigrp 100
network 172.16.0.0
network 192.168.65.0
!
ip forward-protocol nd
no ip http server
ip http secure-server
!
!
ip dns server
ip nat inside source list NONAT interface Vlan100 overload
ip route 0.0.0.0 0.0.0.0 121.200.44.61
ip route 192.1.0.0 255.255.255.0 172.16.10.1
ip route 192.168.0.0 255.255.0.0 Tunnel1
!
ip access-list standard ACL-SNMP
permit 192.168.56.12
permit 192.168.51.250
!
ip access-list extended CLIENTSERVICES
permit ip 192.168.65.0 0.0.0.255 any
permit icmp 192.168.65.0 0.0.0.255 any
ip access-list extended CRYPTOVPN
permit ip 192.168.65.0 0.0.0.255 192.168.51.0 0.0.0.255
permit ip 192.168.65.0 0.0.0.255 192.1.0.0 0.0.0.255
ip access-list extended NONAT
deny ip 192.168.65.0 0.0.0.255 192.168.51.0 0.0.0.255
deny ip 192.168.65.0 0.0.0.255 192.1.0.0 0.0.0.255
permit ip 192.168.65.0 0.0.0.255 any
ip access-list extended PASSVPN
permit ip 192.168.65.0 0.0.0.255 192.168.51.0 0.0.0.255
permit ip 192.168.65.0 0.0.0.255 192.1.0.0 0.0.0.255
ip access-list extended REMOTEACCESS
permit tcp host 202.72.154.219 any eq 22
permit tcp host 203.17.93.66 any eq 22
permit tcp host 203.17.93.5 any eq 22
permit tcp host 59.100.210.58 any eq 22
permit ip 192.168.0.0 0.0.255.255 any
permit tcp host 172.16.10.1 any eq 22
permit tcp host 172.16.10.2 any eq 22
!
dialer-list 1 protocol ip permit
!
snmp-server community ##
snmp-server location Kewdale Terminal
snmp-server contact ##
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps flowmon
snmp-server enable traps ds1
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps xgcp
snmp-server enable traps license
snmp-server enable traps dial
snmp-server enable traps dsp card-status
snmp-server enable traps dsp oper-state
snmp-server enable traps dsp video-usage
snmp-server enable traps dsp video-out-of-resource
snmp-server enable traps stun
snmp-server enable traps bstun
snmp-server enable traps envmon
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps flash insertion removal
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps c3g
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps adslline
snmp-server enable traps vdsl2line
snmp-server enable traps mac-notification
snmp-server enable traps energywise
snmp-server enable traps vstack
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps dlsw
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps bfd
snmp-server enable traps bgp cbgp2
snmp-server enable traps memory bufferpeak
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps entity
snmp-server enable traps fru-ctrl
snmp-server enable traps resource-policy
snmp-server enable traps event-manager
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps mpls traffic-eng
snmp-server enable traps mpls fast-reroute protected
snmp-server enable traps mpls rfc ldp
snmp-server enable traps mpls ldp
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps ipsla
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps vtp
snmp-server enable traps pw vc
snmp-server enable traps firewall serverstatus
snmp-server enable traps ipmobile
snmp-server enable traps ospfv3 state-change
snmp-server enable traps ospfv3 errors
snmp-server enable traps nhrp nhs
snmp-server enable traps nhrp nhc
snmp-server enable traps nhrp nhp
snmp-server enable traps nhrp quota-exceeded
snmp-server enable traps waas
snmp-server enable traps gdoi gm-start-registration
snmp-server enable traps gdoi gm-registration-complete
snmp-server enable traps gdoi gm-re-register
snmp-server enable traps gdoi gm-rekey-rcvd
snmp-server enable traps gdoi gm-rekey-fail
snmp-server enable traps gdoi ks-rekey-pushed
snmp-server enable traps gdoi gm-incomplete-cfg
snmp-server enable traps gdoi ks-no-rsa-keys
snmp-server enable traps gdoi ks-new-registration
snmp-server enable traps gdoi ks-reg-complete
snmp-server enable traps ike policy add
snmp-server enable traps ike policy delete
snmp-server enable traps ike tunnel start
snmp-server enable traps ike tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps voice
snmp-server enable traps dnis
snmp-server enable traps ccme
snmp-server enable traps srst
snmp-server enable traps ethernet cfm alarm
snmp-server enable traps mpls vpn
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
banner login ^C

: NOTICE TO USERS :
:This computer system is for authorized use only. Users (authorized or :
:unauthorized) have no explicit or implicit expectation of privacy. :
:Any or all uses of this system and all files on this system may be :
:intercepted, monitored, recorded, copied, audited, inspected, and disclosed to:
:authorized site and law enforcement personnel. :
:By using this system, the user consents to such interception, monitoring, :
:recording, copying, auditing, inspection, and disclosure at the discretion of :
:authorized site. :
:Unauthorized or improper use of this system may result in administrative :
:disciplinary action and civil and criminal penalties. By continuing to use :
:this system you indicate your awareness of and consent to these terms and :
:conditions of use. LOG OFF IMMEDIATELY if you do not agree to the conditions :
:stated in this warning. :
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::^C
!
line con 0
logging synchronous
login local
no modem enable
line aux 0
line vty 0 4
access-class REMOTEACCESS in
logging synchronous
login local
transport input ssh
transport output none
!
scheduler allocate 20000 1000
ntp server au.pool.ntp.org
!
end

Hello,

at first glance, it looks like your VLAN 100 interface is not bound to the dialer. Try the config below:

interface Vlan100
description ** WAN Connection **
pppoe-client dial-pool-number 1
ip virtual-reassembly in
!
interface Dialer1
description *** INTERNET DIALER ***
ip address 121.200.44.62 255.255.255.252
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname #
ppp chap password #
no cdp enable

Review Cisco Networking for a $25 gift card