router Cisco 871 no internet no access

Similar Questions

• Router Cisco 871 as a VPN server

  Hello!

  I have a Cisco 871 router which I want to implement a VPN (PPTP) server at home, so that I could connect to it from outside (from an Internet café, for example).

  All I need is to be able to use my IP of the home across the world just by connecting to the VPN through PPTP. The router would be the only thing connected to the internet in my house and it is not all of the devices connected to the router. Remote access to my IP is all I need.

  The problem is that I have no idea how to do that.

  So I would really appreciate if someone could help me with this,

  Thank you!

  Read the below URL

  http://www.Cisco.com/en/us/products/ps5855/products_configuration_example09186a0080ab7073.shtml

  HTH >

• Help setting up a router Cisco 871 for home...

  871

  Hello Andrew,.

  Alain you provided the entire configuration of what you asked, but I think you also need to configure NAT in order to access internet from PC LAN.

  Reason for this is that get you the WAN IP address and default route ISP, for example:

  IP: 10.0.0.1

  Mask: 255.255.255.0

  Gateway: 10.0.0.254

  But your ISP guess you connect only a single PC, so only 10.0.0.1 IP address will have access to the internet. ISP will pass all traffic of 192.168.10.0/24 and 192.168.20.0/24 because these networks are unknown to the ISP. You will need to NAT your internal networks to your WAN IP 10.0.0.1.

  Here is the configuration:

  NAT_ACL extended IP access list

  deny ip 192.168.10.0 0.0.0.255 192.168.10.0 0.0.0.255

  deny ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255

  deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255

  deny ip 192.168.20.0 0.0.0.255 192.168.20.0 0.0.0.255

  permit ip 192.168.10.0 0.0.0.255 any

  ip licensing 192.168.20.0 0.0.0.255 any

  refuse an entire ip

  NAT_MAP route map
  

  corresponds to the IP NAT_ACL

  IP nat inside source overload map route NAT_MAP interface FastEthernet4

  interface Vlan10

  IP nat inside

  interface Vlan20

  IP nat inside

  interface FastEthernet4

  NAT outside IP

  Last thing, it is not necessary, but maybe you want to prevent users of VLANS to access your internal network:

  Restrict_GUESTS extended IP access list

  deny ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255

  ip licensing 192.168.20.0 0.0.0.255 any

  refuse an entire ip

  interface Vlan20

  IP access-group Restrict_GUESTS in

  Best regards

  Please note all useful messages and close issues resolved

• Pass Cisco 871 and VPN to the SBS 2008 Server

  to precede the questions below, I'm responsible for COMPUTING internal with several years of site / offsite support. I also have very limited knowledge of the inner workings of a Cisco device. That said, I've beaten my head against a wall, trying to configure my router Cisco 871 to allow access to our internal server of SBS 2008 VPN hosting services. I think I, and properly configured the SBS 2008 Server.

  I use advanced IP services, version 12.4 (4) T7

  Here is the \windows\system32\conifg\system running

  Building configuration...

  Current configuration: 9414 bytes
  !
  version 12.4
  no service button
  tcp KeepAlive-component snap-in service
  a tcp-KeepAlive-quick service
  horodateurs service debug datetime localtime show-timezone msec
  Log service timestamps datetime localtime show-timezone msec
  encryption password service
  sequence numbers service
  !
  hostname yourname
  !
  boot-start-marker
  boot-end-marker
  !
  Security of authentication failure rate 3 log
  Passwords security min-length 6
  logging buffered debugging 51200
  recording console critical
  enable secret 5 *.

