Soliti Problemi di configurazione

[aemer]

Ciao a tutti,

ho provato per la prima volta a configurare un Cisco 877 per la connessione a internet.
Per fare questo ho letto e riletto vari post in questo forum ma ho ancora alcuni problemi.

Per iniziare vi scrivo un po' di info :

1) Ho aperto una ADSL Alice Business CLICK con le seguenti caratteristiche :

IP Assegnati : 99.99.99.136 <-> 143 NetMask 255.255.255.248
default Gat : 99.99.99.137
Punto Punto : 33.33.33.54 NetMask 255.255.255.252

2) Con la mia configurazione dalla rete interna 10.52.4.x 255.255.255.0 riesco a navigare mettendo come gateway il 10.52.4.1 e inserendo ai client i DNS della Telecom

3) Noto però che
a) l'indirizzo con cui esco è quello della punto-punto.
b) pingo il gateway dall'interno ma non dall'esterno .....

Chi ha voglia di dare un'occhiata ala configurazione per darmi qualche consiglio.

Grazie mille

------------------------------------------------------------------------------------
------------------------------------------------------------------------------------
------------------------------------------------------------------------------------
myRouter#sh run

Building configuration...

Current configuration : 3772 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
!
hostname myRouter
!
boot-start-marker
boot-end-marker
!

enable secret 5 ** PASSWORD **
!
no aaa new-model
!
resource policy
!
ip cef
!
!
ip dhcp excluded-address 99.99.99.137
ip dhcp excluded-address 10.52.4.1
ip dhcp excluded-address 10.52.4.1 10.52.4.180
!
ip dhcp pool CLIENT
network 10.52.4.0 255.255.255.0
default-router 10.52.4.1
domain-name VLAN3.it
dns-server 151.99.125.2 151.99.125.3
lease 0 2
!
!
ip domain name VLAN3.it
ip name-server 151.99.125.2
ip name-server 151.99.0.100
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 99.99.99.137 255.255.255.248
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $FW_OUTSIDE$$ES_WAN$
bandwidth 4096
ip address 33.33.33.54 255.255.255.252
ip access-group 101 in
ip verify unicast reverse-path
ip nat outside
ip inspect DEFAULT100 out
ip virtual-reassembly
no snmp trap link-status
pvc 8/35
oam-pvc manage
oam retry 5 5 1
encapsulation aal5snap
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $FW_INSIDE$
ip address 10.52.4.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
hold-queue 100 out
!
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
!
ip http server
ip http secure-server
ip nat inside source list 102 interface ATM0.1 overload
ip nat inside source static 10.52.4.1 99.99.99.137
!
ip access-list logging interval 10
access-list 1 permit 10.52.4.0 0.0.0.255
access-list 100 deny ip 33.33.33.52 0.0.0.3 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 permit tcp any host 99.99.99.137
access-list 101 deny ip 99.99.99.136 0.0.0.7 any
access-list 101 permit icmp any host 33.33.33.54 echo-reply
access-list 101 permit icmp any host 33.33.33.54 time-exceeded
access-list 101 permit icmp any host 33.33.33.54 unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any
access-list 102 permit ip host 10.52.4.3 any
access-list 102 permit ip host 10.52.4.5 any
access-list 102 permit ip host 10.52.4.10 any
access-list 102 permit ip host 10.52.4.250 any
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password **password**
login
!
scheduler max-task-time 5000
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end

myRouter#
------------------------------------------------------------------------------------
------------------------------------------------------------------------------------
------------------------------------------------------------------------------------

[aemer]

Non riesco proprio a capire ... mi sembra di aver dedotto che nell'ATM0.1 dovrei mettere l'ip del gateway e l'indirizzo della punto punto sutto il "pvc 8/35"

O aggiungere la loopback0 con l'IP del gateway ???

Chi mi aiuta ?

