cancel
Showing results for 
Search instead for 
Did you mean: 

CISCO soho 97 Need Help with startup-config

N/A

CISCO soho 97 Need Help with startup-config

Can any one please help, i am trying to configure a cisco soho 87 to use plus.net. have loads of trouble with it. i am trying to configure it to use NAT but am not haveing much luck. here is my startup-conifg if any one can help.


cheers


Gorseey



! Cisco Fast Step Template
!
! This config enables firewall and PPTP.
!
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname INFINITY
!
logging buffered 4096 debugging
!
!
!
ip subnet-zero
ip name-server 212.159.13.150
ip name-server 212.159.15.150
ip dhcp excluded-address 10.1.1.201
ip dhcp excluded-address 10.1.1.254
!
ip dhcp pool dhcppool
import all
network 10.1.1.0 255.255.255.0
default-router 10.1.1.201
exit
!
vpdn enable
!
vpdn-group pptp
! Default PPTP VPDN group
accept-dialin
protocol pptp
virtual-template 1
exit
exit
!
clock timezone GMT
!
ip inspect name Dialer_0 tcp
ip inspect name Dialer_0 udp
ip inspect name Dialer_0 cuseeme
ip inspect name Dialer_0 ftp
ip inspect name Dialer_0 h323
ip inspect name Dialer_0 rcmd
ip inspect name Dialer_0 realaudio
ip inspect name Dialer_0 streamworks
ip inspect name Dialer_0 vdolive
ip inspect name Dialer_0 sqlnet
ip inspect name Dialer_0 tftp
!
interface Loopback0
ip address 10.1.1.201 255.255.255.0
!
interface Ethernet0
ip address 10.1.1.201 255.255.255.0
ip access-group 102 in
ip nat inside
no ip directed-broadcast
exit
!
interface Virtual-Template1
ip unnumbered Loopback0
peer default ip address pool pptp
ppp encrypt mppe 40
ppp authentication ms-chap
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
exit
!
interface ATM0.1 point-to-point
pvc 0/138
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
exit
!
interface Dialer0
ip address negotiated
ip inspect Dialer_0 out
ip access-group 101 in
no ip redirects
no ip unreachables
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp chap sent-username gorseey@plus.net password [removed]
ppp ipcp dns request
no cdp enable
exit
!
ip nat inside source list 1 interface Dialer0 overload
ip local pool pptp 10.1.1.1 10.1.1.253
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
!

line vty 0 4
login local
access-class 1 in
exit
!
access-list 1 remark The local LAN.
access-list 1 permit 10.1.1.0 0.0.0.255
!
access-list 101 remark Traffic allowed to enter the router from Internet
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip any host 255.255.255.255
access-list 101 permit udp any any eq isakmp
access-list 101 permit esp any any
access-list 101 permit tcp any any eq 1723
access-list 101 permit gre any any
access-list 101 permit udp host 130.123.128.253 any eq 123
access-list 101 permit udp host 207.46.226.34 any eq 123
access-list 101 permit udp host 202.37.245.17 eq 53 any
access-list 101 permit udp host 202.37.245.20 eq 53 any
access-list 101 permit icmp any any unreachable
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any packet-too-big
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any traceroute
access-list 101 permit icmp any any administratively-prohibited
access-list 101 deny ip any any log
!
access-list 102 remark Traffic allowed to enter the router from the Ethernet
access-list 102 remark Prevent TFTP traffic
access-list 102 deny udp any any eq tftp
access-list 102 remark DHCP traffic
access-list 102 permit ip any host 255.255.255.255
access-list 102 remark ICMP Traffic
access-list 102 permit icmp 10.1.1.0 0.0.0.255 any unreachable
access-list 102 permit icmp 10.1.1.0 0.0.0.255 any echo
access-list 102 permit icmp 10.1.1.0 0.0.0.255 any echo-reply
access-list 102 permit icmp 10.1.1.0 0.0.0.255 any packet-too-big
access-list 102 permit icmp 10.1.1.0 0.0.0.255 any time-exceeded
access-list 102 permit icmp 10.1.1.0 0.0.0.255 any traceroute
access-list 102 permit icmp 10.1.1.0 0.0.0.255 any administratively-prohibited
access-list 102 remark DNS traffic
access-list 102 permit udp 10.1.1.0 0.0.0.255 any eq 53
access-list 102 permit tcp 10.1.1.0 0.0.0.255 any eq 53
access-list 102 remark E-mail traffic
access-list 102 remark WWW and FTP Browsing
access-list 102 permit tcp 10.1.1.0 0.0.0.255 any eq www
access-list 102 permit tcp 10.1.1.0 0.0.0.255 any eq ftp
access-list 102 deny ip any any log
!
dialer-list 1 protocol ip permit
!
interface Ethernet0
no shutdown
exit
interface ATM0
no shutdown
exit
!
end

[Moderator's note (by acarr): Removed password]
20 REPLIES
N/A

CISCO soho 97 Need Help with startup-config

Not sure if that was your real password, never the less, it has been removed.

