Jump to content

Cisco 1841


Der letzte Beitrag zu diesem Thema ist mehr als 180 Tage alt. Bitte erstelle einen neuen Beitrag zu Deiner Anfrage!

Recommended Posts

Hallo habe einen Cisco 1841 Router der sich auch mit dsl verbindet. Also der Router geht online nur die Rechner im Lan haben anscheinend keinen zugriff aufs Internet. Jedoch können sie den Router erreichen. Wo muss man was einstellen in den Acceslisten?

 

Hier die Config :

 

 

Router#sh run

Building configuration...

 

Current configuration : 2105 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

ip cef

!

!

no ip dhcp use vrf connected

!

!

no ip ips deny-action ips-interface

no ip domain lookup

vpdn enable

vpdn ip udp ignore checksum

!

vpdn-group pppoe

request-dialin

protocol pppoe

!

!

no ftp-server write-enable

!

!

!

!

!

no crypto isakmp ccm

!

!

!

interface FastEthernet0/0

description LAN-Interface

ip address 192.168.0.254 255.255.255.0

speed auto

full-duplex

!

interface FastEthernet0/1

description T-dsl

no ip address

ip mtu 1492

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

duplex auto

speed auto

pppoe enable

pppoe-client dial-pool-number 1

no cdp enable

!

interface FastEthernet0/0/0

!

interface FastEthernet0/0/1

!

interface FastEthernet0/0/2

!

interface FastEthernet0/0/3

!

interface Vlan1

no ip address

!

interface Dialer1

ip address negotiated

ip access-group outside in

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication pap chap callin

ppp chap hostname xxxxxxxxxxxxxxxxxxxxxxxxxxxxx@t-online.de

ppp chap password xxxxxxx

ppp pap sent-username xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx@t-online.de password xxxxxxx

ppp ipcp dns request

ppp ipcp wins request

!

no ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

!

ip http server

no ip http secure-server

!

ip access-list extended outside

permit tcp host 192.168.0.1 any

permit icmp host 192.168.0.1 any

permit icmp any any

permit udp any any eq isakmp

permit esp any any

!

access-list 101 permit ip 192.168.0.0 0.0.0.255 any

access-list 120 remark INTERESTING TRAFFIC FOR DIALER

access-list 120 permit ip any any

dialer-list 1 protocol ip permit

snmp-server community public RO

snmp-server enable traps tty

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

login

!

end

Link to comment

Hallo,

 

ich würde sagen da ist kein NAT eingerichtet. Es sind zwar Interfaces für ip nat inside und outside festgelegt. Aber es feht ein "ip nat inside source ...." mit

einem "ip nat pool ... overload"

Das würde zumindest erklären, warum der Router selber rauskommt, aber keine Clients dahinter.

 

 

Fu

Link to comment

Danke erstmal für deine Hilfe. So müsste es doch jetzt laufen oder?

 

config :

 

 

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

ip cef

!

!

no ip dhcp use vrf connected

!

!

no ip ips deny-action ips-interface

no ip domain lookup

vpdn enable

vpdn ip udp ignore checksum

!

vpdn-group pppoe

request-dialin

protocol pppoe

!

!

no ftp-server write-enable

!

!

!

!

!

no crypto isakmp ccm

!

!

!

interface FastEthernet0/0

description LAN-Interface

ip address 192.168.0.254 255.255.255.0

ip nat inside

ip virtual-reassembly

speed auto

full-duplex

!

interface FastEthernet0/1

description T-dsl

no ip address

ip mtu 1492

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

duplex auto

speed auto

pppoe enable

pppoe-client dial-pool-number 1

no cdp enable

!

interface FastEthernet0/0/0

!

interface FastEthernet0/0/1

!

interface FastEthernet0/0/2

!

interface FastEthernet0/0/3

!

interface Vlan1

no ip address

!

interface Dialer1

ip address negotiated

ip access-group outside in

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication pap chap callin

ppp chap hostname xxxxxxxxxxxxxxxxxxxx@t-online.de

ppp chap password xxxxxxxxxxxxxxxx

ppp pap sent-username xxxxxxxxxxxxxxxxxxxxxxxxxxxxx@t-online.de password xxxxxxx

ppp ipcp dns request

ppp ipcp wins request

!

no ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

!

ip http server

no ip http secure-server

ip nat inside source list 1 interface Dialer1 overload

!

