Hi,
Please see below config for my 857W. The basic topology is that I have one cisco857W and various servers and internal wired and wireless clients on the 192.168.0.1 255.255.255.0 network. There are a number of services running on the local lan, DNS and DHCP is also provided by a local server on the same subnet as the router.
The router sits on 192.168.0.254 and needs to act as the local gateway for both wired and wireless clients. With this config, the wireless clients can connect and authenticate get DHCP'd from the local network server and are good to go. However I cannot get any packets out of either the lan or wifi clients. I can ping the outside public address xxx.xxx.xxx.xxx and also the router from any client, but cannot get any packets out.
I also need to poke holes in the firewall for 3 services see config.
Any help would be really appreciated, I have now come to the limit of my ability and read as much as I can about this.
Cheers Spart
!This is the show startup-config output of the router: show startup-config !----------------------------------------------------------------------------
Using 6903 out of 131072 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname fred ! boot-start-marker boot-end-marker ! logging buffered 51200 warnings enable secret 5 ! no aaa new-model ! resource policy ! clock timezone PCTime 0 clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00 ip dhcp excluded-address 10.10.10.1 ! ! ip cef ip inspect name SDM_LOW cuseeme ip inspect name SDM_LOW dns ip inspect name SDM_LOW ftp ip inspect name SDM_LOW h323 ip inspect name SDM_LOW https ip inspect name SDM_LOW icmp ip inspect name SDM_LOW imap ip inspect name SDM_LOW pop3 ip inspect name SDM_LOW rcmd ip inspect name SDM_LOW realaudio ip inspect name SDM_LOW rtsp ip inspect name SDM_LOW esmtp ip inspect name SDM_LOW sqlnet ip inspect name SDM_LOW streamworks ip inspect name SDM_LOW tftp ip inspect name SDM_LOW tcp ip inspect name SDM_LOW udp ip inspect name SDM_LOW vdolive ip domain name localdomain ip name-server 192.168.0.1 ! ! crypto pki trustpoint TP-self-signed-1133152170 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1133152170 revocation-check none rsakeypair TP-self-signed-1133152170 ! ! crypto pki certificate chain TP-self-signed-1133152170 certificate self-signed 01 nvram:IOS-Self-Sig#3005.cer username ourusername privilege 15 secret 5 ! ! ! bridge irb ! ! interface ATM0 no ip address no atm ilmi-keepalive dsl operating-mode auto ! interface ATM0.1 point-to-point no snmp trap link-status pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface Dot11Radio0 no ip address ip access-group 100 in ip nat inside ip virtual-reassembly ! encryption key 1 size 40bit 0 xxxxxxxxxx transmit-key encryption mode wep mandatory ! ssid ouroffice authentication open guest-mode ! speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0 station-role root bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Vlan1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$ no ip address ip access-group 100 in ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 bridge-group 1 ! interface Dialer0 description $FW_OUTSIDE$ ip address xxx.xxx.xxx.xxx 255.255.255.248 ip access-group 102 in ip inspect SDM_LOW out ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname ourhostname ppp chap password 0 ourpassword ! interface BVI1 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$ ip address 192.168.0.254 255.255.255.0 ip access-group 100 in ip tcp adjust-mss 1452 ! ip route 0.0.0.0 0.0.0.0 Dialer0 ! ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip nat inside source list 1 interface Dialer0 overload ip nat inside source static tcp 192.168.0.1 1000 interface Dialer0 3000 ip nat inside source static tcp 192.168.0.1 2000 interface Dialer0 2500 ip nat inside source static tcp 192.168.0.1 143 interface Dialer0 143 ! access-list 1 remark SDM_ACL Category=2 access-list 1 permit 192.168.0.0 0.0.0.255 access-list 23 remark SDM_ACL Category=16 access-list 23 permit 192.168.0.0 0.0.0.255 access-list 100 remark Auto generated by SDM Management Access feature access-list 100 remark SDM_ACL Category=1 access-list 100 deny ip xxx.xxx.xxx.xxx 0.0.0.7 any access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit udp 192.168.0.0 0.0.0.255 eq domain any access-list 100 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.254 eq telnet access-list 100 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.254 eq 22 access-list 100 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.254 eq www access-list 100 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.254 eq 443 access-list 100 permit tcp 192.168.0.0 0.0.0.255 host 192.168.0.254 eq cmd access-list 100 deny tcp any host 192.168.0.254 eq telnet access-list 100 deny tcp any host 192.168.0.254 eq 22 access-list 100 deny tcp any host 192.168.0.254 eq www access-list 100 deny tcp any host 192.168.0.254 eq 443 access-list 100 deny tcp any host 192.168.0.254 eq cmd access-list 100 deny udp any host 192.168.0.254 eq snmp access-list 100 permit ip any any access-list 101 remark SDM_ACL Category=1 access-list 101 permit ip 192.168.0.0 0.0.0.255 any access-list 101 remark SDM_ACL Category=1 access-list 101 permit tcp any any eq 143 access-list 102 remark auto generated by SDM firewall configuration access-list 102 remark SDM_ACL Category=1 access-list 102 deny ip 192.168.0.0 0.0.0.255 any access-list 102 remark Allow worldclient Access access-list 102 permit tcp any eq 1000 any eq 1000 access-list 102 permit tcp any eq 2000 any eq 2000 access-list 102 permit tcp any eq 143 any eq 143 access-list 102 permit icmp any host xxx.xxx.xxx.xxx echo-reply access-list 102 permit icmp any host xxx.xxx.xxx.xxx time-exceeded access-list 102 permit icmp any host xxx.xxx.xxx.xxx unreachable access-list 102 deny ip 10.0.0.0 0.255.255.255 any access-list 102 deny ip 172.16.0.0 0.15.255.255 any access-list 102 deny ip 192.168.0.0 0.0.255.255 any access-list 102 deny ip 127.0.0.0 0.255.255.255 any access-list 102 deny ip host 255.255.255.255 any access-list 102 deny ip host 0.0.0.0 any access-list 102 deny ip any any log dialer-list 1 protocol ip permit ! control-plane ! bridge 1 protocol ieee bridge 1 route ip banner login ^CCC
----------------------------------------------------------------------- Cisco Router and Security Device Manager (SDM) is installed on this device. This feature requires the one-time use of the username "cisco" with the password "cisco". The default username and password have a privilege level of 15.
Please change these publicly known initial credentials using SDM or the IOS CLI. Here are the Cisco IOS commands.
username privilege 15 secret 0 no username cisco
Replace and with the username and password you want to use.
For more information about SDM please follow the instructions in the QUICK START GUIDE for your router or go to