  !
  No aaa new-model
  !
  resources policy
  !
  PCTime-5 timezone clock
  PCTime of summer time clock day April 6, 2003 02:00 October 26, 2003 02:00
  IP subnet zero
  no ip source route
  IP cef
  !
  !
  !
  !
  synwait-time of tcp IP 10
  no ip bootp Server
  "yourdomain.com" of the IP domain name
  name of the IP-server 65.24.0.168
  name of the IP-server 65.24.0.196
  property intellectual ssh time 60
  property intellectual ssh authentication-2 retries
  inspect the IP name DEFAULT100 appfw DEFAULT100
  inspect the IP name DEFAULT100 cuseeme
  inspect the IP name DEFAULT100 ftp
  inspect the IP h323 DEFAULT100 name
  inspect the IP icmp DEFAULT100 name
  inspect the IP name DEFAULT100 netshow
  inspect the IP rcmd DEFAULT100 name
  inspect the IP name DEFAULT100 realaudio
  inspect the name DEFAULT100 rtsp IP
  inspect the IP name DEFAULT100 sqlnet
  inspect the name DEFAULT100 streamworks IP
  inspect the name DEFAULT100 tftp IP
  inspect the IP udp DEFAULT100 name
  inspect the name DEFAULT100 vdolive IP
  inspect the name DEFAULT100 http urlfilter IP
  inspect the IP router-traffic tcp name DEFAULT100
  inspect the IP name DEFAULT100 https
  inspect the IP dns DEFAULT100 name
  urlfilter IP interface-source FastEthernet4
  property intellectual urlfilter allow mode on
  urlfilter exclusive-area IP Deny. Facebook.com
  refuse the urlfilter exclusive-domain IP. spicetv.com
  refuse the urlfilter exclusive-domain IP. AddictingGames.com
  urlfilter exclusive-area IP Deny. Disney.com
  urlfilter exclusive-area IP Deny. Fest
  refuse the urlfilter exclusive-domain IP. freeonlinegames.com
  refuse the urlfilter exclusive-domain IP. hallpass.com
  urlfilter exclusive-area IP Deny. CollegeHumor.com
  refuse the urlfilter exclusive-domain IP. benmaller.com
  refuse the urlfilter exclusive-domain IP. gamegecko.com
  refuse the urlfilter exclusive-domain IP. ArmorGames.com
  urlfilter exclusive-area IP Deny. MySpace.com
  refuse the urlfilter exclusive-domain IP. Webkinz.com
  refuse the urlfilter exclusive-domain IP. playnow3dgames.com
  refuse the urlfilter exclusive-domain IP. ringtonemecca.com
  refuse the urlfilter exclusive-domain IP. smashingames.com
  urlfilter exclusive-area IP Deny. Playboy.com
  refuse the urlfilter exclusive-domain IP. pokemoncrater.com
  refuse the urlfilter exclusive-domain IP. freshnewgames.com
  refuse the urlfilter exclusive-domain IP. Toontown.com
  urlfilter exclusive-area IP Deny .online-Funny - Games.com
  urlfilter exclusive-area IP Deny. ClubPenguin.com
  refuse the urlfilter exclusive-domain IP. hollywoodtuna.com
  refuse the urlfilter exclusive-domain IP. andkon.com
  urlfilter exclusive-area IP Deny. rivals.com
  refuse the urlfilter exclusive-domain IP. moregamers.com
  !
  policy-name appfw DEFAULT100
  http request
  port-bad use p2p action reset alarm
  port-abuse im action reset alarm
  Yahoo im application
  default action reset service
  service-chat action reset
  Server deny name scs.msg.yahoo.com
  Server deny name scsa.msg.yahoo.com
  Server deny name scsb.msg.yahoo.com
  Server deny name scsc.msg.yahoo.com
  Server deny name scsd.msg.yahoo.com
  Server deny name messenger.yahoo.com
  Server deny name cs16.msg.dcn.yahoo.com
  Server deny name cs19.msg.dcn.yahoo.com
  Server deny name cs42.msg.dcn.yahoo.com
  Server deny name cs53.msg.dcn.yahoo.com
  Server deny name cs54.msg.dcn.yahoo.com
  Server deny name ads1.vip.scd.yahoo.com
  Server deny name radio1.launch.vip.dal.yahoo.com
  Server deny name in1.msg.vip.re2.yahoo.com
  Server deny name data1.my.vip.sc5.yahoo.com
  Server deny name address1.pim.vip.mud.yahoo.com
  Server deny name edit.messenger.yahoo.com
  Server deny name http.pager.yahoo.com
  Server deny name privacy.yahoo.com
  Server deny name csa.yahoo.com
  Server deny name csb.yahoo.com
  Server deny name csc.yahoo.com
  audit stop trail
  aol im application
  default action reset service
  service-chat action reset
  Server deny name login.oscar.aol.com
  Server deny name toc.oscar.aol.com
  Server deny name oam - d09a.blue.aol.com
  audit stop trail
  !
  !
  Crypto pki trustpoint TP-self-signed-1955428496
  enrollment selfsigned
  name of the object cn = IOS - Self - signed - certificate - 1955428496
  revocation checking no
  rsakeypair TP-self-signed-1955428496
  !
  !
  TP-self-signed-1955428496 crypto pki certificate chain
  certificate self-signed 01
  308201B 8 A0030201 02020101 3082024F 300 D 0609 2A 864886 F70D0101 04050030
  2 060355 04031326 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 31312F30
  69666963 31393535 34323834 6174652D 3936301E 170 3032 30333031 30303035
  33315A 17 0D 323030 31303130 30303030 305A 3031 06035504 03132649 312F302D
  4F532D53 5369676E 656C662D 43 65727469 66696361 74652 31 39353534 65642D
  32383439 3630819F 300 D 0609 2A 864886 01050003, 818, 0030, 81890281 F70D0101
  8100CB6B E980F044 5FFD1DAE CBD35DE8 E3BE2592 DF0B2882 2F522195 4583FA03
  40F4DAC6 CEAD479F A92607D4 1 B 033714 51C3A84D EA837959 F5FC6508 4D71F8E6
  5B124BB3 31F0499F B0E871DB AF354991 7D45F180 5D8EE435 77C8455D 2E46DE46
  67791F49 44407497 DD911CB7 593E121A 0892DF33 3234CF19 B2AE0FFD 36A640DC
  2 010001 HAS 3 990203 AND 77307530 1 130101 FF040530 030101FF 30220603 0F060355 D
  1104 1B 301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D 551D
  301F0603 C 551 2304 18301680 145566 4581F9CD 7 5F1A49FB 49AC9EC4 678908FF
  2A301D06 04160414 5566 745 81F9CD5F 1A49FB49 AC9EC467 8908FF2A 03551D0E
  300 D 0609 2A 864886 818100B 3 04050003 903F5FF8 A2199E9E EA8CDA5D F70D0101
  60B2E125 AA3E511A C312CC4F 0130563F 28D3C813 99022966 664D52FA AB1AA0EE
  9A5C4823 6B19EAB1 7ACDA55F 6CEC4F83 5292 HAS 867 BFC65DAD A2391400 DA12860B
  5A 523033 E6128892 B9BE68E9 73BF159A 28D47EA7 76E19CC9 59576CF0 AF3DDFD1
  3CCF96FF EB5EB4C9 08366F8F FEC944CA 248AC7
  quit smoking
  secret of username admin privilege 15 5 *.