As for the error. Without a deeper look into the configuration format, I am not 100% sure. However, the thing that stood otu was the following PVC value

pvc 0/138

In theory, that should read

pvc 0/38
Community Veteran
Posts: 14,469
Registered: 30-07-2007

CISCO soho 97 Need Help with startup-config

Name servers are wrong:

ip name-server 212.159.13.150
ip name-server 212.159.15.150

should be

ip name-server 212.159.13.49
ip name-server 212.159.13.50
N/A

CISCO soho 97 Need Help with startup-config

Gorseey

I have a Cisco 837 which I believe runs a very similar startup-config to the one you have.

If you haven't sorted your problem out, I would be happy to PM my config to you for you to compare.

Let me know.

John
N/A

CISCO soho 97 Need Help with startup-config

That would be very useful, can you post it here ?
N/A

CISCO soho 97 Need Help with startup-config

OK.. Here it is.. I've obviously removed passwords and some sensitive IP addresses where you see (REMOVED).. Other than that, this config works without problems.

John





!This is the running config of the router: 10.10.10.254
!----------------------------------------------------------------------------
!version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Router
!
logging buffered 51200 debugging
enable secret 5 (REMOVED)
!
username Router password 7 (REMOVED)
username CRWS_Ulags privilege 15 password 7 (REMOVED)
username CRWS_Ritesh privilege 15 password 7 (REMOVED)
username admin privilege 15 password 7 (REMOVED)
username john privilege 15 password 7 (REMOVED)
username steve privilege 15 password 7 (REMOVED)
clock timezone Europe/Berlin 1
clock summer-time Europe/Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00
no aaa new-model
ip subnet-zero
no ip source-route
ip tcp synwait-time 10
ip domain name hangar18.local
ip name-server 212.159.13.49
ip name-server 212.159.13.50
ip dhcp excluded-address 10.10.10.1 10.10.10.19
ip dhcp excluded-address 10.10.10.41 10.10.10.254
!
ip dhcp pool CLIENT
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.254
domain-name hangar18.local
lease infinite
!
no ip bootp server
ip cef
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 smtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip inspect name DEFAULT100 icmp
ip audit notify log
ip audit po max-events 100
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh break-string
no ftp-server write-enable
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
lifetime 3600
!
crypto isakmp policy 20
authentication pre-share
group 2
crypto isakmp key thisisanonrsacomplientkey address (REMOVED)
!
!
crypto ipsec transform-set HIGHENC esp-3des esp-md5-hmac
!
crypto map VPNLink 10 ipsec-isakmp
set peer (REMOVED)
set transform-set HIGHENC
match address 116
!
!
!
!
interface Null0
no ip unreachables
!
interface Ethernet0
description $ETH-LAN$$FW_INSIDE$CRWS Generated text. Please do not delete this:10.10.10.254-255.255.255.0
ip address 10.10.10.254 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
no ip mroute-cache
no cdp enable
hold-queue 100 out
!
interface ATM0
description ATM Link to BT
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no ip mroute-cache
atm vc-per-vp 64
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
dsl power-cutback 0
hold-queue 224 in
!
interface Dialer1
description $FW_OUTSIDE$Plusnet ADSL
ip address negotiated
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect DEFAULT100 out
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname area52@plusdsl.net
ppp chap password 7 (REMOVED)
ppp pap sent-username area52@plusdsl.net password 7 (REMOVED)
ppp ipcp dns request
ppp ipcp wins request
crypto map VPNLink
!
ip nat inside source route-map SDM_RMAP_1 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http access-class 1
no ip http secure-server
!
logging trap debugging
logging 10.10.10.20
access-list 1 remark Auto generated by SDM Management Access feature
access-list 1 remark SDM_ACL Category=1
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 10.0.2.0 0.0.0.255
access-list 23 remark SDM_ACL Category=16
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.254 eq telnet
access-list 100 permit tcp 10.0.2.0 0.0.0.255 host 10.10.10.254 eq telnet
access-list 100 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.254 eq 22
access-list 100 permit tcp 10.0.2.0 0.0.0.255 host 10.10.10.254 eq 22
access-list 100 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.254 eq www
access-list 100 permit tcp 10.0.2.0 0.0.0.255 host 10.10.10.254 eq www
access-list 100 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.254 eq 443
access-list 100 permit tcp 10.0.2.0 0.0.0.255 host 10.10.10.254 eq 443
access-list 100 permit tcp 10.10.10.0 0.0.0.255 host 10.10.10.254 eq cmd
access-list 100 permit tcp 10.0.2.0 0.0.0.255 host 10.10.10.254 eq cmd
access-list 100 deny tcp any host 10.10.10.254 eq telnet
access-list 100 deny tcp any host 10.10.10.254 eq 22
access-list 100 deny tcp any host 10.10.10.254 eq www
access-list 100 deny tcp any host 10.10.10.254 eq 443
access-list 100 deny tcp any host 10.10.10.254 eq cmd
access-list 100 deny udp any host 10.10.10.254 eq snmp
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 deny tcp any any eq 135 log
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit icmp 10.0.2.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 101 permit udp 10.0.2.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 101 permit tcp 10.0.2.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 101 permit ip 10.0.2.0 0.0.0.255 10.10.10.0 0.0.0.255
access-list 101 permit udp host 81.174.225.213 any eq non500-isakmp
access-list 101 permit udp host 81.174.225.213 any eq isakmp
access-list 101 permit esp host 81.174.225.213 any
access-list 101 permit ahp host 81.174.225.213 any
access-list 101 remark Auto generated by SDM for NTP (123) 129.6.15.29
access-list 101 permit udp host 129.6.15.29 eq ntp any eq ntp
access-list 101 remark Auto generated by SDM for NTP (123) 129.6.15.28
access-list 101 permit udp host 129.6.15.28 eq ntp any eq ntp
access-list 101 remark Auto generated by SDM for NTP (123) 212.159.13.49
access-list 101 permit udp host 212.159.13.49 eq ntp any eq ntp
access-list 101 deny ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
access-list 102 remark SDM_ACL Category=18
access-list 102 deny icmp 10.10.10.0 0.0.0.255 10.0.2.0 0.0.0.255
access-list 102 deny udp 10.10.10.0 0.0.0.255 10.0.2.0 0.0.0.255
access-list 102 deny tcp 10.10.10.0 0.0.0.255 10.0.2.0 0.0.0.255
access-list 102 deny ip 10.10.10.0 0.0.0.255 10.0.2.0 0.0.0.255
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
access-list 103 remark SDM_ACL Category=1
access-list 103 permit ip 10.0.2.0 0.0.0.255 any
access-list 103 permit ip 10.10.10.0 0.0.0.255 any
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
access-list 111 deny ip any any log
access-list 116 remark SDM_ACL Category=4
access-list 116 permit ip 10.10.10.0 0.0.0.255 10.0.2.0 0.0.0.255
access-list 116 permit tcp 10.10.10.0 0.0.0.255 10.0.2.0 0.0.0.255
access-list 116 permit udp 10.10.10.0 0.0.0.255 10.0.2.0 0.0.0.255
access-list 116 permit icmp 10.10.10.0 0.0.0.255 10.0.2.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 102
!
banner login ^CDisconnect IMMEDIATELY if you are not an authorised user!


