Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Hi, New Cisco Router User

  • Filter
  • Time
  • Show
Clear All
new posts

  • Hi, New Cisco Router User

    Hi All and Hello, would like to welcome myself here.

    A few weeks ago we had some issues with our Cobalt Raq 4i which died of a hardware failure. It will be missed.

    I also had some problems with our Intertex router which has also failed about the same time.

    Following some googling around we decided to buy a Cisco 857 router, non wireless which should be ideal for our requirements.

    I have already followed some of the suggestions on here and now have a DCHP server running on Eth0 (And Vlan0) and can connect into the router. I have not had a chance to test the ADSL connection just yet but hopefully if time allows I may try that tonight from home.

    I still have some tweaks including setting up routing between the dialer and Vlan0 and some questions about the firewall with regards to my web and email server and our SIP usage from the office, but thats a few days away yet.

    I like to try to solve things on my own, but if I do get completely stuck or confused over something, I hope you guys can 'point me in the right direction', answers on a plate are no challenge at all.

    Kind Regards

  • #2
    Re: Hi, New Cisco Router User

    I've moved your thread, however your title is still not correct.
    But because I don't know what you actually want to know I can't change it for you (yet)
    Technical Consultant

    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"


    • #3
      Re: Hi, New Cisco Router User

      Hi Dumber. It was more of a first post and an introduction than anything else.
      I have the Cisco 857 running and have access to console with either Serial or SSH. DHCP is functioning and handling IP requests on the network and SDM will run from my PC (want to try to avoid that and stick with IOS).

      This is my first Cisco router, although I do have a good understanding of what I want the router to do, and how it should perform, but am only just learning the configuration with IOS.

      I think I now need some routing between the dialer and Eth0, then I will progress on to getting the ADSL side up and connected. There seems plenty of information on the UK BT ADSL settings so that should not be to much of a problem.

      With regards to the firewall, I would like to block all incoming traffic with the exception of a few port diverts (for www, SMTP, SSH etc) and return traffic where the request was origionated inside, unless you think I should do otherwise.

      We also run a Trixbox system for our phones, but all registrations are requested by the trixbox so hopefully the firewall will allow the incoming streams hence the registration requests being made from inside our lan. I suppose I could open up TCP 5060 and UDP 10000 to 20000 but this will possibly decrease the security to our box.