  !
  !
  Policy-map sdmappfwp2p_DEFAULT100
  !
  !
  !
  !
  !
  !
  interface FastEthernet0
  !
  interface FastEthernet1
  !
  interface FastEthernet2
  !
  interface FastEthernet3
  !
  interface FastEthernet4
  Description $$$ FW_OUTSIDE$ $ES_WAN$ ETH - WAN
  address IP dhcp client id FastEthernet4
  IP access-group 101 in
  no ip redirection
  no ip unreachable
  no ip proxy-arp
  NAT outside IP
  inspect the DEFAULT100 over IP
  IP virtual-reassembly
  route IP cache flow
  automatic duplex
  automatic speed
  sdmappfwp2p_DEFAULT100 of service-policy input
  out of service-policy sdmappfwp2p_DEFAULT100
  !
  interface Vlan1
  Description $ETH - SW - LAUNCH$ $INTF - INFO - HWIC-$4ESW $ES_LAN$ $FW_INSIDE$
  the IP 192.168.0.1 255.255.255.0
  IP access-group 100 to
  no ip redirection
  no ip unreachable
  no ip proxy-arp
  IP nat inside
  IP virtual-reassembly
  route IP cache flow
  IP tcp adjust-mss 1452
  !
  IP classless
  !
  !
  IP http server
  local IP http authentication
  IP http secure server
  IP http timeout policy slowed down 60 life 86400 request 10000
  the IP nat inside source 1 list the interface FastEthernet4 overload
  IP nat inside source static tcp 192.168.0.100 1723 1723 interface FastEthernet4
  IP nat inside source static tcp 192.168.0.100 25 25 FastEthernet4 interface
  IP nat inside source static tcp interface 192.168.0.100 80 80 FastEthernet4
  IP nat inside source static tcp 192.168.0.100 interface FastEthernet4 443 443
  IP nat inside source static tcp 192.168.0.100 interface FastEthernet4 987 987
  !
  recording of debug trap
  Note access-list 1 INSIDE_IF = Vlan1
  Remark SDM_ACL category of access list 1 = 2
  access-list 1 permit 192.168.0.0 0.0.0.255
  access-list 100 remark self-generated by the configuration of the firewall Cisco SDM Express
  Access-list 100 = 1 SDM_ACL category note
  access-list 100 deny ip 255.255.255.255 host everything
  access-list 100 deny ip 127.0.0.0 0.255.255.255 everything
  access ip-list 100 permit a whole
  access list 101 remark self-generated by the configuration of the firewall Cisco SDM Express
  Note access-list 101 = 1 SDM_ACL category
  access-list 101 permit tcp any any eq 1723
  access-list 101 permit tcp any any eq 987
  access-list 101 permit tcp any any eq 443
  access-list 101 permit tcp any any eq www
  access-list 101 permit tcp any any eq smtp
  access-list 101 permit udp host 65.24.0.169 eq field all
  access-list 101 permit udp host 65.24.0.168 eq field all
  access-list 101 permit udp host 24.29.1.219 eq field all
  access-list 101 permit udp host 24.29.1.218 eq field all
  access-list 101 permit udp any eq bootps any eq bootpc
  access-list 101 deny ip 192.168.0.0 0.0.0.255 any
  access-list 101 permit icmp any any echo response
  access-list 101 permit icmp any one time exceed
  access-list 101 permit everything all unreachable icmp
  access-list 101 deny ip 10.0.0.0 0.255.255.255 everything
  access-list 101 deny ip 172.16.0.0 0.15.255.255 all
  access-list 101 deny ip 192.168.0.0 0.0.255.255 everything
  access-list 101 deny ip 127.0.0.0 0.255.255.255 everything
  access-list 101 deny ip 255.255.255.255 host everything
  access-list 101 deny ip any one
  not run cdp
  !
  !
  control plan
  !
  connection of the banner ^ CCCCCAuthorized access only!
  Unplug IMMEDIATELY if you are not an authorized user. ^ C
  !
  Line con 0
  local connection
  no activation of the modem
  telnet output transport
  line to 0
  local connection
  telnet output transport
  line vty 0 4
  privilege level 15
  local connection
  transport input telnet ssh
  !
  max-task-time 5000 Planner
  Scheduler allocate 4000 1000
  Scheduler interval 500
  end

  All that top has been configured with the SDM interface. I hope someone here can take a look at this and see what my question is, and why I can't connect through the router.

  All thanks in advance to help me with this.

  Jason

  Based on your description, I am assuming that you are trying the traffic PPTP passthrough via the router 871, and the PPTP Protocol ends on your SBS 2008 Server.

  If this is the correct assumption, PPTP uses 2 protocols: TCP/1723 and GRE. Your configuration only allow TCP/1723, but not the GRE protocol.

  On 101 ACL, you must add "allow accord any any" before the declarations of refusal:

  101 extended IP access list

  1 allow any one

  I guess that the PPTP control connection works fine? Are you able to telnet to the router outside the ip address of the interface on port 1723?

• Cisco router some computers were able to access the internet.

  I'm having a weird problem recently that some computers were unable to browse some site. I even try to put in place a different router from cisco (cisco 2811) with IOS version 15.0 and the same configuration but still no luck. Tried to reboot all devices and I also try to use the computer that is having problem to access the web connect directly to the router, but the result is the same. FYI the router being works well for a month a few without this problem. I try to use the inexpensive router like the dlink / tplink and there is no problem. Another piece of information, it's the computer that could not browse some site were able to ping the website, but fail to load in the web browser. 10 computer there are 3 unit have this problem and new features such as my customer/guest computer also were unable to browse some site. There are no firewall or any security in our regard. It makes me crazy!

