Ciscler 10 Posted April 14, 2006 Report Share Posted April 14, 2006 Hallo habe einen Cisco 1841 Router der sich auch mit dsl verbindet. Also der Router geht online nur die Rechner im Lan haben anscheinend keinen zugriff aufs Internet. Jedoch können sie den Router erreichen. Wo muss man was einstellen in den Acceslisten? Hier die Config : Router#sh run Building configuration... Current configuration : 2105 bytes ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface no ip domain lookup vpdn enable vpdn ip udp ignore checksum ! vpdn-group pppoe request-dialin protocol pppoe ! ! no ftp-server write-enable ! ! ! ! ! no crypto isakmp ccm ! ! ! interface FastEthernet0/0 description LAN-Interface ip address 192.168.0.254 255.255.255.0 speed auto full-duplex ! interface FastEthernet0/1 description T-dsl no ip address ip mtu 1492 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 duplex auto speed auto pppoe enable pppoe-client dial-pool-number 1 no cdp enable ! interface FastEthernet0/0/0 ! interface FastEthernet0/0/1 ! interface FastEthernet0/0/2 ! interface FastEthernet0/0/3 ! interface Vlan1 no ip address ! interface Dialer1 ip address negotiated ip access-group outside in ip mtu 1492 ip nat outside ip virtual-reassembly encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 no cdp enable ppp authentication pap chap callin ppp chap hostname xxxxxxxxxxxxxxxxxxxxxxxxxxxxx@t-online.de ppp chap password xxxxxxx ppp pap sent-username xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@t-online.de password xxxxxxx ppp ipcp dns request ppp ipcp wins request ! no ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 ! ip http server no ip http secure-server ! ip access-list extended outside permit tcp host 192.168.0.1 any permit icmp host 192.168.0.1 any permit icmp any any permit udp any any eq isakmp permit esp any any ! access-list 101 permit ip 192.168.0.0 0.0.0.255 any access-list 120 remark INTERESTING TRAFFIC FOR DIALER access-list 120 permit ip any any dialer-list 1 protocol ip permit snmp-server community public RO snmp-server enable traps tty ! ! control-plane ! ! line con 0 line aux 0 line vty 0 4 login ! end Quote Link to comment
fu123 10 Posted April 14, 2006 Report Share Posted April 14, 2006 Hallo, ich würde sagen da ist kein NAT eingerichtet. Es sind zwar Interfaces für ip nat inside und outside festgelegt. Aber es feht ein "ip nat inside source ...." mit einem "ip nat pool ... overload" Das würde zumindest erklären, warum der Router selber rauskommt, aber keine Clients dahinter. Fu Quote Link to comment
Ciscler 10 Posted April 14, 2006 Author Report Share Posted April 14, 2006 Achso danke erstmal aber wie heißen die befehle genau um Nat einzurichten? Quote Link to comment
Ciscler 10 Posted April 14, 2006 Author Report Share Posted April 14, 2006 Hat vielleicht wer ein config beispiel ? Quote Link to comment
fu123 10 Posted April 15, 2006 Report Share Posted April 15, 2006 Hallo, Schau mal hier: Cisco 1841 Fu Quote Link to comment
Ciscler 10 Posted April 15, 2006 Author Report Share Posted April 15, 2006 Danke erstmal für deine Hilfe. So müsste es doch jetzt laufen oder? config : version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface no ip domain lookup vpdn enable vpdn ip udp ignore checksum ! vpdn-group pppoe request-dialin protocol pppoe ! ! no ftp-server write-enable ! ! ! ! ! no crypto isakmp ccm ! ! ! interface FastEthernet0/0 description LAN-Interface ip address 192.168.0.254 255.255.255.0 ip nat inside ip virtual-reassembly speed auto full-duplex ! interface FastEthernet0/1 description T-dsl no ip address ip mtu 1492 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 duplex auto speed auto pppoe enable pppoe-client dial-pool-number 1 no cdp enable ! interface FastEthernet0/0/0 ! interface FastEthernet0/0/1 ! interface FastEthernet0/0/2 ! interface FastEthernet0/0/3 ! interface Vlan1 no ip address ! interface Dialer1 ip address negotiated ip access-group outside in ip mtu 1492 ip nat outside ip virtual-reassembly encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 no cdp enable ppp authentication pap chap callin ppp chap hostname xxxxxxxxxxxxxxxxxxxx@t-online.de ppp chap password xxxxxxxxxxxxxxxx ppp pap sent-username xxxxxxxxxxxxxxxxxxxxxxxxxxxxx@t-online.de password xxxxxxx ppp ipcp dns request ppp ipcp wins request ! no ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 ! ip http server no ip http secure-server ip nat inside source list 1 interface Dialer1 overload ! ip access-list extended outside permit tcp host 192.168.0.1 any permit icmp host 192.168.0.1 any permit icmp any any permit udp any any eq isakmp permit esp any any ! access-list 101 permit ip 192.168.0.0 0.0.0.255 any access-list 120 remark INTERESTING TRAFFIC FOR DIALER access-list 120 permit ip any any dialer-list 1 protocol ip permit snmp-server community public RO snmp-server enable traps tty ! ! control-plane ! ! line con 0 line aux 0 line vty 0 4 login ! end Quote Link to comment