^C
!
line con 0
login local
no modem enable
transport preferred all
transport output telnet
stopbits 1
line aux 0
login local
transport preferred all
transport output telnet
stopbits 1
line vty 0 4
access-class 103 in
login local
length 0
transport preferred all
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
scheduler interval 500
sntp server 212.159.13.49
sntp server 129.6.15.29
sntp server 129.6.15.28
!
end
N/A

CISCO soho 97 Need Help with startup-config

cheers , will try it later

thank for you help. will let you know how i get on
N/A

CISCO soho 97 Need Help with startup-config

I assume that you config was generated via SDM and CWRS. I couldn not get either to work. I dont have cisco support, any chance of the bin with SDM installed Huh
N/A

CISCO soho 97 Need Help with startup-config

CWRS is actually your best bet, because SDM doesn't support PPPOA directly.. Although, once you have a working running config that connects with PPPOA, SDM provides a far more configurable interface to set up your firewall etc.

I also had trouble getting CWRS to work... It does not seem to like IE Explorer. I managed to get it working with an early version of Netscape that I downloaded from the Plusnet File vault. I would try this first.

John
Community Veteran
Posts: 14,469
Registered: 30-07-2007

CISCO soho 97 Need Help with startup-config

I suggest you use the latest Mozilla 1.6 version rather than Netscape from the file vault.
N/A

CISCO soho 97 Need Help with startup-config

It won't work for CWRS though..

John
N/A

CISCO soho 97 Need Help with startup-config

I will tried CWRS from my linux box , but no joy , not what version( Fedora core ).
N/A

CISCO soho 97 Need Help with startup-config

Netscape 4.74 on WinXP worked for me.. I believe it's something to do with the latest versions of Java support that cause the problems.. But I'm only guessing. I only needed to run CWRS once to set up the connection... I've not used it since.

John
N/A

CISCO soho 97 Need Help with startup-config

Sorry, trying to type and talk at the same time. what i meant to say was . I have tried CRWS from mozilla but no success ,but not sure what version is was (fedora core)
N/A

CISCO soho 97 Need Help with startup-config

Gorseey,

Any luck with CRWS yet??

John