[paolomat75]

Ciao,
non posso provare se funziona, ma io leverei

Codice: Seleziona tutto

ip nat inside source list 102 interface ATM0.1 overload
ip nat inside source static 10.52.4.1 99.99.99.137

e metterei sotto

Codice: Seleziona tutto

interface Loopback0 
ip nat outside  <. levandolo da ATM0.1

e in global config

Codice: Seleziona tutto

ip Nat inside source list 10 loopback0 overload

Fammi sapere se funziona

Ciao
Paolo

[aemer]

Ecco fatto ..... ma purtroppo con la modifica ... il router non esce più ( non pingo nemmeno i DNS )
Ecco come diventa la configurazione :

-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------

myRouter#sh run

Building configuration...

Current configuration : 3772 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime show-timezone
!
hostname myRouter
!
boot-start-marker
boot-end-marker
!

enable secret 5 ** PASSWORD **
!
no aaa new-model
!
resource policy
!
ip cef
!
!
ip dhcp excluded-address 99.99.99.137
ip dhcp excluded-address 10.52.4.1
ip dhcp excluded-address 10.52.4.1 10.52.4.180
!
ip dhcp pool CLIENT
network 10.52.4.0 255.255.255.0
default-router 10.52.4.1
domain-name VLAN3.it
dns-server 151.99.125.2 151.99.125.3
lease 0 2
!
!
ip domain name VLAN3.it
ip name-server 151.99.125.2
ip name-server 151.99.0.100
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 99.99.99.137 255.255.255.248
ip nat outside
ip virtual-reassembly
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $FW_OUTSIDE$$ES_WAN$
bandwidth 4096
ip address 33.33.33.54 255.255.255.252
ip access-group 101 in
ip verify unicast reverse-path
ip inspect DEFAULT100 out
ip virtual-reassembly
no snmp trap link-status
pvc 8/35
oam-pvc manage
oam retry 5 5 1
encapsulation aal5snap
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $FW_INSIDE$
ip address 10.52.4.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
hold-queue 100 out
!
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
!
ip http server
ip http secure-server


ip Nat inside source list 102 interface loopback0 overload

!
ip access-list logging interval 10
access-list 1 permit 10.52.4.0 0.0.0.255
access-list 100 deny ip 33.33.33.52 0.0.0.3 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 permit tcp any host 99.99.99.137
access-list 101 deny ip 99.99.99.136 0.0.0.7 any
access-list 101 permit icmp any host 33.33.33.54 echo-reply
access-list 101 permit icmp any host 33.33.33.54 time-exceeded
access-list 101 permit icmp any host 33.33.33.54 unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any
access-list 102 permit ip host 10.52.4.3 any
access-list 102 permit ip host 10.52.4.5 any
access-list 102 permit ip host 10.52.4.10 any
access-list 102 permit ip host 10.52.4.250 any
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password **password**
login
!
scheduler max-task-time 5000
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end

myRouter#

---------------------------------------------------------------------------------
---------------------------------------------------------------------------------
---------------------------------------------------------------------------------

Aiutooooooooo

[paolomat75]

Non avevo mai provato ad usare l'interfaccia loopback.
Prova così

Rimetti ip nat outside sotto ATM0.1
e poi

Codice: Seleziona tutto

ip nat pool mypool 99.99.99.137 99.99.99.137 netmask 255.255.255.248 
ip nat inside source list 1 pool mypool atm0.1 overload

Spero che così vada.

[aemer]

Non avevo mai provato ad usare l'interfaccia loopback.
Prova così

Rimetti ip nat outside sotto ATM0.1
e poi

Codice: Seleziona tutto

ip nat pool mypool 99.99.99.137 99.99.99.137 netmask 255.255.255.248 
ip nat inside source list 1 pool mypool atm0.1 overload

Spero che così vada.

Eccomi qui .... per prima cosa ti ringrazio molto ....

In più ho tolto parecchia roba che credo non servisse ... ed ora esco con l'ip che volevo ...

Penso di aprire un altro post dove metto la configurazione funzionante e magari provo a chiedere delle dritte per migliorare la config.

Grazie molte !!!!!!!!!!!!

[paolomat75]

Prego.
Mi fa piacere che hai risolto.

Buona giornata
Paolo