cisco 857 : le macchine interne non escono su wan

[occhiostanco]

Ciao, un aiutino
il mio 857 e' configurato come sotto, per una adsl tiscali.
La connessione del router su WAN e' ok , infatti pingo e
risolvo i nomi di tutto il mondo, dal router.

l'indirizzo dato da tiscali e' pubblico (un solo IP pubblico)
e io l'ho configurato come xxx.xxx.xxx.xxx / 255.255.255.255
ma impostato su Loopback0 passata poi su Dialer0
con "ip unnumbered Loopback0".
Perche' su Dialer0 non accetta rete in /32.

Ma le macchine interne, che hanno l'indirizzo interno
(vlan1) del cisco (10.100.0.1) come gateway NON ESCONO.
Le macchine interne (che hanno indirizzi 10.100.0.*/255.255.255.0)
pingano il cisco su 10.100.0.1.

Ma qualsiasi richiesta verso l'esterno da' " network unreachable"
Qualche macro sbaglio nella configurazione sotto?
Qualche prova da fare?

Ciao e grazie
Roberto


------------------------------------------------------------------------------------------------------------
!
version 12.4
service nagle
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
no service dhcp
!
hostname cisco
!
boot-start-marker
boot-end-marker
!
logging exception 100000
logging count
logging userinfo
logging queue-limit 10000
logging buffered 150000 notifications
logging console critical
enable secret 5 $1$ix7u$Nxg.bQ94DId.RxaT44xQ6.
!
no aaa new-model
clock timezone MET 1
clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
!
crypto pki trustpoint TP-self-signed-2559843232
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2559843232
revocation-check none
rsakeypair TP-self-signed-2559843232
!
!
crypto pki certificate chain TP-self-signed-2559843232
certificate self-signed 01
quit
dot11 syslog
no ip source-route
no ip gratuitous-arps
ip icmp rate-limit unreachable 1000
!
!
ip cef
ip inspect log drop-pkt
ip inspect max-incomplete low 300
ip inspect max-incomplete high 400
ip inspect one-minute low 300
ip inspect hashtable-size 2048
ip inspect tcp synwait-time 20
ip inspect tcp max-incomplete host 300 block-time 60
ip inspect name IDS tcp
ip inspect name IDS udp
ip inspect name IDS ftp
no ip bootp server
ip domain name cisco.com
ip host router 10.100.0.1 255.255.255.0
ip host cisco 10.100.0.1 255.255.255.0
ip host zyxel 10.100.0.2 255.255.255.0
ip host ftp 10.100.0.11
ip name-server 208.67.220.220
ip name-server 208.67.222.222
login block-for 1 attempts 3 within 30
login on-failure
login on-success
!
!
!
username name
username xxxxx privilege 15 secret 5 $1$Ht67$Wb8rHhpYwMe1OgkSKyFY11
!
!
archive
log config
hidekeys
!
!
ip ftp username xxxxxxxxxx
ip ftp password 7 094E4F061B0415
ip tcp selective-ack
ip tcp window-size 2144
ip tcp synwait-time 10
!
!
!
interface Loopback0
ip address xxx.xxx.xxx.xxx 255.255.255.255
!
interface Null0
no ip unreachables
!
interface ATM0
description Tiscali ADSL Pro 2 Plus (051 4210360)
mtu 1500
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description INTERFACCIA LAN INTERNA
ip address 10.100.0.1 255.255.255.0
ip accounting output-packets
ip nat inside
ip virtual-reassembly
ip route-cache flow
no ip mroute-cache
hold-queue 100 out
!
interface Dialer0
ip unnumbered Loopback0
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp chap hostname [email protected]
ppp chap password 7 11584B5643475D
ppp pap sent-username [email protected] password 7 055A545C751918
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
!
access-list 1 permit 10.100.0.0 0.0.0.255
route-map map permit 10
!
!
control-plane
!
!
line con 0
no modem enable
speed 19200
line aux 0
line vty 0 4
password 7 15130905002528
login
!
scheduler max-task-time 5000
end
-----------------------------------------------------------------------------------------

[danny webber]

Ciao, un aiutino
il mio 857 e' configurato come sotto, per una adsl tiscali.
La connessione del router su WAN e' ok , infatti pingo e
risolvo i nomi di tutto il mondo, dal router.

l'indirizzo dato da tiscali e' pubblico (un solo IP pubblico)
e io l'ho configurato come xxx.xxx.xxx.xxx / 255.255.255.255
ma impostato su Loopback0 passata poi su Dialer0
con "ip unnumbered Loopback0".
Perche' su Dialer0 non accetta rete in /32.

