1. Home
  2. Cisco Systems
  3. Cisco 1721 - Help with DNS Resolution and VPN Connectivity

Cisco 1721 - Help with DNS Resolution and VPN Connectivity

I have a Cisco 1721 connected between a cable modem and home network with the help of a WIC-1ENET card. Router get a DHCP address on the cable-modem side. Router runs DHCP on the home network side and that works fine. Routing between the two networks also works.

My question is two fold:

  1. Home network doesn't have a DNS server; I can ping from device to device by IP on the home network but not by name - I can ping by name to internet. Can DNS running on router allow internal name resolution?
  2. I tried to configure VPN connectivity from the internet into my Home Network using Cisco VPN Client on an XP external machine. I can authenticate with user and password when connecting however can't ping anything other than the router once connected. Local pool is part of same subnet so I add reverse-route however it still does route to the other internal clients by IP.

Any help on the two would be appreciated. BTW: If it matters, I'm running C1700-BK9NO3R2SY7-M. Thanks.

My config is:

version 12.3 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname c1721 ! boot-start-marker boot-end-marker ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 warnings enable secret 5 ***hidden*** ! username config privilege 15 password 7 ***hidden**** username extuser secret 5 ***hidden*** clock timezone EST -5 clock summer-time EST recurring mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 aaa new-model ! ! aaa authentication login default local aaa authentication login userlist local aaa authorization network grouplist local aaa session-id common ip subnet-zero no ip source-route ip icmp redirect host ! ! ip dhcp excluded-address 192.168.2.1 192.168.2.240 ip dhcp excluded-address 192.168.2.251 192.168.2.254 ! ip dhcp pool 1 import all network 192.168.2.0 255.255.255.0 default-router 192.168.2.1 domain-name home.carolina.rr.com dns-server 192.168.2.1 lease 14 ! ! ip tcp synwait-time 10 ip tftp source-interface FastEthernet0 ip domain lookup source-interface FastEthernet0 ip domain name home.carolina.rr.com no ip bootp server ip cef ip ids po max-events 100 no ftp-server write-enable ! ! ! ! ! ! crypto isakmp policy 1 authentication pre-share ! crypto isakmp policy 2 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group vpngroup key ***hidden*** pool vpnclients acl 106 ! ! crypto ipsec transform-set tr-null-sha esp-null esp-sha-hmac crypto ipsec transform-set tr-des-md5 esp-des esp-md5-hmac crypto ipsec transform-set tr-des-sha esp-des esp-sha-hmac crypto ipsec transform-set tr-3des-sha esp-3des esp-sha-hmac crypto ipsec df-bit clear ! crypto dynamic-map vpnusers 1 description VPN Users set transform-set tr-des-md5 reverse-route ! ! crypto map cm-cryptomap client authentication list userlist crypto map cm-cryptomap isakmp authorization list grouplist crypto map cm-cryptomap client configuration address respond crypto map cm-cryptomap 65000 ipsec-isakmp dynamic vpnusers ! ! ! interface Null0 no ip unreachables ! interface Ethernet0 description Connected to Internet$FW_OUTSIDE$ ip address dhcp ip access-group 103 in no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly ip route-cache flow half-duplex no cdp enable crypto map cm-cryptomap ! interface FastEthernet0 description Connected to Home$FW_INSIDE$ ip address 192.168.2.1 255.255.255.0 ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly ip route-cache flow speed auto no cdp enable ! ip local pool vpnclients 192.168.2.231 192.168.2.240 ip classless no ip http server ip http access-class 10 ip http authentication local ip http secure-server ip nat inside source route-map nonat interface Ethernet0 overload ! ip dns server ! ! access-list 1 remark The Local LAN access-list 1 permit 192.168.2.0 0.0.0.255 access-list 10 remark HTTP Server Access access-list 10 permit 192.168.2.0 0.0.0.255 access-list 10 deny any access-list 100 remark LAN In access-list 100 permit udp any any eq bootpc access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.25 any access-list 100 permit ip any any access-list 101 remark VTY Access-class list access-list 101 permit ip 192.168.2.0 0.0.0.255 any access-list 101 deny ip any any access-list 103 remark Interface WAN access-list 103 permit ip host 192.168.2.231 192.168.2.0 0.0.0.255 access-list 103 permit ip host 192.168.2.232 192.168.2.0 0.0.0.255 access-list 103 permit ip host 192.168.2.233 192.168.2.0 0.0.0.255 access-list 103 permit ip host 192.168.2.234 192.168.2.0 0.0.0.255 access-list 103 permit ip host 192.168.2.235 192.168.2.0 0.0.0.255 access-list 103 permit ip host 192.168.2.236 192.168.2.0 0.0.0.255 access-list 103 permit ip host 192.168.2.237 192.168.2.0 0.0.0.255 access-list 103 permit ip host 192.168.2.238 192.168.2.0 0.0.0.255 access-list 103 permit ip host 192.168.2.239 192.168.2.0 0.0.0.255 access-list 103 permit ip host 192.168.2.240 192.168.2.0 0.0.0.255 access-list 103 permit udp any any eq non500-isakmp access-list 103 permit udp any any eq isakmp access-list 103 permit esp any any access-list 103 permit ahp any any access-list 103 deny udp any any eq bootps access-list 103 deny udp any any eq snmp access-list 103 deny udp any any eq snmptrap access-list 103 permit ip any any access-list 105 remark Traffic to NAT access-list 105 deny ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 105 permit ip 192.168.2.0 0.0.0.255 any access-list 106 remark User to Site VPN Clients access-list 106 permit ip 192.168.2.0 0.0.0.255 any no cdp run ! route-map nonat permit 1 match ip address 105 ! ! control-plane ! banner login ^C (c1721) Authorized Access Only!

UNAUTHORIZED ACCESS TO THIS DEVICE PROHIBITED. You must have explicit permission to access this device. All activities performed on this device are logged.

^C ! line con 0 transport output telnet line aux 0 transport output telnet line vty 0 4 access-class 101 in privilege level 15 transport input telnet ssh line vty 5 15 access-class 101 in privilege level 15 transport input telnet ssh ! scheduler allocate 4000 1000 scheduler interval 500 ntp clock-period 17179958 ntp source Ethernet0 ntp server 129.6.15.29 ntp server 129.6.15.28 end

Reply to
X
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.