1. Home
  2. Cisco Systems
  3. Cisco 1700 Router

Cisco 1700 Router

I have configured my Cisco 1700 router to access the Internet through my Westell Model 6100 modem using a 1ENET WIC. I can ping my modem at

192.168.1.1 but I am unable to access the Internet through my router. The Internet passes through the 1ENET and my LAN is on the FastEthernet0. My configuration of my router is below:

! ****************************************************************** ! Cisco1720.cfg - Cisco router configuration file ! Automatically created by Cisco ConfigMaker v2.6 Build 6 ! Friday, July 25, 2008, 07:59:40 AM ! ! Hostname: Cisco1720 ! Model: 1720 ! ****************************************************************** ! service timestamps debug uptime service timestamps log uptime service password-encryption no service tcp-small-servers no service udp-small-servers ! hostname Cisco1720 ! enable password char0912 ! no ip name-server ! ip subnet-zero no ip domain-lookup ip routing ! interface FastEthernet 0 no shutdown description connected to EthernetLAN ip address 192.168.7.1 255.255.255.0 ip nat inside keepalive 10 ! interface Ethernet 0 no shutdown description connected to Internet ip address 192.168.1.2 255.255.255.0 ip nat outside keepalive 10 ! ! Access Control List 1 ! no access-list 1 access-list 1 permit 192.168.7.0 0.0.0.255 ! ! Dynamic NAT ! ip nat translation timeout 86400 ip nat translation tcp-timeout 86400 ip nat translation udp-timeout 300 ip nat translation dns-timeout 60 ip nat translation finrst-timeout 60 ip nat inside source list 1 interface Ethernet 0 overload ! router rip version 2 network 192.168.7.0 passive-interface Ethernet 0 no auto-summary ! ! ip classless ! ! IP Static Routes ip route 0.0.0.0 0.0.0.0 Ethernet 0 no ip http server snmp-server community public RO no snmp-server location no snmp-server contact ! line console 0 exec-timeout 0 0 password kc9bzf login ! line vty 0 4 password kc9bzf login ! end Any help would be greatly appreciated.

Reply to
Charles StClair
Loading thread data ...

Could your access-list for NAT possibly be being ignored?

no access-list 1 access-list 1 permit 192.168.7.0 0.0.0.255

Reply to
braydonsdad

No, the configuration, as read from top to bottom, would first eliminate any access-list 1 and then secondly would build the access-list.

----- Scott Perry Indianapolis, IN

-----

Reply to
Scott Perry

I must consider your modem to be a router which provides PPPoE, DNS proxy and NAT services. Sorry about being picky on the terminology but it makes a big difference!

I ran your Cisco 1720 router configuration through a 2600 series router and it worked. I did consider that some sections could be improved to my preference, but I cannot debate that it did perform NAT and allow inside access to the outide. The additional solutions that I see not only deal with your routing, but also that you do not provide DHCP to your inside hosts which the "modem" would have done. You need to make sure that DNS resolution works for your inside systems as well. Without DNS resolution, only connections to specific IP addresses will work, not connections to systems based on fully qualified domain name (FQDN) like

formatting link

Below are the sections, "routing", "dhcp", and "advice" which make up the remainder of this posting.

ROUTING: > ip route 0.0.0.0 0.0.0.0 Ethernet 0 This default route points out interface Ethernet0, but it does not specify the next hop. Think like your router: how does it know what IP address on Ethernet0 the traffic will be routed to out of the 256 IP addresses in that subnet on interface Ethernet0? Help your router out by making a more specific default route: no ip route 0.0.0.0 0.0.0.0 Ethernet0 ip route 0.0.0.0 0.0.0.0 192.168.1.1 OR no ip route 0.0.0.0 0.0.0.0 Ethernet0 ip route 0.0.0.0 0.0.0.0 Ethernet0 192.168.1.1

DHCP: How do your inside hosts know what IP address information to use? How do your inside hosts know what DNS server to use? Your "modem" is performing DNS proxy. I think that is your current problem. Your inside PC may be trying to web browse some Internet FQDN and is not resolving it to an IP address. Try throwing this DHCP configuration in place: ip dhcp excluded-address 192.168.7.1 ip dhcp pool insidelan network 192.168.7.0 255.255.255.0 domain-name network.net dns-server 192.168.1.1 This will enable the Cisco 1720 router to act as a DHCP server for DHCP requests from the interface facing the 192.168.7.0 255.255.255.0 network, which is FastEthernet 0. Change the domain-name as you like. Now your inside PCs can lease an IP address and have the correct DNS server information.

ADVICE: The Westell modem appears to have a bridging mode which you might want to take into consideration. Based on what I read, it appears that you will be configuring the Cisco 1720 router to do percisely what the Westell modem/router is doing: route to the Internet using NAT. No more posting passwords in your configuration!

----- Scott Perry Indianapolis, IN

-----

Reply to
Scott Perry

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.