ip access-list extended outside

permit tcp host 192.168.0.1 any

permit icmp host 192.168.0.1 any

permit icmp any any

permit udp any any eq isakmp

permit esp any any

!

access-list 101 permit ip 192.168.0.0 0.0.0.255 any

access-list 120 remark INTERESTING TRAFFIC FOR DIALER

access-list 120 permit ip any any

dialer-list 1 protocol ip permit

snmp-server community public RO

snmp-server enable traps tty

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

login

!

end

Link to comment

Ups da fehlte was ;)

 

ip http server

no ip http secure-server

ip nat inside source list 1 interface Dialer1 overload

!

ip access-list extended outside

permit tcp host 192.168.0.1 any

permit icmp host 192.168.0.1 any

permit icmp any any

permit udp any any eq isakmp

permit esp any any

!

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 1 remark IP Nat inside source list

access-list 101 permit ip 192.168.0.0 0.0.0.255 any

access-list 120 remark INTERESTING TRAFFIC FOR DIALER

access-list 120 permit ip any any

dialer-list 1 protocol ip permit

snmp-server community public RO

snmp-server enable traps tty

Link to comment

So funktioniert jetzt also ich kann von meinen Rechner einen pc im Internet anpingen aber habe irgendwie keine dns auflösung :( Was muss ich denn da noch einstellen?

 

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

ip cef

!

!

no ip dhcp use vrf connected

!

!

no ip ips deny-action ips-interface

no ip domain lookup

vpdn enable

vpdn ip udp ignore checksum

!

vpdn-group pppoe

request-dialin

protocol pppoe

!

!

no ftp-server write-enable

!

!

!

!

!

no crypto isakmp ccm

!

!

!

interface FastEthernet0/0

description LAN-Interface

ip address 192.168.0.254 255.255.255.0

ip nat inside

ip virtual-reassembly

speed auto

full-duplex

!

interface FastEthernet0/1

description T-dsl

no ip address

ip mtu 1492

ip virtual-reassembly

ip tcp adjust-mss 1452

duplex auto

speed auto

pppoe enable

pppoe-client dial-pool-number 1

no cdp enable

!

interface FastEthernet0/0/0

!

interface FastEthernet0/0/1

!

interface FastEthernet0/0/2

!

interface FastEthernet0/0/3

!

interface Vlan1

no ip address

!

interface Dialer1

ip address negotiated

ip access-group 101 in

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication pap chap callin

ppp chap hostname xxxxxxxxxxxxxxxxxxxxxxxxxxxx1@t-online.de

ppp chap password xxxxxxxxxxxxxx

ppp pap sent-username xxxxxxxxxxxxxxxxxxxxxxxxxx@t-online.de password xxxxxxxxx

ppp ipcp dns request

ppp ipcp wins request

!

no ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

!

ip http server

ip http access-class 1

no ip http secure-server

ip nat inside source list 1 interface Dialer1 overload

ip dns server

!

ip access-list extended outside

permit tcp host 192.168.0.1 any

permit icmp host 192.168.0.1 any

permit icmp any any

permit udp any any eq isakmp

permit esp any any

!

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 1 remark IP Nat inside source list

access-list 101 permit ip 192.168.0.0 0.0.0.255 any

access-list 101 remark access group 101 in

access-list 101 permit udp any any eq ntp

access-list 101 permit icmp any any echo

access-list 101 permit icmp any any echo-reply

access-list 101 permit udp any any eq domain

access-list 101 permit tcp any any eq www

access-list 101 permit tcp any any eq ftp-data

access-list 101 permit tcp any any eq ftp

access-list 101 permit tcp any any eq smtp

access-list 101 permit tcp any any eq pop3

access-list 101 permit tcp any any eq 443

access-list 120 remark INTERESTING TRAFFIC FOR DIALER

access-list 120 permit ip any any

dialer-list 1 protocol ip permit

snmp-server community public RO

snmp-server enable traps tty

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

login

!

end

Link to comment

Prima.

Jepp, weiß gerade nicht ob du die lokalen Adressen per DHCP bekommst oder fest eingetragen hast. Normalerweise übermittelt dir ja dein Provider die DNS Einträge. Macht aber nur Sinn, wenn du deinen Router die per DHCP verteilen lassen willst. Sonst solltest du dir die fest auf deinem Rechner eintragen.

 

Fu

Link to comment
Der letzte Beitrag zu diesem Thema ist mehr als 180 Tage alt. Bitte erstelle einen neuen Beitrag zu Deiner Anfrage!

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...