Announcement

Collapse
No announcement yet.

Problems with Cisco 857W with VPN tunnel

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problems with Cisco 857W with VPN tunnel

    Hello.
    I need some help to configure a Cisco 857W. At this point i don't know what to do more to fix this problem.
    My router, when is booting, i see in the console (Hyperterminal) at the end of the boot, two messages:

    %NAT: Error activating CNBAR on the interface BVI1
    %NAT: Error activating CNBAR on the interface Dialer0

    After that, i can get a ip address with wire and wireless, so i can access the server over the LAN.
    But i can't access the internet and to the VPN, i think everything is ok, but it is clearly that it is not.
    Hear is my configuration, any help i will appreciate.

    My network is this:
    1 Server with DHCP, DNS w/ IP 192.168.43.2
    Router Cisco 857W IP 192.168.43.1
    ISP IP Static


    !
    version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug uptime
    service timestamps log uptime
    service password-encryption
    service sequence-numbers
    no service dhcp
    !
    hostname Router
    !
    logging buffered 51200 debugging
    logging console critical
    enable secret 5 MY_PASSWORD_ROUTER
    !
    clock timezone PCTime 0
    clock summer-time PCTime recurring 1 Sun Oct 2:00 3 Sun Mar 3:00
    !
    !
    ip domain-name MYDOMAIN
    ip name-server DNS ISP
    ip name-server DNS ISP
    ip name-server 192.168.43.2
    !
    !
    ip tcp selective-ack
    ip tcp timestamp
    no ip bootp server
    no ip domain lookup
    !
    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    !
    crypto isakmp key MY_KEY address MY_PUBLIC_ADDRESS no-xauth
    !
    crypto ipsec transform-set tr-null-sha esp-null esp-sha-hmac
    crypto ipsec transform-set tr-des-md5 esp-des esp-md5-hmac
    crypto ipsec transform-set tr-3des-md5 esp-3des esp-md5-hmac
    crypto ipsec transform-set tr-3des-sha esp-3des esp-sha-hmac
    crypto ipsec transform-set tr-aes-sha esp-aes esp-sha-hmac
    !
    crypto map cm-cryptomap 110 ipsec-isakmp
    set peer MY_PUBLIC_ADDRESS
    set transform-set tr-3des-md5
    match address 110
    !
    !
    bridge irb
    !
    !
    interface Dot11Radio0
    no ip address
    !
    encryption mode ciphers tkip
    !
    ssid MY_SSID
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii MY_WIRELESS_KEY
    !
    speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
    no cdp enable
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 spanning-disabled
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    !
    interface Vlan1
    no ip address
    bridge-group 1
    bridge-group 1 spanning-disabled
    !
    interface bvi1
    ip address 192.168.43.1 255.255.255.0
    ip access-group 102 in
    ip nat inside
    no ip directed-broadcast
    exit
    !
    interface ATM0
    no ip address
    no atm ilmi-keepalive
    dsl operating-mode auto
    !
    interface ATM0.1 point-to-point
    description $ES_WAN$
    no snmp trap link-status
    pvc 0/35
    pppoe-client dial-pool-number 1
    !
    exit
    !
    interface Dialer0
    ip address MY_STATIC_IP_ADDRESS_ISP 255.255.255.0
    ip access-group 101 in
    no ip redirects
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication pap callin
    ppp pap sent-username MY_USER password 0 MY_PASSWORD
    !
    ip nat inside source list 1 interface Dialer0 overload
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer0
    no ip http server
    !
    !
    line vty 0 4
    access-class 2 in
    exit
    !
    access-list 1 remark The local LAN.
    access-list 1 permit 192.168.43.0 0.0.0.255
    !
    access-list 2 remark Where management can be done from.
    access-list 2 permit 192.168.43.0 0.0.0.255
    !
    access-list 3 remark Traffic not to check for intrustion detection.
    access-list 3 deny 192.168.40.0 0.0.0.255
    access-list 3 permit any
    !
    access-list 101 remark Traffic allowed to enter the router from the Internet
    access-list 101 permit ip 192.168.40.0 0.0.0.255 192.168.43.0 0.0.0.255
    access-list 101 permit ip 192.168.0.0 0.0.255.255 any
    access-list 101 permit udp any any eq 4500
    access-list 101 permit udp any any eq isakmp
    access-list 101 permit esp any any
    access-list 101 permit tcp any any eq 1723
    access-list 101 permit gre any any
    access-list 101 deny icmp any any echo
    access-list 101 deny ip any any log
    !
    access-list 102 remark Traffic allowed to enter the router from the Ethernet
    access-list 102 permit ip any host 192.168.43.1
    access-list 102 permit ip 192.168.43.0 0.0.0.255 192.168.40.0 0.0.0.255
    access-list 102 deny ip any 0.0.0.0 0.255.255.255 log
    access-list 102 permit ip 192.168.43.0 0.0.0.255 any
    access-list 102 permit ip any host 255.255.255.255
    access-list 102 deny ip any any log
    !
    access-list 110 remark Site to Site VPN
    access-list 110 permit ip 192.168.43.0 0.0.0.255 192.168.40.0 0.0.0.255
    access-list 110 permit ip 192.168.43.0 0.0.0.255 any
    !
    bridge 1 route ip
    dialer-list 1 protocol ip permit
    !
    interface FastEthernet0
    no shutdown
    exit
    interface FastEthernet1
    no shutdown
    exit
    interface FastEthernet2
    no shutdown
    exit
    interface FastEthernet3
    no shutdown
    exit
    interface vlan1
    no shutdown
    exit
    interface ATM0
    no shutdown
    exit
    interface Dot11Radio0
    no shutdown
    exit
    interface bvi1
    no shutdown
    exit