  My circuit diagram as below;

  WAN-> router (Cisco 2821)-> switch-> computer

  -See the version-

  Cisco IOS software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4 (24) T6, VERSION of the SOFTWARE (fc2)
  Technical support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2011 by Cisco Systems, Inc.
  Updated Wednesday, Aug 23, 11 01:30 by prod_rel_team

  ROM: System Bootstrap, Version 12.4 (13r) T, RELEASE SOFTWARE (fc1)

  Linear_Router uptime is 2 weeks, 3 days, 21 hours, 56 minutes
  System return to the ROM to reload at 12:49:51 MAS Thu Sep 1 2016
  System image file is "flash: c2800nm-adventerprisek9 - mz.124 - 24.T6.bin".

  This product contains cryptographic features and is under the United States
  States and local laws governing the import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third party approval to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. laws and local countries. By using this product you
  agree to comply with the regulations and laws in force. If you are unable
  to satisfy the United States and local laws, return the product.

  A summary of U.S. laws governing Cisco cryptographic products to:
  http://www.Cisco.com/WWL/export/crypto/tool/stqrg.html

  If you need assistance please contact us by mail at
  [email protected] / * /.

  Cisco 2821 (revision 53.51) with 249856K / 12288K bytes of memory.
  Card processor ID FHK1235F3T0
  2 gigabit Ethernet interfaces
  2 interfaces Serial (sync/async)
  1 ATM interface
  1 module of virtual private network (VPN)
  Configuration of DRAM is wide with parity 64-bit capable.
  239K bytes of non-volatile configuration memory.
  1000944K bytes of ATA CompactFlash (read/write)

  Configuration register is 0 x 2102

  -show running-config-

  Building configuration...

