07-17-2007 04:35 AM - edited 03-05-2019 05:20 PM
on our network there is a soho router which provided by our ISP
and we have Cisco2800 series which is supposed to route us through Soho out to the internet
int fastethernet0/0 our local ip address
int fastethernet0/1 is public ip address
proper nat is configured
and
2 name servers id addresses are added
but still no luck accessing the internet
any clue
any help?
07-17-2007 04:46 AM
Hi
Can you post the config of your router?
regds
07-17-2007 04:52 AM
my cisco 2811 configuration is the following
Router#sh run
Building configuration...
Current configuration : 1286 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
!
!
ip name-server 192.168.10.244
ip name-server 62.***.***.***
!
!
!
!
interface FastEthernet0/0
description $ETH-LAN$
ip address 192.168.***.*** 255.255.0.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
description $ETH-LAN$
ip address 62.***.***.*** 255.255.255.248
ip nat outside
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
shutdown
no atm ilmi-keepalive
dsl equipment-type CPE
dsl operating-mode GSHDSL symmetric annex A
dsl linerate AUTO
!
ip classless
ip route 0.0.0.0 0.0.0.0 62.***.***.*** permanent
!
ip http server
ip http authentication local
ip nat inside source list 2 interface FastEthernet0/0 overload
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 62.240.33.0 0.0.0.7
access-list 2 remark SDM_ACL Category=2
access-list 2 permit 192.168.0.0 0.0.255.255
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet
!
scheduler allocate 20000 1000
!
thank you in advance
07-17-2007 05:03 AM
Hi
Change
ip nat inside source list 2 interface FastEthernet0/0 overload
to
ip nat inside source list 2 interface FastEthernet0/1 overload
HTH
Jon
07-17-2007 05:12 AM
dear jon
:D
you are the best
thank you
tiny one
the internet accessing is a bit slow how to make it faster and for you knowlowdge i am connectcted to cisco2811 then to soho (isp provided router)
thank you so much
regard
NB may i get you email address please
07-17-2007 05:11 AM
change the configuration of:
ip nat inside source list 2 interface FastEthernet0/0 overload
to
ip nat inside source list 2 interface FastEthernet0/1 overload
as your outside interface is fe0/1 not 0/0.
Rate if it helps
07-17-2007 05:22 AM
thank you mr khatri
really appreciated
i was wondering why the internet access is kind of slow
may you direct me please
thank you any way
07-17-2007 05:27 AM
Hi
How are you measuring the performance of the internet access ?
do you have any tool being used out there to check out the same ?
did you check up the utilisation with reference to the bandwidth subscribed from your SP ?
regds
07-18-2007 12:29 AM
hello mr kumar
sorry being late i had to leave yesterday
>How are you measuring the performance of the internet access ?
it does seem to me slow in terms of 2 m adsl line and only my pc is connected to this public ip address and cisco2811 right now
>do you have any tool being used out there to check out the same ?
no if u know about any good one i'll be very thankful
NB serving the net still a bit slow
Regards
07-18-2007 01:20 AM
Hi
You can verify the speed on 2 interfaces one is on your LAN (fastethernet interface) and also on your WAN (which gets u connected to the outside world)...
You can make use of some freeware tools to monitor the same..
Also the best possible test would be doing simultaneous downloads with only pc from multiple sites and check the performance of the link as well as the maximum usage either directly on the interface or with the tool..
regds
07-18-2007 05:21 AM
Sir
i 've downloaded ( PRTG Traffic Grapher 6.1.0.756 Setup (Freeware and Trial only).exe)
and i was watching the traffic on cisco2811 i've noticed that the (Traffice bandwith in )is so small (fluctuating between 10 and 20 kb/second) while (Traffice bandwith out)reaches 250 kb/second
i've tried to download softwares from different sites but still the bandwith sooo low
any hint?
waiting for your reply
thank you so much
07-18-2007 08:23 PM
Hi
Can you revert the bandwidth subscribed from your isp ?
Also can you change the load interval under the interfaces to 30 Seconds and check.
You can also directly log on to the router and check for the interface utilisation.
Have you tried downloading files ? whats the the total speed getting displayed during the download process ? and also is there any variations been observed to the average download speed and the speed gettig displayed once the download is completed..
regds
07-19-2007 02:06 AM
hello sir
i am going to reconstruct our network because we have so slow access and there are some week points we have to eliminate them so i would be very thankful if you could give me a hand
the problems are :
1- in the drwing attached to this post our
major week point is the ISA server which goes off and on many times and, this server is our main gateway for all workstations and servers in the HQ and branch offices
2- the SOHO ISP Router will be replaced with cisco 2811
now u may refer to the attached drawing and give me some suggestions(speciall about routing and default gate-way)
very appreciated your kind redirections
thank you
07-19-2007 02:53 AM
Hi
Simple network architecture would be pointing all the default gateway of all the servers to the respective zones configured in the firewall.
And in the firewall make sure that you have certain policies to allow connections from outside world.
Also now you have simple router/firewall concept your firewall's outside interface can be made pointing towards the lan interface of the router which will be the default gateway for the same.
And you have the router with enhanced filtering ACL's applied to allow matching to the connections permitted in the firewall.
BTW what kinda addressing being used in LAN ?
Is that belongs to public ip space or private address space ??
regds
07-22-2007 03:52 AM
thank you mr kumar you really in help
may be this is the final question
is my network secure with only pix 506e?? or do i need anther layer of protection
thank you again
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide