1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cisco 837 Router configuration help needed!

Discussion in 'Routing & Switching' started by ciscofevers, Aug 21, 2007.

  1. ciscofevers

    ciscofevers New Member

    Evening all.

    Please could I have some suggestions or an example config.

    This is my setup

    client--->Checkpoint VPN edge firewall----> cisco 837 ADSL router.

    The telco has allocated a 1 static IP for connectivity and a range of public IP's to assign to the hardware interfaces.


    client--------> Checkpoint VPN edge firewall----------------> cisco 837 ADSL router------->Internet>>Public IP(81.x.x.x/27)--->Public IP(81.x.x.x/27-------->static IP for connectivity)

    I am trying to setup a BOVPN (site to site vpn) using the checkpoint vpn edge firewall, however I seem to be having issues with the cisco config.

    I have easily setup a standard ADSL connection with another router using a NATed config so the ADSL is not a problem, its just I am not having any success with the above topology.

    Does the cisco router need to be setup as a bridge? It could that I am getting the ACL's wrong.

    I have issued debug PPP authentication, I can see that authentication is successfull. I have tried to ping directly from the router to the ISP's DNS servers but no good. When I perform a traceroute from the client to the internet, I see the NAT translation but when it get to the public IP on the eth 0 I get "destination unreachable"

    I can ping from the router to the Public IP on the outside interface of the checkpoint.

    Is it right to say that having NAT on the checkpoint and on the router would just complicate things? So what should I do to keep it simple?

    I would appreciate any help.


  2. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    Just a suggestion, can you bridge the ADSL router onto the WAN port of Checkpoint firewall, only have NAT on the Checkpoint.

    If you dont want to bridge the interfaces you should be able to configure this with the range of public IPs you have. 8)
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010


    This sounds like possibly a routing issue on the 837.

    The layer 2 negotiation via PPP is obviously working and the dialer interface is in an up/up state with the static address assigned I take it?

    Are you sure you have a default route configured out to the internet. Check your routing table to make sure the route is there.

    If it isn't you need to add the following line into your config -

    ip route Dialer1 (or whatever dialer interface you are using)

    You will also need to ensure the router and firewall are accepting ISAKMP, UDP 10000 and ESP as inbound protocols from your IPSec peer.

    I don't understand why you have a public ip address configured between your router and firewall. You only need one public interface and that is the one that faces the internet on the 837.


Share This Page