  Current configuration: 8378 bytes
  !
  version 12.4
  horodateurs service debug datetime msec
  Log service timestamps datetime localtime
  encryption password service
  !
  hostname Linear_Router
  !
  boot-start-marker
  start the flash system: c2800nm-adventerprisek9 - mz.124 - 24.T6.bin
  boot-end-marker
  !
  forest-meter operation of syslog messages
  logging buffered 16000
  enable password 7
  !
  AAA new-model
  !
  !
  AAA authentication login sdm_vpn_xauth_ml_1 local
  AAA authorization sdm_vpn_group_ml_1 LAN
  !
  !
  AAA - the id of the joint session
  clock timezone 8 MAS
  !
  dot11 syslog
  IP source-route
  !
  !
  IP cef
  No dhcp use connected vrf ip
  dhcp IP 30 binding cleanup interval
  DHCP excluded-address IP 192.168.88.1 192.168.88.141
  DHCP excluded-address IP 192.168.88.180 192.168.88.254
  !
  pool of dhcp IP LAN
  network 192.168.88.0 255.255.255.0
  router by default - 192.168.88.254
  domain losb.local
  Server DNS 8.8.8.8 8.8.4.4
  0 0 15 rental
  !
  !
  IP domain name losb.local
  8.8.8.8 IP name-server
  IP-server names 8.8.4.4
  !
  No ipv6 cef
  !
  Authenticated MultiLink bundle-name Panel
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  !
  voice-card 0
  !
  !
  Crypto pki trustpoint test_trustpoint_config_created_for_sdm
  e subject name =[email protected] / * /
  crl revocation checking
  !
  Crypto pki trustpoint TP-self-signed-3132623275
  enrollment selfsigned
  name of the object cn = IOS - Self - signed - certificate - 3132623275
  revocation checking no
  rsakeypair TP-self-signed-3132623275
  !
  !
  for the crypto pki certificate chain test_trustpoint_config_created_for_sdm
  TP-self-signed-3132623275 crypto pki certificate chain
  certificate self-signed 01
  30820250 308201B 9 A0030201 02020101 300 D 0609 2A 864886 F70D0101 04050030
  2 060355 04031326 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 31312F30
  69666963 33313332 36323332 6174652D 3735301E 170 3134 31323032 31393436
  35385A 17 0D 323030 31303130 30303030 305A 3031 06035504 03132649 312F302D
  4F532D53 5369676E 656C662D 43 65727469 66696361 74652 33 31333236 65642D
  32333237 3530819F 300 D 0609 2A 864886 01050003, 818, 0030, 81890281 F70D0101
  8569B 674 5F07B434 8E5F9D59 D298DB7E 51FBB58A B 460084 9 34AE8461 8100D01A
  471637 C F6CFC65F 9639C1C6 2 50CF9117 D459482F 1EF22E29 322F39AA 88 42306
  F4B6686A 161FDD3D 69B0647B 46FC7CD0 966C03E8 D6CF9181 8E2B3514 300D980B
  EE9225A6 173F7673 655A1DE8 FB720F13 0FD8E550 A7DDB314 50461510 A72C5DBE
  010001A 3 78307630 1 130101 FF040530 030101FF 30230603 0F060355 A1CF0203
  551D 1104 1C301A82 184C696E 6561725F 526F7574 65722E6C 6F73622E 6C6F6361
  23 04183016 8014FA7F D98E6D69 462EEAED 41BEC8D3 7042F812 03551D 6C301F06
  95B3301D 0603551D 0E041604 14FA7FD9 8E6D6946 2EEAED41 BEC8D370 42F81295
  B3300D06 092 HAS 8648 01040500 03818100 043EC1A4 7363A7FD 3AED777D 86F70D01
  CAAEC570 99 HAS 02166 A3958A66 0E5A5DD2 368C2F8B D9A96E69 9F57852C ACE0C67F
  73 D 17753 53BE14C4 824BE043 B8A52822 E38DBC3C C3F33787 813FD207 0AB04004
  E0303A2F 2A3BF5AA 81481429 F53C1EDD 8AC2EC48 D64DF89A 4D047B7C 6B 516970
  55EAFF10 B1453DBD ABC96845 FDF7AAF9 77B8C381
  quit smoking
  !
  !
  password username privilege 15 7 kent
  Archives
  The config log
  hidekeys
  !
  !
  crypto ISAKMP policy 1
  BA 3des
  preshared authentication
  Group 2
  !
  Configuration group customer crypto isakmp 11
  11 key
  DNS 8.8.8.8 8.8.4.4
  losb.local field
  pool SDM_POOL_1
  ACL 100
  Max-users 11
  ISAKMP crypto sdm-ike-profile-1 profile
  identity group game 11
  client authentication list sdm_vpn_xauth_ml_1
  ISAKMP authorization list sdm_vpn_group_ml_1
  client configuration address respond
  virtual-model 1
  !
  !
  Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
  !
  Profile of crypto ipsec SDM_Profile1
  game of transformation-ESP-3DES-SHA
  isakmp-profile sdm-ike-profile-1 game
  !
  !
  Crypto ctcp port 10000
  !
  !
  !
  !
  !
  !
  interface GigabitEthernet0/0
  Description of connection WAN to Unifi BTU
  no ip address
  no ip-cache cef route
  no ip route cache
  automatic duplex
  automatic speed
  No mop enabled
  !
  interface GigabitEthernet0/0.500
  encapsulation dot1Q 500
  no ip route cache
  PPPoE enable global group
  PPPoE-client dial-pool-number 1
  !
  interface GigabitEthernet0/1
  internal network LAN Description
  IP 192.168.88.254 255.255.255.0
  IP access-group UDP/TCP in
  IP nat inside
  IP virtual-reassembly
  no ip-cache cef route
  no ip route cache
  automatic duplex
  automatic speed
  !
  ATM0/0/0 interface
  no ip address
  Shutdown
  ATM 300 restart timer
  No atm ilmi-keepalive
  !
  interface Serial0/1/0
  no ip address
  Shutdown
  2000000 clock frequency
  !
  interface Serial0/1/1
  no ip address
  Shutdown
  2000000 clock frequency
  !
  type of interface virtual-Template1 tunnel
  11 description
  Dialer1 IP unnumbered
  ipv4 ipsec tunnel mode
  Tunnel SDM_Profile1 ipsec protection profile
  !
  interface Dialer1
  the negotiated IP address
  IP mtu 1480
  NAT outside IP
  IP virtual-reassembly
  encapsulation ppp
  Dialer pool 1
  Dialer idle-timeout 0
  persistent Dialer
  Dialer-Group 1
  PPP authentication chap callin pap
  PPP chap hostname [email protected] / * /
  password PPP chap 7 15381
  PPP pap sent-username [email protected] / * / 132F0 password 7
  !
  local IP SDM_POOL_1 192.168.88.130 pool 192.168.88.141
  default IP gateway - 192.168.88.254
  IP forward-Protocol ND
  IP route 0.0.0.0 0.0.0.0 Dialer1
  IP http server
  local IP http authentication
  IP http secure server
  !
  !
  overload of IP nat inside source list Internet_List interface Dialer1
  IP nat inside source static tcp 192.168.88.89 8001 interface 3389 Dialer1
  IP nat inside source static udp 192.168.88.89 8001 interface 3389 Dialer1
  IP nat inside interface 80 static udp 192.168.88.102 source Dialer1 5555
  IP nat inside source static tcp 192.168.88.102 80 5555 Dialer1 interface
  IP nat inside source static tcp 192.168.88.90 80 Dialer1 8080 interface
  IP nat inside interface 80 static udp 192.168.88.90 source Dialer1 8080
  IP nat inside source static tcp 192.168.88.101 interface 8888-8888 Dialer1
  IP nat inside source static udp 192.168.88.101 interface 8888-8888 Dialer1
  IP nat inside source static tcp 192.168.88.101 80 Dialer1 7777 interface
  IP nat inside interface 80 static udp 192.168.88.101 7777 Dialer1 source
  !
  Internet_List extended IP access list
  IP 192.168.88.0 allow 0.0.0.255 any
  !
  Access-list 100 = 4 SDM_ACL category note
  access-list 100 permit ip 192.168.88.0 0.0.0.255 any
  Dialer-list 1 ip protocol allow
  !
  !
  !
  !
  !
  !
  control plan
  !
  !
  !
  !
  !
  !
  !
  !
  !
  Banner motd ^ CC
  #####################################################################
  #                            WARNING!!!                             #
  # This system is for the use of only authorized customers.        #
  # Who is using the computer network system without #.
  authorization of #, or their permission, are #.
  # subject to having their activities on this computer.
  # Network monitored and recorded by system #.
  staff of #. To protect the computer network system of #.
  # unauthorized use and to ensure that computer network systems #.
  # does not work properly, system administrators monitor this #.
  system of #. Anyone using this computer system #.
  # consents to such monitoring and is expressly informed that #.
  # If this control reveals possible criminal conduct.
  activity #, the system can provide evidence of #.
  # This activity to police officers.              #
  #                                                                   #
  # Access is limited to authorized users only.           #
  # Unauthorized access is a violation of # State and federal.
  # civil and criminal.                       #
  #####################################################################^C
  !
  Line con 0
  line to 0
  line vty 0 4
  privilege level 15
  password 7
  transport input telnet ssh
  exit telnet ssh transport
  !
  Scheduler allocate 20000 1000
  NTP-Calendar Update
  end

  Hello

  try changing the size of the "ip mtu" on your Dialer interface to 1492, and/or the 'ip tcp adjust-mss' on your GigabitEthernet interfaces to 1452 and see if that makes a difference.