Ciscler 10 Posted April 15, 2006 Author Report Share Posted April 15, 2006 Ups da fehlte was ;) ip http server no ip http secure-server ip nat inside source list 1 interface Dialer1 overload ! ip access-list extended outside permit tcp host 192.168.0.1 any permit icmp host 192.168.0.1 any permit icmp any any permit udp any any eq isakmp permit esp any any ! access-list 1 permit 192.168.0.0 0.0.0.255 access-list 1 remark IP Nat inside source list access-list 101 permit ip 192.168.0.0 0.0.0.255 any access-list 120 remark INTERESTING TRAFFIC FOR DIALER access-list 120 permit ip any any dialer-list 1 protocol ip permit snmp-server community public RO snmp-server enable traps tty Quote Link to comment
Ciscler 10 Posted April 15, 2006 Author Report Share Posted April 15, 2006 So funktioniert jetzt also ich kann von meinen Rechner einen pc im Internet anpingen aber habe irgendwie keine dns auflösung :( Was muss ich denn da noch einstellen? version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! mmi polling-interval 60 no mmi auto-configure no mmi pvc mmi snmp-timeout 180 ip subnet-zero ip cef ! ! no ip dhcp use vrf connected ! ! no ip ips deny-action ips-interface no ip domain lookup vpdn enable vpdn ip udp ignore checksum ! vpdn-group pppoe request-dialin protocol pppoe ! ! no ftp-server write-enable ! ! ! ! ! no crypto isakmp ccm ! ! ! interface FastEthernet0/0 description LAN-Interface ip address 192.168.0.254 255.255.255.0 ip nat inside ip virtual-reassembly speed auto full-duplex ! interface FastEthernet0/1 description T-dsl no ip address ip mtu 1492 ip virtual-reassembly ip tcp adjust-mss 1452 duplex auto speed auto pppoe enable pppoe-client dial-pool-number 1 no cdp enable ! interface FastEthernet0/0/0 ! interface FastEthernet0/0/1 ! interface FastEthernet0/0/2 ! interface FastEthernet0/0/3 ! interface Vlan1 no ip address ! interface Dialer1 ip address negotiated ip access-group 101 in ip mtu 1492 ip nat outside ip virtual-reassembly encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 no cdp enable ppp authentication pap chap callin ppp chap hostname xxxxxxxxxxxxxxxxxxxxxxxxxxxx1@t-online.de ppp chap password xxxxxxxxxxxxxx ppp pap sent-username xxxxxxxxxxxxxxxxxxxxxxxxxx@t-online.de password xxxxxxxxx ppp ipcp dns request ppp ipcp wins request ! no ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 ! ip http server ip http access-class 1 no ip http secure-server ip nat inside source list 1 interface Dialer1 overload ip dns server ! ip access-list extended outside permit tcp host 192.168.0.1 any permit icmp host 192.168.0.1 any permit icmp any any permit udp any any eq isakmp permit esp any any ! access-list 1 permit 192.168.0.0 0.0.0.255 access-list 1 remark IP Nat inside source list access-list 101 permit ip 192.168.0.0 0.0.0.255 any access-list 101 remark access group 101 in access-list 101 permit udp any any eq ntp access-list 101 permit icmp any any echo access-list 101 permit icmp any any echo-reply access-list 101 permit udp any any eq domain access-list 101 permit tcp any any eq www access-list 101 permit tcp any any eq ftp-data access-list 101 permit tcp any any eq ftp access-list 101 permit tcp any any eq smtp access-list 101 permit tcp any any eq pop3 access-list 101 permit tcp any any eq 443 access-list 120 remark INTERESTING TRAFFIC FOR DIALER access-list 120 permit ip any any dialer-list 1 protocol ip permit snmp-server community public RO snmp-server enable traps tty ! ! control-plane ! ! line con 0 line aux 0 line vty 0 4 login ! end Quote Link to comment
fu123 10 Posted April 15, 2006 Report Share Posted April 15, 2006 Ja, das sieht besser aus. Kannst es ja mal ausprobieren und bescheid sagen. Wichtig ist: ip route 0.0.0.0 0.0.0.0 Dialer1 ip nat inside source list 1 interface Dialer1 overload access-list 1 permit 192.168.0.0 0.0.0.255 => Damit ist das Netz 192.168.0.xxx abgedeckt. Fu Quote Link to comment
Ciscler 10 Posted April 15, 2006 Author Report Share Posted April 15, 2006 Hi ja funktioniert. Aber kann nicht surfen kann nicht http://www.google.de oder so anpingen da fehlt doch irgendwie die dns auflösung oder? Quote Link to comment
fu123 10 Posted April 15, 2006 Report Share Posted April 15, 2006 Prima. Jepp, weiß gerade nicht ob du die lokalen Adressen per DHCP bekommst oder fest eingetragen hast. Normalerweise übermittelt dir ja dein Provider die DNS Einträge. Macht aber nur Sinn, wenn du deinen Router die per DHCP verteilen lassen willst. Sonst solltest du dir die fest auf deinem Rechner eintragen. Fu Quote Link to comment
Ciscler 10 Posted April 15, 2006 Author Report Share Posted April 15, 2006 Also das mit der Namensauflösung lag an den Eintrag no ip domän lookup jetzt klapts aber port 80 scheint nicht frei zu sein ich kann nicht surfen ;) Wie mach ich das? Quote Link to comment
fu123 10 Posted April 15, 2006 Report Share Posted April 15, 2006 Hallo, was klappt denn jetzt? Kannst du Rechner per IP außerhalb aus deinem Netz anpingen. Ich bin mir jetzt nicht ganz sicher ob NAT tatsächlich klappt. Fu Quote Link to comment
alex555550 10 Posted April 15, 2006 Report Share Posted April 15, 2006 Hy, benutz doch den SDM für die erste config. 1. Er ist für`s erste mal besser 2. Wens leuft kannst du dir immer noch dei config anschauen 3. Nat ist mit dem SDM Gui besser einzurichten Schöne Ostern :D :D :D :D :D Quote Link to comment
Ciscler 10 Posted April 15, 2006 Author Report Share Posted April 15, 2006 Also ich kann von meinen pc aus z.b 195.202.38.129 anpingen und z.b http://www.google.de und so Ist doch dann NAT oder? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.