Well, I think I am getting closer. I went to the Cisco web site and read
about NAT. I know now, thanks to those from the group that replied, that
part of my problem was with the NAT entries and the inside/outside entries.
I reconfigured my router and just for a minute I was able to browse the web
and ping my firewall at work from a node on the private segment. Then it
fell out and I was back to only being able to ping inside and outside from
the router. Close but no cigar.
I have been working on this for hours on end and it has been one of the best
learning exercises I have had since building a Raptor firewall. But that is
another story.
I have been reading the threads on this site for quite a while. For the
newer people like me those who post to this group are a great resource.
Thanks to all of you.
So here is my new config. Any insight to my oversight is appreciated.
Thanks
dt
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname backbone_r1
!
enable secret
!
!
dial-peer voice 1 pots
no call-waiting
ring 1
port 1
destination-pattern xxxxxxxxx
!
pots country US
ip subnet-zero
ip dhcp excluded-address 172.16.0.2 172.16.0.3
!
ip dhcp pool 1
network 172.16.0.0 255.255.0.0
default-router 172.16.0.2
!
ip name-server 206.196.128.1
isdn switch-type basic-ni
!
!
!
interface Ethernet0
description connected to EthernetLAN
ip address 172.16.0.2 255.255.0.0
no ip directed-broadcast
ip nat inside
!
interface BRI0
description connected to Internet
no ip address
no ip directed-broadcast
ip nat outside
encapsulation ppp
dialer rotary-group 0
isdn switch-type basic-ni
isdn spid1 xxxxxxxx
isdn spid2 xxxxxxxxx
isdn voice-priority xxxxxx out off
isdn voice-priority xxxxxxx in conditional
isdn incoming-voice modem
no cdp enable
!
interface Dialer0
description connected to Internet
ip address negotiated
no ip directed-broadcast
ip nat outside
encapsulation ppp
no ip split-horizon
bandwidth 64
dialer in-band
dialer idle-timeout 1200
dialer string 3032541488
dialer string 3032541186
dialer hold-queue 10
dialer load-threshold 5 outbound
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxx
ppp chap password 7 06
ppp pap sent-username xxxr password 7 060
ppp multilink
!
interface Dialer1
no ip address
no ip directed-broadcast
no cdp enable
!
router rip
version 2
passive-interface Dialer0
network 172.16.0.0
no auto-summary
!
ip nat translation udp-timeout 600
ip nat translation finrst-timeout 90
ip nat translation dns-timeout 90
ip nat inside source list 1 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
access-list 1 permit 172.16.0.0 0.0.255.255
dialer-list 1 protocol ip permit
snmp-server community public RO
snmp-server location SOHO
snmp-server contact
!
line con 0
exec-timeout 0 0
password
login
transport input none
stopbits 1
line vty 0 4
password
login
!
end
""dt"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hi,
> I am pretty new so please be patient. I am wearing my flame retardant
suit.
>
> I am trying to configure my ISDN BR. I am running a Cisco 804. Everything
> connects just fine. I can ping the inside interface on the router, the
> outside interface (dialer) which get an IP address from my ISP. I can ping
> the interfaces of my nodes on the LAN. I authenticate to the ISP Radius
> server. From the router everything seems to resolve just fine but from my
> inside network ( I run NAT) I can only ping the router interfaces. I can
> not ping anything beyond my outside interface.
>
> I know I must be missing something basic but I just can't figure it out.
Any
> help will be greatly appreciated.
>
> Thanks
>
> Dave T
>
> Here is my sh run from the router.
>
> Current configuration:
> !
> version 12.0
> no service pad
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname backbone_r1
> !
> enable secret 5 xxxxx
> enable password xxxx
> !
> dial-peer voice 1 pots
> no call-waiting
> ring 0
> port 1
> destination-pattern xxxxxx
> !
> pots country US
> ip subnet-zero
> !
> ip domain-name uswest.net
> ip name-server 206.196.128.1
> isdn switch-type basic-ni
> !
> !
> !
> interface Ethernet0
> ip address 172.16.0.2 255.255.0.0
> no ip directed-broadcast
> ip nat inside
> !
> interface BRI0
> ip address negotiated
> no ip directed-broadcast
> ip nat inside
> encapsulation ppp
> bandwidth 64
> dialer rotary-group 0
> dialer-group 1
> isdn switch-type basic-ni
> isdn spid1 xxxxxxxxxxxx1111
> isdn spid2 xxxxxxxxxxxx1111
> isdn incoming-voice modem
> !
> interface Dialer0
> ip address negotiated
> no ip directed-broadcast
> ip nat inside
> ip rip send version 1
> ip rip receive version 1
> encapsulation ppp
> bandwidth 64
> keepalive 32767
> dialer in-band
> dialer idle-timeout 300
> dialer string 3032541488
> dialer string 3032541186
> dialer hold-queue 10
> dialer load-threshold 10 outbound
> dialer-group 1
> ppp authentication pap callin
> ppp pap sent-username xxx password xxx
> ppp multilink
> !
> router rip
>
> router rip
> network 10.0.0.0
> network 172.16.0.0
> network 192.168.0.0
> !
> ip nat inside source list 1 interface BRI0 overload
> ip classless
> ip route 0.0.0.0 0.0.0.0 Dialer0
> !
> dialer-list 1 protocol ip permit
> dialer-list 1 protocol clns permit
> dialer-list 1 protocol netbios permit
> !
> line con 0
> transport input none
> stopbits 1
> line vty 0 4
> password
> login
> !
> end
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=12444&t=12365
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