      Here is my config so far, if anyone has time to comment your feedback would be appreciated. This is by no means complete yet with regards to configuration but any advice would be great.
      !This is the running config of the router:
      !version 12.4
      no service pad
      service tcp-keepalives-in
      service tcp-keepalives-out
      service timestamps debug datetime msec localtime show-timezone
      service timestamps log datetime msec localtime show-timezone
      service password-encryption
      service sequence-numbers
      no service password-recovery
      hostname Router
      logging buffered 52000 debugging
      aaa new-model
      aaa authentication login default local
      aaa authorization exec default local
      aaa session-id common
      resource policy
      clock timezone PCTime 0
      clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
      no ip dhcp use vrf connected
      ip dhcp pool sdm-pool1
      import all
      ip cef
      ip tcp synwait-time 10
      no ip bootp server
      ip name-server
      ip ssh time-out 60
      ip ssh authentication-retries 2
      login on-failure
      appfw policy-name SDM_MEDIUM
      application im aol
      service default action allow alarm
      service text-chat action allow alarm
      server permit name
      server permit name
      server permit name
      crypto pki trustpoint TP-self-signed-335866244
      enrollment selfsigned
      subject-name cn=IOS-Self-Signed-Certificate-335866244
      revocation-check none
      rsakeypair TP-self-signed-335866244
      crypto pki certificate chain TP-self-signed-335866244
      certificate self-signed 01
      3082023C 308201A5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
      30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
      69666963 6174652D 33333538 36363234 34301E17 0D303830 33323731 33343432
      335A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
      532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3333 35383636
      32343430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
      C4625C25 E0584A37 12E58737 FB2CAA9B 06DA25F4 C2C9E8D6 549EB529 61703DC8
      445AE8A1 E99F33BB CB8B7F07 6F20329A 01412B75 1DB62BC9 CBB1DAAA C93380DC
      617CE06C 0918B767 1D6214E1 D4FD18E1 D919C6E9 AF846B02 DC52302F CEAD0DDD
      0D559BF4 7F201222 81AE63B1 47CE65E0 5D211F59 9E3B2D85 CC870644 E70600A5
      02030100 01A36630 64300F06 03551D13 0101FF04 05300301 01FF3011 0603551D
      11040A30 08820652 6F757465 72301F06 03551D23 04183016 8014910C B3452A39
      8037166B DBFA9F24 C915F879 5CF0301D 0603551D 0E041604 14910CB3 452A3980
      37166BDB FA9F24C9 15F8795C F0300D06 092A8648 86F70D01 01040500 03818100
      03129D35 536F7269 A7F8F645 C9945731 22AB5806 2F46D8D1 6025A738 A5B43A26
      1C708933 1739814B 44B6CC52 02B670CB ABA143FE 4FC7006C B082B664 ADE86A3C
      21FB7EE9 345A970B A3D04D34 F2AB340A 43461582 7F48E613 5B72EE32 E597B456
      B77BD483 2268D8BB 60187808 0DD64BE9 CBACF94C 89436362 EE311C93 C3A376C9
      username admin privilege 15 password 7 08364D5D01150C0317
      interface Null0
      no ip unreachables
      interface ATM0
      no ip address
      no ip redirects
      no ip unreachables
      no ip proxy-arp
      ip route-cache flow
      no atm ilmi-keepalive
      dsl operating-mode auto
      interface ATM0.1 point-to-point
      description $ES_WAN$
      no ip redirects
      no ip unreachables
      no ip proxy-arp
      no snmp trap link-status
      pvc 0/38
      encapsulation aal5mux ppp dialer
      dialer pool-member 1
      interface FastEthernet0
      interface FastEthernet1
      interface FastEthernet2
      interface FastEthernet3
      interface Vlan1
      description $FW_INSIDE$
      ip address
      no ip redirects
      no ip unreachables
      no ip proxy-arp
      ip nat inside
      ip virtual-reassembly
      ip route-cache flow
      interface Dialer0
      description $FW_OUTSIDE$
      ip address negotiated
      ip access-group 100 in
      no ip redirects
      no ip unreachables
      no ip proxy-arp
      ip nat outside
      ip virtual-reassembly
      encapsulation ppp
      ip route-cache flow
      dialer pool 1
      dialer-group 1
      no cdp enable
      ppp authentication chap callin
      ppp chap hostname [email protected]
      ppp chap password 7 13041301071C05393833272131
      ip http server
      ip http authentication local
      ip http secure-server
      ip http timeout-policy idle 120 life 86400 requests 1000
      ip nat inside source list 100 interface Dialer0 overload
      logging trap debugging
      access-list 100 remark SDM_ACL Category=2
      access-list 100 permit ip any
      access-list 100 deny icmp any any echo
      access-list 100 permit ip any any
      access-list 101 remark VTY Access-class list
      access-list 101 remark SDM_ACL Category=1
      access-list 101 permit ip any
      access-list 101 deny ip any any
      access-list 102 remark auto generated by SDM firewall configuration
      access-list 102 remark SDM_ACL Category=1
      access-list 102 deny ip host any
      access-list 102 deny ip any
      access-list 102 permit ip any any
      access-list 103 remark auto generated by SDM firewall configuration
      access-list 103 remark SDM_ACL Category=1
      access-list 103 deny ip any
      access-list 103 permit icmp any any echo-reply
      access-list 103 permit icmp any any time-exceeded
      access-list 103 permit icmp any any unreachable
      access-list 103 deny ip any
      access-list 103 deny ip any
      access-list 103 deny ip any
      access-list 103 deny ip any
      access-list 103 deny ip host any
      access-list 103 deny ip host any
      access-list 103 deny ip any any log
      no cdp run
      banner login ^CCAuthorized access only!
      Disconnect IMMEDIATELY if you are not an authorized user!
      line con 0
      no modem enable
      line aux 0
      transport output telnet
      line vty 0 4
      access-class 101 in
      transport input telnet ssh
      scheduler max-task-time 5000
      scheduler allocate 4000 1000
      scheduler interval 500

      Many thanks
      Last edited by flamer; 5th September 2009, 21:36. Reason: (Listed wrong config file)