Cisco 867VAE – Troubleshooting Routing Issues

ciscocisco-ios

I have got a new Cisco 867vae and connected to ADSL 2+. The connection is working well, I just dont seem to have the routing right.

From the router I can Ping 8.8.8.8 but from the computer I can only ping the router not anything outside.

What I want is everything that is not internal to go out the Dialer1 interface.

This is the configuration

Building configuration...

Current configuration : 5743 bytes
!
! Last configuration change at 03:05:21 UTC Tue May 19 2015 by admin
!
version 15.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
wan mode dsl
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool DHCP-Pool
 import all
 network 10.10.10.0 255.255.255.0
 default-router 10.10.10.1 
 dns-server 10.10.10.1 8.8.8.8 
!
!
ip domain name yourdomain.com
ip name-server 8.8.8.8
ip cef
no ipv6 cef
!
!
controller VDSL 0
 operating mode adsl2+ 
no cdp run
!
! 
interface ATM0
 no ip address
 no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
 description PrimaryWANDesc_ADSL
 pvc 8/35 
  pppoe-client dial-pool-number 1
 !
!
interface Ethernet0
 no ip address
 shutdown
!
interface FastEthernet0
 no ip address
!
interface FastEthernet1
 no ip address
!
interface FastEthernet2
 no ip address
!
interface FastEthernet3
 no ip address
!
interface GigabitEthernet0
 no ip address
!
interface GigabitEthernet1
 no ip address
 ip tcp adjust-mss 1412
 shutdown
 duplex auto
 speed auto
!
interface Vlan1
 description $ETH_LAN$
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1412
!
interface Dialer1
 ip address negotiated
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname *****
 ppp chap password 0 *****
 ppp pap sent-username ***** password 0 *****
 ppp ipcp dns request
 no cdp enable
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list nat-list interface Dialer1 overload
ip route 10.10.10.0 255.255.255.0 Dialer1
!
dialer-list 1 protocol ip permit
!
access-list 23 permit 10.10.10.0 0.0.0.7
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device 
and it provides the default username "cisco" for  one-time use. If you have 
already used the username "cisco" to login to the router and your IOS image 
supports the "one-time" user option, then this username has already expired. 
You will not be able to login to the router with this username after you exit 
this session.

It is strongly suggested that you create a new username with a privilege level 
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you 
want to use.

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device. 
This feature requires the one-time use of the username "cisco" with the 
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE  
PUBLICLY-KNOWN CREDENTIALS

Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want 
to use. 

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL 
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the 
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp 
-----------------------------------------------------------------------
^C
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 60000 1000
!
end

Best Answer

It looks like you're referencing a non-existing access list in your NAT configuration:

ip nat inside source list nat-list interface Dialer1 overload

You should define the access list "nat-list" to include your local network:

ip access-list extended nat-list
 permit 10.10.10.0 0.0.0.255 any

See the Cisco documentation for everything about Netwok Address Translation (NAT).

Your ASA configuration:

route outside 0.0.0.0 0.0.0.0 172.16.1.1 1

This will provide a default route via the outside interface, but how will the ASA know how to reach subnets residing behind the Layer 3 Distribution Switch?

You'll need to add routes to the internal subnets via the inside interface using the Layer 3 Distribution Switch as the next-hop IP address.

ASA static routing example:

route inside 172.19.12.0 255.255.255.240 172.16.2.2
route inside 172.19.3.0 255.255.255.0 172.16.2.2
route inside 172.20.100.0 255.255.255.224 172.16.2.2

Your Cisco Router's configuration:

ip route 0.0.0.0 0.0.0.0 200.200.200.200

Additionally, how will your border router know how to reach subnets other than it's connected routes, and the catch all default route via the outside interface's next-hop address 200.200.200.200?

Router static routing example:

ip route 172.19.12.0 255.255.255.240 172.16.1.10
ip route 172.19.3.0 255.255.255.0 172.16.1.10
ip route 172.19.100.0 255.255.255.224 172.16.1.10
ip route 172.16.2.0 255.255.255.224 172.16.1.10

Cisco – Access Cisco Call Manager Express on 2811 Router

The dhcp server shows they do actually have an address. The status messages suggest they aren't able to find all the files they're looking for; the telephony-service should be creating those, but I don't see a create cnf-files in your config. show telephony-service tftp-bindings will show what configs it's created and mapped. The SCCP firmware requires option 66 (tftp server), not option 150 -- the phones will remember the last server if dhcp doesn't present one. (it can be manually configured as well.)

(even without most of the files, it'll still boot and register with the CM. I was updating eBay'd 7960's that weren't known to my CM last night. They only needed to see: OS79XX.TXT, SEPDefault.cnf, and XMLDefault.cnf.xml, and the firmware files)

Best Answer

Related Solutions

Cisco ASA Routing Issue

Your ASA configuration:

ASA static routing example:

Your Cisco Router's configuration:

Router static routing example:

Cisco – Access Cisco Call Manager Express on 2811 Router

Related Topic