Ma le macchine interne, che hanno l'indirizzo interno
(vlan1) del cisco (10.100.0.1) come gateway NON ESCONO.
Le macchine interne (che hanno indirizzi 10.100.0.*/255.255.255.0)
pingano il cisco su 10.100.0.1.

Ma qualsiasi richiesta verso l'esterno da' " network unreachable"
Qualche macro sbaglio nella configurazione sotto?
Qualche prova da fare?

Ciao e grazie
Roberto


------------------------------------------------------------------------------------------------------------
!
version 12.4
service nagle
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
no service dhcp
!
hostname cisco
!
boot-start-marker
boot-end-marker
!
logging exception 100000
logging count
logging userinfo
logging queue-limit 10000
logging buffered 150000 notifications
logging console critical
enable secret 5 $1$ix7u$Nxg.bQ94DId.RxaT44xQ6.
!
no aaa new-model
clock timezone MET 1
clock summer-time MEDT recurring last Sun Mar 2:00 last Sun Oct 3:00
!
crypto pki trustpoint TP-self-signed-2559843232
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2559843232
revocation-check none
rsakeypair TP-self-signed-2559843232
!
!
crypto pki certificate chain TP-self-signed-2559843232
certificate self-signed 01
quit
dot11 syslog
no ip source-route
no ip gratuitous-arps
ip icmp rate-limit unreachable 1000
!
!
ip cef
ip inspect log drop-pkt
ip inspect max-incomplete low 300
ip inspect max-incomplete high 400
ip inspect one-minute low 300
ip inspect hashtable-size 2048
ip inspect tcp synwait-time 20
ip inspect tcp max-incomplete host 300 block-time 60
ip inspect name IDS tcp
ip inspect name IDS udp
ip inspect name IDS ftp
no ip bootp server
ip domain name cisco.com
ip host router 10.100.0.1 255.255.255.0
ip host cisco 10.100.0.1 255.255.255.0
ip host zyxel 10.100.0.2 255.255.255.0
ip host ftp 10.100.0.11
ip name-server 208.67.220.220
ip name-server 208.67.222.222
login block-for 1 attempts 3 within 30
login on-failure
login on-success
!
!
!
username name
username xxxxx privilege 15 secret 5 $1$Ht67$Wb8rHhpYwMe1OgkSKyFY11
!
!
archive
log config
hidekeys
!
!
ip ftp username xxxxxxxxxx
ip ftp password 7 094E4F061B0415
ip tcp selective-ack
ip tcp window-size 2144
ip tcp synwait-time 10
!
!
!
interface Loopback0
ip address xxx.xxx.xxx.xxx 255.255.255.255
!
interface Null0
no ip unreachables
!
interface ATM0
description Tiscali ADSL Pro 2 Plus (051 4210360)
mtu 1500
no ip address
no atm ilmi-keepalive
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description INTERFACCIA LAN INTERNA
ip address 10.100.0.1 255.255.255.0
ip accounting output-packets
ip nat inside
ip virtual-reassembly
ip route-cache flow
no ip mroute-cache
hold-queue 100 out
!
interface Dialer0
ip unnumbered Loopback0
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp chap hostname [email protected]
ppp chap password 7 11584B5643475D
ppp pap sent-username [email protected] password 7 055A545C751918
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
!
access-list 1 permit 10.100.0.0 0.0.0.255
route-map map permit 10
!
!
control-plane
!
!
line con 0
no modem enable
speed 19200
line aux 0
line vty 0 4
password 7 15130905002528
login
!
scheduler max-task-time 5000
end
-----------------------------------------------------------------------------------------

riporta il risultato di questi 2 cmd,

show ip nat translation
show ip int brief

poi vai

vai di ping esteso xxx.xxx.xxx.xxx source vlan1
vai di ping esteso 151.1.1.1 source loop1

e posta i result.

la conf sembra ok, bisogna capire cosa succede.
hai provato solo ping alfabetici o anche numerici????