1. Home
  2. Cisco Systems
  3. cisco and telewest/virgin media

cisco and telewest/virgin media

Hi,

Can anyone offer any advice for configuring a cisco router to use a Telewest connection? I have the router plugged into the modem but when i configure the details from a normal belkin router i can not see the outside world :(

Reply to
Kevin Wincott
Loading thread data ...

The following is a slightly sanitised copy of the config I had on my

831 when I had NTL cable, hope it helps - it should hopefully point you in the right direction. There's bits of this config that probably aren't doing anything - I did a lot of playing with it & I'm not sure whether this is a fully-working copy or not.

You may want to post more details of your config, like what router you are using & it's config (minus anything identifiable) if you're still stuck.

//START version 12.3

no service pad

service timestamps debug datetime

service timestamps log datetime

service password-encryption

!

hostname Router

!

logging buffered 16000 debugging

no logging console

enable secret 5 >snip>

!

username UserA privilege 15 password

clock timezone GMT 0

clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00

aaa new-model

! !

aaa authentication login vpnusers local

aaa authorization exec default local

aaa authorization network vpn-remote-access local

aaa session-id common

ip subnet-zero

no ip source-route

ip tcp synwait-time 10

ip domain name mydomain.co.uk

ip name-server a.b.c.d

ip name-server a.b.c.e

! !

ip cef

ip inspect alert-off

ip inspect max-incomplete low 100

ip inspect max-incomplete high 200

ip inspect one-minute low 100

ip inspect one-minute high 200

ip inspect udp idle-time 20

ip inspect tcp idle-time 1800

ip inspect tcp finwait-time 1

ip inspect tcp synwait-time 15

ip inspect tcp max-incomplete host 25 block-time 0

ip inspect name my-fw smtp

ip inspect name my-fw ftp

ip inspect name my-fw tcp

ip inspect name my-fw fragment maximum 128 timeout 1

ip inspect name my-fw icmp

ip inspect name my-fw udp timeout 10

ip inspect name my-fw http

ip audit notify log

ip audit po max-events 100

ip audit name IDS_in info action alarm

ip audit name IDS_in attack action alarm drop reset

ip audit name IDS_out info action alarm

ip audit name IDS_out attack action alarm drop reset

ip ssh time-out 60

ip ssh authentication-retries 2

!

no ftp-server write-enable

!

class-map match-all CM-eMule

match access-group name ACL-eMule

! ! !

interface Ethernet0

description "LAN"

ip address 192.168.5.1 255.255.255.0

ip nat inside

!

interface Ethernet1

description Internet LAN

ip address dhcp

ip access-group ACL-Firewall-ISP in

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip inspect my-fw out

duplex auto

no cdp enable

!

interface FastEthernet1

no ip address

duplex auto

speed auto

!

interface FastEthernet2

no ip address

duplex auto

speed auto

!

interface FastEthernet3

no ip address

duplex auto

speed auto

!

interface FastEthernet4

no ip address

duplex auto

speed auto

!

ip nat translation timeout 300

ip nat inside source route-map RM-InternetNAT interface Ethernet1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 dhcp

no ip http server

no ip http secure-server

ip dns server

! !

ip access-list standard ACL-LAN-NAT

permit 192.168.5.0 0.0.0.255

ip access-list standard ACL-VTY

permit 192.168.5.0 0.0.0.255

deny any log

!

ip access-list extended ACL-Firewall-ISP

remark Prevent Cisco Vunerability

deny 53 any any

deny 55 any any

deny 77 any any

deny pim any any

remark To allow DHCP

permit udp any eq bootps any eq bootpc

remark Block spoofing DoS attacks

deny ip 0.0.0.0 0.255.255.255 any

deny ip 10.0.0.0 0.255.255.255 any

deny ip 127.0.0.0 0.255.255.255 any

deny ip 169.254.0.0 0.0.255.255 any

deny ip 172.16.0.0 0.15.255.255 any

deny ip 192.0.2.0 0.0.0.255 any

deny ip 192.168.0.0 0.0.255.255 any

deny ip 224.0.0.0 31.255.255.255 any

deny ip host 255.255.255.255 any

remark Allow NTP

permit udp any any eq ntp remark Begin DNS Permits

permit udp any eq domain any

deny ip any any log !

ip access-list extended ACL-eMule

permit udp any any eq 4672

permit tcp any any eq 4662

permit tcp any eq 4662 any

permit udp any eq 4672 any !

route-map RM-InternetNAT permit 20

match ip address ACL-LAN-NAT

!

alias exec siib show ip int brief

alias exec sir show ip route

alias exec tm term mon

alias exec tnm term no mon

alias exec sint show ip nat trans

alias exec ct conf t

alias exec sr show run

!

line con 0

no modem enable

line aux 0

line vty 0 4

access-class ACL-VTY in

privilege level 15

logging synchronous

transport input telnet ssh

!

scheduler max-task-time 5000

sntp server 158.43.128.33

sntp server 158.43.128.66

sntp server 158.43.192.66

!

end

Reply to
Al

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.