Help with ADSL and NAT on 877w

Discussion in 'Routing & Switching' started by k.r.o.g., Mar 12, 2011.

  1. k.r.o.g.

    k.r.o.g. Bit Poster

    17
    0
    16
    Hi Folks.

    I'm looking for a bit of help in configuring a Cisco 877w. I've been dropped in at the deep end a bit here - long story - but the basics are I need to config the 877 to work with existing ADSL.

    Question 1)
    Can anyone tell me the minimum details I need to get from the ISP in order to get the internet up and running? There is currently a Zyxel router in place and the details I have found from it are:

    Encap = PPPoA
    VCID - VPI=0
    VCI=38
    Username XXX
    Password XXX
    Static IP 123.123.123.123 + SNM

    Is this enough info to connect to the internet with the 877?

    Question 2)
    I know that there is a block of 8 (-2) ip addresses available, one of which is the static IP in the WAN config. I need to allow SMTP traffic from the internet to an Exchange box on the LAN which has a private IP. I assume this will be accomplished by using an access list (any help on this would be great) but what I dont get is that the public IP listed in external DNS (where the MX record points) is not the static address in the WAN config. I assume this will involve NAT, possibly a 1-1 mapping? I'm kinda getting out of my depth here :oops: as you will most likly have guessed so any help or pointers would be a great help.

    Cheers

    K
     
    Certifications: Bsc Hons-Comp Networking. MCP-270,291
    WIP: MCSA-284,290
  2. jonny7_2002

    jonny7_2002 Byte Poster

    191
    9
    37
    !
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname NAMEOFROUTERHERE
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 52000
    !
    no aaa new-model
    !
    !
    dot11 syslog
    ip cef
    !
    ip dhcp pool LAN
    network 192.168.1.0 255.255.255.0
    default-router 192.168.1.250
    dns-server 192.168.1.250 8.8.8.8 8.8.4.4

    !
    !
    ip name-server 8.8.8.8
    ip name-server 8.8.4.4
    !
    !
    !
    username admin privilege 15 password ENTERYOURPASSWORDHERE
    !
    !
    !
    !
    archive
    log config
    hidekeys
    !
    !
    !
    !
    !
    interface ATM0
    no ip address
    no atm ilmi-keepalive
    pvc 0/38
    description DSL_CONNECTION
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    dsl operating-mode auto
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface Vlan1
    ip address 192.168.1.250 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    !
    interface Dialer1
    description WAN_CONNECTION
    ip address 123.123.123.123 255.255.255.248
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    ppp authentication chap pap callin
    ppp chap hostname ISPUSERNAMEHERE
    ppp chap password ISPPASSWORDHERE
    ppp pap sent-username ISPUSERNAMEHERE password ISPPASSWORDHERE
    !
    ip route 0.0.0.0 0.0.0.0 Dialer1
    !
    ip http server
    ip http authentication local
    ip nat inside source route-map ALLOWNAT interface Dialer1 overload
    !
    !
    access-list 101 permit ip 192.168.1.0 0.0.0.255 any
    dialer-list 1 protocol ip permit
    !
    !
    route-map ALLOWNAT permit 1
    match ip address 101
    !
    !
    control-plane
    !
    banner motd ^C
    This is the property of WHOEVERYOUARE
    *******NO UNAUTHORISED ACCESS********
    ^C
    !
    line con 0
    logging synchronous
    login local
    no modem enable
    line aux 0
    line vty 0 4
    logging synchronous
    login local
    !
    scheduler max-task-time 5000
    end
     
    Certifications: CCNA R&S, CCNP R&S, CCDA, CCNA Voice, CCNA Wireless & CCNA Security
    WIP: CCIE V5 (when its out)
  3. jonny7_2002

    jonny7_2002 Byte Poster

    191
    9
    37
    Change the bits in red to suit your network.....
    Change the 192.168.1.x IP details to your private/internal network IP range
    Change the 123.123.123.123 255.255.255.248 to your public/external ip range (subnet should be .248 if you have a block of 8)
    Change the other self explanatory ones in red as well

    To make port 25 go to your exchange/email server use the following command:
    ip nat inside source static tcp X.X.X.X 25 7 Y.Y.Y.Y 25 extendable

    X = IP OF THE EMAIL SERVER
    Y = PUBLIC IP THAT EMAIL IS COMING IN ON..... this would be one of the 8 public IP's that you have.

    if you are not sure the just use the following line instead which will "redirect" 25 from ANY public IP you have to the mail server:
    ip nat inside source static tcp X.X.X.X 25 interface dialer 1 25

    If your MX record does not point to any of your public IP's then it may be pointing to a hosted service somewhere which THEN forwards email to your external IP, so as long as your external ip has not changed then this shouldnt need touching.


    The config above is for a 877 only, not a wireless version. The config above can be used but the wireless may not work with it even once the wireless was configured. I believe the 877w uses the BRI0 interface instead of the VLAN1 interface. if this is the case then int the config above just replace VLAN1 with BRI0 and it should work.

    Good luck and let us know how you get on!

    Cheers
    Jon
     
    Certifications: CCNA R&S, CCNP R&S, CCDA, CCNA Voice, CCNA Wireless & CCNA Security
    WIP: CCIE V5 (when its out)
  4. k.r.o.g.

    k.r.o.g. Bit Poster

    17
    0
    16
    Hey Jon.

    Thanks for your reply. Got the 877 up and running! Local users with internet access and mail going in and out. I did have a few issues which are yet unresolved but unfortunatly the reason I was putting the 877 in was to attempt to resolve an intermitant issue simmilar to what was happening after the swap.

    For the time being though, I have completed mission 1. Will be looking at VPNs next but hopefully with some time to prep etc instead of being dropped into a disaster zone!

    Thanks again for your reply.

    K
     
    Certifications: Bsc Hons-Comp Networking. MCP-270,291
    WIP: MCSA-284,290
  5. jonny7_2002

    jonny7_2002 Byte Poster

    191
    9
    37
    no problem dude, if you need help with the VPN's then let us know!

    Cheers
    Jon
     
    Certifications: CCNA R&S, CCNP R&S, CCDA, CCNA Voice, CCNA Wireless & CCNA Security
    WIP: CCIE V5 (when its out)

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.