    Once again i will appreciate some help, this is my first configuration in the cisco router and i tried everything, that i saw in the forum.

    Best regards
    Gestevam

  • #2
    Re: Problems with Cisco 857W with VPN tunnel

    Anyone coul'd help me?

    Comment


    • #3
      Re: Problems with Cisco 857W with VPN tunnel

      Well I don't know if this will help but it might
      http://www.cisco.com/univercd/cc/td/...2/pppoanat.pdf

      I came it across searching for your error and founded this source which is reffering to the above document
      http://www.telecom-gear.com/Cisco-87...e41708--12.htm


      Also your acl doesn't look correctly

      access-list 1 remark The local LAN.
      access-list 1 permit 192.168.43.0 0.0.0.255
      !

      access-list 1 remark Access from internal to any.
      access-list 1 permit 192.168.43.0 0.0.0.255 any
      !
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Re: Problems with Cisco 857W with VPN tunnel

        Hi Dumber!
        Sorry only now i reply your post, but i've been out a few days and so...
        In first place, thank you for your answer. I read it and the pdf file for NAT over PPPoA, is a part of a complete cisco file that call "Cisco 850 series and 870 series - Access Routers Software And Configuration Guide" and i tried everything that i can "translate" for my situation and it didn't work. Even your suggestion, didn't work too. I put a "any" in the end of my access list 1 (from internal to any and it mark a error in the "any" cwhen it is booting.

        At this moment i have 2 configurations:

        Config 1: I can access from any computer to the internet, on the wire cable, the wireless doesn't work.

        Config 2: The wire and wireless works well, login on the server, etc. But i can't reach de internet.

        I tried to make a mix of the 2 configs and i can't understand waht is going worng.

        The config 1 i made it with the steps of the SDM Express, but unfornatelly like i saw in several foruns the SDM express isn't a good thing...

        The config 2 i made it over this site and i put my configurations
        http://www.ifm.net.nz/cookbooks/800-isr-wizard.html

        I will try again, step by step recreate a good router-confg file. If i can do evreything working i'll inform. Otherwise if you or anyone have a suggestion i'll accept the explanation.

        Thank you again

        GE

        Comment


        • #5
          Re: Problems with Cisco 857W with VPN tunnel

          Just one information, that i forgot to supply.
          The configuration that is in the first post, is the config 2.

          Best regards

          Comment

          Working...
          X