[afnog] Cisco 1841 ISR problem

Gwladys Hountomey gwladysh at iservices.tg
Tue Oct 11 07:09:03 UTC 2011 

The configuration I sent is a basic PAT configuration that works if:
- Your next hope connected to your interface fa0/0 is well configured or don't face any issue
- Your ISP do not have any public IP routing issue in the case your Cisco router  directly goes through your ISP 

And if you are you getting IP address from a next hope through PPP for exemple, you might need to configure a 3rd virtual interface with PPP encapsulation and authentication and then use that virtual interface for your IP route and your  ip nat inside overload
(Hope my english has been well understood). 
  ----- Original Message ----- 
  From: david aliata 
  To: mtinka at globaltransit.net 
  Cc: Gwladys Hountomey ; afnog at afnog.org 
  Sent: Tuesday, October 11, 2011 5:43 AM
  Subject: Re: [afnog] Cisco 1841 ISR problem


  Hi All,

  I tried Gwladys suggestions and some developments.I can now go past my router to the VSAT modem and no more.Note connecting directly shows link is up and 

  i can browse.Any other suggestions at this point?

  interface FastEthernet0/0
   description link to
   ip address **.***.***.*** 255.255.255.248
   ip nat outside
   ip virtual-reassembly
   duplex auto
   speed auto
  !
  interface FastEthernet0/1
   ip address 192.168.1.1 255.255.255.0
   ip nat inside
   ip virtual-reassembly
   duplex auto
   speed auto
  !
  interface Serial0/0/0
   no ip address
   shutdown
  !
  ip classless
  ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
  !
  !
  ip http server
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 600 life 86400 requests 10000
  ip nat inside source list 1 interface FastEthernet0/0 overload
  !
  access-list 1 permit 192.168.1.0 0.0.0.255
  !
  !
  !
  !


  On Tue, Oct 11, 2011 at 3:51 AM, Mark Tinka <mtinka at globaltransit.net> wrote:

    On Tuesday, October 11, 2011 07:25:09 AM Gwladys Hountomey
    wrote:


    > I don't know how you want to design your network but
    > 1- You are using /27 with 0.0.0.255 wildcard mask.
    > 2- Remove access-list 1 permit 192.168.0.0 0.0.0.255 (I
    > don't know if it is necessary)


    That shouldn't matter.

    The ACL merely defines a range the router should look out
    for. It doesn't tie any IP address to a particular subnet
    mask, i.e., the router is running in VLSM mode.

    Yes, it would be more consistent if the ACL followed the
    subnet mask in use, but in this case, it certainly doesn't
    pose a problem.

    Mark.




  -- 
  Regards!

  Aliata D.

  "I have seen something else under the sun: The race is not to the swift or the battle to the strong, nor does food come to the wise or wealth to the brilliant or favor to the learned; but time and chance happen to them all". Ecclesiastes 9:11



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://afnog.org/pipermail/afnog/attachments/20111011/2d0ba7a4/attachment-0001.html>

More information about the afnog mailing list