• Cisco 871 routing problem

  Hello.

  I have a Cisco 871 router with this network diagram

  10.218.10.117 host - 10.218.10.118 4 | CISCO 871 | 172.18.122.5-FE0 - 172.18.122.6 host

  I want the 172.18.122.6 host can do ping to the 10.218.10.117 host at the other end of the router, but its does not work, what is the problem with this config? could someone give me a hand?

  With the help of 1222 off 131072 bytes

  !

  version 12.4

  no service button

  horodateurs service debug datetime msec

  Log service timestamps datetime msec

  no password encryption service

  !

  hostname ALCALÁ-CNT-UIO

  !

  boot-start-marker

  boot-end-marker

  !

  enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

  activate the password XXXXXXXXXXXXXXX

  !

  No aaa new-model

  !

  resources policy

  !

  IP subnet zero

  IP cef

  !

  !

  !

  !

  !

  !

  interface FastEthernet0

  !

  interface FastEthernet1

  !

  interface FastEthernet2

  !

  interface FastEthernet3

  !

  interface FastEthernet4

  IP 10.218.10.118 255.255.255.252

  automatic speed

  full-duplex

  !

  interface Vlan1

  IP 172.18.122.5 255.255.255.0

  !

  router RIP

  redistribute connected

  10.0.0.0 network

  network 172.18.0.0

  !

  IP classless

  !

  !

  no ip address of the http server

  no ip http secure server

  !

  Dialer-list 1 ip protocol allow

  !

  !

  control plan

  !

  !

  Line con 0

  no activation of the modem

  line to 0

  line vty 0 4

  password XXXXXXXXXXXX

  opening of session

  !

  max-task-time 5000 Planner

  end

  Better compliance

  The f

  Jeff,

  Each host can ping their side? You have default gateways configured on the hosts?

  HTH,
  John

  Please note all useful messages *.

• Replaced fried DLink router with Cisco Valet wireless, internet connection OK but can not print on Canon MX860 printer?

  As in the title, power storm seems to have fried the step-down transformer and router DLink.  Replaced this morning and only took a few minutes to operate wireless router Cisco Valet for wire hard PC and wireless laptops.

  However, it seems that my Canon MX860 printer is not found by the network.  It can be located by control panel of Windows Vista and I have uninstalled and reinstalled twice.  But when I try to print I get the error message "printer not found."

  Help.

  Hello

  If this is a network printer ready to reconfigure the printer to match the new router.

  If it resets in a different IP, you need to set the printer to the computer for the game too (see the manual of the printer).

  Jack-MVP Windows Networking. WWW.EZLAN.NET

• Installation easy vpn Cisco 871

  I have a Cisco 871 router sitting behind my adsl router and I have configured to accept vpn connections from clients from outside (partially configured by cli and partly by SDM).

  It works well, in that I can connect my LAN and access my network inside resources, however I can't access the web when connected via vpn.

  Is it perhaps to nat? I hope that someone can see why in my config. Thank you.

  Hi Chris,

  The only reason I understand here, customers lose their ability to achieve internet when connected by VPN is, according to the current configuration, all traffic (including the NetBIOS) runs through the tunnel. So when a package leaves the machine with a source of intellectual property (one of the private ip address of the pool set) of the client and the destination 4.2.2.2 (can be any ip on the internet), there is no translation defined for the ip address of the VPN client on the router.

  Thus, package from the computer of the customer with an address NON-Routable cannot access the internet for obivous reasons.

  To work around the problem, try this.

  access-list 5 by 192.168.1.0 0.0.0.255

  (assuming that 192.168.1.0 is that the VPN client subnet have access)

  Then,

  Crypto home isakmp client configuration group

  key xxxx

  ACL 5< binding="" the="" acl="">

  By creating the acl the binder to the configuration of the client, and 5 am Division of traffic in the tunnel. In other words, only for the 192.168.1.x subnet traffic will pass through the tunnel and rest will take the path of the LOCAL ISP.

  I hope this helps...!

  Concerning

  M.

• VPN site to Site on both ends using Cisco 871

  I would like to configure VPN Site to Site using the Cisco 871 templates at both ends, but a hard time to set it up. Can someone tell me how to do or if you know of a link that may help me set up as soon as possible?

  I can learn it, but it's time that banned me in the implementation. The other end is already configured to provide Internet access to all users.

  Tom,

  ########################################################################################

  Router 1 VPN config:

  Internal = 10.0.0.0/24
  Public = 196.1.161.65

  access-list 101 permit ip 10.0.0.0 0.0.0.255 10.193.12.0 0.0.3.255

  access-list 102 deny ip 10.0.0.0 0.0.0.255 10.193.12.0 0.0.3.255
  access-list 102 permit ip 10.0.0.0 0.0.0.255 any

  IP nat inside source list 102 in interface (check the name of the external interface) overload

  crypto ISAKMP policy 10
  3des encryption
  sha hash
  Group 2

  ISAKMP crypto key cisco123 address 196.1.161.66

  Crypto ipsec transform-set esp-3des esp-sha-hmac RIGHT

  MYmap 10 ipsec-isakmp crypto map
  defined by peer 196.1.161.66
  Set transform-set RIGHT
  match address 101

  interface (check the name of the interface inside)
  IP nat inside

  interface (check the name of the external interface)
  NAT outside IP
  crypto mymap map

  ########################################################################################

  Router 2 VPN config:

  Internal = 10.193.12.0/22
  Public = 196.1.161.66

  access-list 101 permit ip 10.193.12.0 0.0.3.255 10.0.0.0 0.0.0.255

  access-list 102 deny ip 10.193.12.0 0.0.3.255 10.0.0.0 0.0.0.255
  access-list 102 permit ip 10.193.12.0 0.0.3.255 all

  IP nat inside source list 102 in the fast4 interface overload

  crypto ISAKMP policy 10
  3des encryption
  sha hash
  Group 2

  ISAKMP crypto key cisco123 address 196.1.161.65

  Crypto ipsec transform-set esp-3des esp-sha-hmac RIGHT

  MYmap 10 ipsec-isakmp crypto map
  defined by peer 196.1.161.65
  Set transform-set RIGHT
  match address 101

  interface vlan1
  IP nat inside

  fast4 interface
  NAT outside IP
  crypto mymap map

  ########################################################################################

  The above is an example of configuration.
  It is always recommended to change the pre shared key to something else.

  Federico.

• VPN router Cisco 2611XM VPN client

  I have 2611XM router on a Central site with two FastEthernet interfaces? XA; (FastEthernet0/0 and FastEtherne0/1). FE0/0 has private ip address?xa;192.168.1.1/24 and it connects on LAN 192.168.1.0/24. FE0/1A public? XA; address x.x.x.x/30 and his connects to Internet. There on this NAT router? XA; with overload. ? XA; This router is to give customers remote access with Cisco VPN client on? XA; Internet to the LAN and at the same time, the users local access to the Internet. ? XA; I did a config that establish the tunnel between the clients and the router but? XA; I can't ping all devices on the local network. ? XA; The router must also give remote access and LAN in the scenarios from site to site? XA;

  I can establish the tunnel between my PC and the router via a dial-up Internet connection. But when the tunnel is established that except my public IP address of the router, I can't ping any public IP address. I can ping all other customers who owns the ip address of the pool for customers.

  Addition of the sheep route map should not make you lose the connection to the router.

  Are the commands that you will need to put in

  access-list 101 deny ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255

  access-list 101 permit ip 192.168.1.0 0.0.0.255 any

  sheep allowed 10 route map

  corresponds to the IP 101

  You need to delete translations of nat or remove commands 'ip nat outside' and 'ip nat inside' temporarily while you are taking the following off the coast

  no nat ip inside the source list 7 pool internet overload

  and add the command

  IP nat inside source map route sheep pool internet overload

  Make sure that you reapply the "nat inside ip' and ' ip nat outside of ' orders return of your internal users will not be able to go to the internet.

  You can search this config in the link that sent Glenn-

  http://www.Cisco.com/warp/public/707/ios_D.html

  I pasted the lines that you should look into setting up the example below

  ! - Except the private network and the VPN Client from the NAT process traffic.

  access-list 110 deny ip 192.168.100.0 0.0.0.255 192.168.200.0 0.0.0.255

  access-list 110 deny ip 192.168.100.0 0.0.0.255 192.168.1.0 0.0.0.255

  access-list 110 permit ip 192.168.100.0 0.0.0.255 any

  ! - Except the private network and the VPN Client from the NAT process traffic.

  sheep allowed 10 route map

  corresponds to the IP 110

  -Except the private network and the VPN Client from the NAT process traffic.

  IP nat inside source map route sheep interface FastEthernet0/0 overload

  Thank you

  Ranjana

• Troubleshoot the bad connection with router (WRT350N) and Point (WAP4400N) wireless access

  Hi all

  I have a problem and will apprecaite all the help I can get. I think I will find an answer here.

  I have a small network, Linksys WRT350N (wireless router) attached to a modem and then connected to a desktop computer and with 3 wireless laptops connected to the router. All 3 are really great to work and access the internet very well.

  Currently, I have the need to expand the network to 3 floors, so I bought 3 Points of access wireless of Linksys (WAP4400N).

  I ran 3 cables CAT5e cable from the router and which ends individually all 3 floors, the top floor is less than the router 40meters. With the cables that came in their boxes, I connected the APs to the router and I have correctly set up the 3 Access Points with them attached to the router, all 3 works perfectly (I can access wireless internet via 3-point). However when I take the points of access to the upper floors and connect cables cat5e APs no longer work but connect after some time with the message "limited connectivity".

  Why can I connect when the APs are connected to the ground floor via a short cable that came in the box and not when it is connected to put cables from the ground floor to the upper floors but rather make the "LIMITED SERVICE" message and cannot connect to the internet.

  Also if I connect the cat5e cables directly to a laptop computer on all the floors, I can connect to the internet (the work of cables fine when connected directly to a laptop computer), but when it is connected to the connection of the APs has failed and I begin to see strange IP addresses from the APs.

  Oh, one more piece of important information: when I connect cables CAT5e cable on all floors direct to a laptop I can connect to the internet (the work of cables very well when it is connected directly to a laptop) but when connected to the failed to connect APs and I begin to see strange IP addresses from the APs.

  HEPL!

  I think I have the forum a status report on my post. As I mentioned in my last post, the problem has been as a result of lower cable at my provider. The network is running smoothly. Has been in place since last week when I replaced the lower quality cat5e cable cat5e cable.

  A Board here please be careful and make sure you complete the cable. A bad end can lead to connection problems I discovered in this case when my team confidence terminated cable incorrectly.

  Network up to & operational: Linksys WRT350N router without wire + 3 Linksys Wireless Access Points WAP4400N + Modem providing access to (1 computer (cable), 6 workstations (wireless), & 5 laptops (wireless).) Network to grow shortly.

