cancel
Showing results for 
Search instead for 
Did you mean: 

CIsco 827/soho 97 router configureation

N/A

CIsco 827/soho 97 router configureation

I am having problems with a cisco soho 97 router. I can not get to CRWS web set of the router. I have tried all the documents form cisco but still will not display the config page.

Has any one else had this prolem and solved it ?

I any one has a start-config that works with plus.net the would be realy helpfull

Phillip
5 REPLIES
N/A

CIsco 827/soho 97 router configureation

Hi ya,

I have a Cisco 837 working sucessfully with Plus.Net. I should be able to answer any of your questions.

Give me a shout if you require help.

Regards
Gareth

PS. I didn't bother with the Web interface.
N/A

I also have a 837, web interface is helpful NOT

Yes I also had some fun with the web interface (CRWS)

Is it better to user CLI or SDM ? Where can I download SDM from easily ? and How do I do it ?

When I have done it can I ever revert to CRWS ? (the router may move around the UK)

How do I get VPN passthrough from my PC based Lucent VPN Client, it connects o.k to my work but I cannot connect to any IP on the Corperate LAN.

Any Help would be great.

I include my current config.

urrent configuration : 3720 bytes
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname MarcoRouter
!
boot-start-marker
boot-end-marker
!
logging buffered informational
enable secret 5 $1$wyVp$qKQaYrvA5sg6Jvs7pm46f.
!
username CRWS_Gayatri privilege 15 password 7
username CRWS_Giri privilege 15 password 7
username MarcoRouter password 7
no aaa new-model
ip subnet-zero
ip name-server 212.159.13.49
ip name-server 212.159.13.50
ip dhcp excluded-address 192.168.100.1
!
ip dhcp pool CLIENT
import all
network 192.168.100.0 255.255.255.0
default-router 192.168.100.1
lease 0 2
!
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
no crypto isakmp enable
!
!
!
interface Ethernet0
description CRWS Generated text. Please do not delete this:192.168.100.1-255.25
5.255.0
ip address 192.168.100.1 255.255.255.0 secondary
ip address 10.10.10.1 255.255.255.0
ip access-group 122 out
ip nat inside
no ip mroute-cache
hold-queue 100 out
!
interface ATM0
no ip address
no ip mroute-cache
atm vc-per-vp 64
no atm ilmi-keepalive
dsl operating-mode auto
hold-queue 224 in
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer1
ip address negotiated
ip access-group 111 in
ip nat outside
ip inspect myfw out
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname mjkeyworth@plusdsl.net
ppp chap password 7
ppp pap sent-username mjkeyworth@plusdsl.net password 7
ppp ipcp dns request
ppp ipcp wins request
ppp ipcp mask request
ppp ipcp address accept
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
no ip http secure-server
ip nat inside source list 102 interface Dialer1 overload
!
!
access-list 102 permit ip 192.168.100.0 0.0.0.255 any
access-list 111 permit tcp any any eq telnet
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
access-list 111 deny ip any any log
access-list 122 deny tcp any any eq telnet
access-list 122 permit ip any any
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
exec-timeout 120 0
no modem enable
transport preferred all
transport output all
stopbits 1
line aux 0
transport preferred all
transport output all
line vty 0 4
exec-timeout 120 0
login local
length 0
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
!
end

Cheers
N/A

CIsco 827/soho 97 router configureation

Sorry for the delay, I didn't notice your post.

First answer. There should be no reason why your work VPN doesn't work, mine works ok through the Cisco. What IP range are you using at work?. The reason I ask is, when we first setup our Checkpoint VPN and was doing some testing we had the same issues from a Nat'ed connection. It was traced down to the fact that on the VPN firewall, we route all 10.*, 192.168.*, 172.16.* internally and hence the data never got back out.

Secondly, I need to consult my Cisco Access-list book at home (would really recomend this book BTW) as i'm a little confused with some of your access-list.

Thirdly, I always use the CLI. The book I mensioned above, recomends that you upload your config, edit it and the download it once your happy.


Anyway, Talk soon
Gareth
N/A

CIsco 827/soho 97 router configureation

Sambucus, what is the book called. I have a simliar problem with A cisco concentrator VPN setup. The VPN client creates a connection to the Concentrator through the 827 but times out with an error message, can't create secure communication. I think the problem may be natting or access-list.

Thanks

Gary
N/A

CIsco 827/soho 97 router configureation

Hi Gary, sorry for the delay, the topic email notification went into a different outlook folder and I didn't notice it.!!

The Cisco book I have is titled "Cisco IOS Access lists", by O'Reilly. I however would doubt that it is an access list problem unless of course you have a very complex list blocking out the various VPN ports. I also have other books on Cisco routing and Cisco IP but I haven't read them yet Cry (not enough time in the day)

On mine, I allow everything outbound and everything inbound apart from a few ports (135, etc)

I could be a NAT issue though, but unfortinately I don't know how the NAT works on a Cisco device as my Nat'ing is done on my firewall. Mind you, if it was a Nat issue, things like telnet and smtp wouldn't work.

Hope you get it sorted
Regards
Gareth