  Thanks to everyone who helped make this project a reality.

• WRT54GS Wireless Router recently started disconnecting Internet connection after 9 months

  Hello, I have read some and see that it is a problem common but of are to be decided.

  I have a Lynksys WRT54GS with the latest Firmware update v7.2 27 July 2009 (FW_WRT54GSv7.2_7.2.07.013_EN_20090727)

  I ran 2 desktop computers as well as my DVR security by the security cameras for remote monitoring, also portable hook upward wireless sometimes as well without any problem using this router for over 9 months now with no problems until the last few days... I never log out and leave it on 24/7 for 9 months without problem and now recently I had to pull on the power cord from the back of the router and reconnect it to re power on the router to establish an internet connection.

  Now the last 3 days the router loses its internet connection each monutes a few... hours... the time it disconnects are random moments and I have the programs I need to run all day but can't because the router loses its connections...

  I applied the firmware again... re factory - configure the router... rebooted the computer... tried cloning the MAC address... all seem to be doing nothing... the same problem still exists.

  All of the minutes or hours so it disconnects the interent.

  I ran the office computer directly to the DSL Modem and I'm online very well with a desktop computer without disconnections for hours and hours (18hrs to date is not a problem), so I know this isn't the access provider. I had this problem I believe before with a previous Lynksys router and then bought it and now after this short period it seems to do the same thing again with this one. What a pain in the but.

  All solutions and more...

  Re application firmware... then

  factory re set the router... then

  re - connect computers as if it were a new router... the MAC address cloning? Geezus... it must be one simple solution other then buy another brand router.

  Thanks in advance...

  What is the IP address, find the modem directly...? Connect the computer directly to the modem and check the ip address? What is the ip address, you get the router...?

  Try the following settings on the router and check the connection...

  -Change the channel to 11-2 wireless, 462 GHz

  -Under the Advance wireless settings tab, change the tag at 50, Fragmentation threshold to 2304, interval RTS threshold to 2304

• WRT54G VG/wusb54g V4 no internet no access

  WRT54G VG/wusb54g V4 no internet no access

  Everything worked fine last night and then collapsed. Reset, Hard Reset, called the cable operator. Can directly get Internet when pulgged in. Can connect to my network but the router now as everything, but I can't get online via the router.

  Manager hardware says that the apadter is very good...

  Any ideas?

  Upgade frimware I guess it's more of a replacement for the fixed... Yes!

• Help to configure the router Cisco 1941

  Help!

  I just bought a router cisco 1941, I understand, it came with the Cisco CP, but I don't know how get you to the part where I can use it.

  Also, how can I connect to the router directly without using the HyperTerminal console, all I want to be able to do is configure the address IP of the ISP and my IP address so I can use it for surfing the internet.

  Help, please.

  Hello

  Thanks for the screenshots and show the output! You will need a few lines of command for CCP to work:

  Configure the terminal

  username username privilege 15 secret PASSWORD

  IP http server

  local IP authentication

  Sent by Cisco Support technique iPad App

• Router Cisco 1941 - crypto isakmp policy command missing - IPSEC VPN

  Hi all

  I was looking around and I can't find the command 'crypto isakmp policy' on this router Cisco 1941.  I wanted to just a regular Lan IPSEC to surprise and Lan installation tunnel, the command isn't here.  Have I not IOS bad? I thought that a picture of K9 would do the trick.

  Any suggestions are appreciated

  That's what I get:

  Router (config) #crypto?
  CA Certification Authority
  main activities key long-term
  public key PKI components

  SEE THE WORM

  Cisco IOS software, software C1900 (C1900-UNIVERSALK9-M), Version 15.0 (1) M2, VERSION of the SOFTWARE (fc2)
  Technical support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2010 by Cisco Systems, Inc.
  Updated Thursday, March 10, 10 22:27 by prod_rel_team

  ROM: System Bootstrap, Version 15.0 M6 (1r), RELEASE SOFTWARE (fc1)

  The availability of router is 52 minutes
  System returned to ROM by reload at 02:43:40 UTC Thursday, April 21, 2011
  System image file is "flash0:c1900 - universalk9-mz.» Spa. 150 - 1.M2.bin.
  Last reload type: normal charging
  Reload last reason: reload command

  This product contains cryptographic features...

  Cisco CISCO1941/K9 (revision 1.0) with 487424K / 36864K bytes of memory.
  Card processor ID FTX142281F4
  2 gigabit Ethernet interfaces
  2 interfaces Serial (sync/async)
  Configuration of DRAM is 64 bits wide with disabled parity.
  255K bytes of non-volatile configuration memory.
  254464K bytes of system CompactFlash ATA 0 (read/write)

  License info:

  License IDU:

  -------------------------------------------------
  Device SN # PID
  -------------------------------------------------
  * 0 FTX142281F4 CISCO1941/K9

  Technology for the Module package license information: "c1900".

  ----------------------------------------------------------------
  Technology-technology-package technology
  Course Type next reboot
  -----------------------------------------------------------------
  IPBase ipbasek9 ipbasek9 Permanent
  security, none none none
  given none none none

  Configuration register is 0 x 2102

  You need get the license of security feature to configure the IPSec VPN.

  Currently, you have 'none' for the security feature:

  ----------------------------------------------------------------
  Technology-technology-package technology
  Course Type next reboot
  -----------------------------------------------------------------
  IPBase ipbasek9 ipbasek9 Permanent
  security, none none none
  given none none none

  Here is the information about the licenses on router 1900 series:

  http://www.Cisco.com/en/us/partner/docs/routers/access/1900/hardware/installation/guide/Software_Licenses.html