Petri.com forums Home Forums Start Page Forums Frequently Asked Questions FAQ Member List Members List
Go Back   Petri IT Knowledgebase Forums > Networking > Cisco Routers & Switches How-to
Petri.com is happy to award RicklesP the title of Most Valuable Member !!!
Register Calendar Calendar Search Petri IT Knowledgebase Forums Search Todays Posts Today's Posts Mark Forums Read
Notices

Problems with Cisco 857W with VPN tunnel

Problems with Cisco 857W with VPN tunnel

this thread has 4 replies and has been viewed 3322 times

Closed Thread
 
Thread Tools Search this Thread Display Modes
  #1  
Old 4th September 2008, 19:23
gestevam gestevam is offline
Casual
Casual
 
 Join Date: Aug 2008
  6 month star 12 month star
 Posts: 7
 Reputation: gestevam is on a distinguished road (10)
Default Problems with Cisco 857W with VPN tunnel

Hello.
I need some help to configure a Cisco 857W. At this point i don't know what to do more to fix this problem.
My router, when is booting, i see in the console (Hyperterminal) at the end of the boot, two messages:

%NAT: Error activating CNBAR on the interface BVI1
%NAT: Error activating CNBAR on the interface Dialer0

After that, i can get a ip address with wire and wireless, so i can access the server over the LAN.
But i can't access the internet and to the VPN, i think everything is ok, but it is clearly that it is not.
Hear is my configuration, any help i will appreciate.

My network is this:
1 Server with DHCP, DNS w/ IP 192.168.43.2
Router Cisco 857W IP 192.168.43.1
ISP IP Static


!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service sequence-numbers
no service dhcp
!
hostname Router
!
logging buffered 51200 debugging
logging console critical
enable secret 5 MY_PASSWORD_ROUTER
!
clock timezone PCTime 0
clock summer-time PCTime recurring 1 Sun Oct 2:00 3 Sun Mar 3:00
!
!
ip domain-name MYDOMAIN
ip name-server DNS ISP
ip name-server DNS ISP
ip name-server 192.168.43.2
!
!
ip tcp selective-ack
ip tcp timestamp
no ip bootp server
no ip domain lookup
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp key MY_KEY address MY_PUBLIC_ADDRESS no-xauth
!
crypto ipsec transform-set tr-null-sha esp-null esp-sha-hmac
crypto ipsec transform-set tr-des-md5 esp-des esp-md5-hmac
crypto ipsec transform-set tr-3des-md5 esp-3des esp-md5-hmac
crypto ipsec transform-set tr-3des-sha esp-3des esp-sha-hmac
crypto ipsec transform-set tr-aes-sha esp-aes esp-sha-hmac
!
crypto map cm-cryptomap 110 ipsec-isakmp
set peer MY_PUBLIC_ADDRESS
set transform-set tr-3des-md5
match address 110
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
!
encryption mode ciphers tkip
!
ssid MY_SSID
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii MY_WIRELESS_KEY
!
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
!
interface bvi1
ip address 192.168.43.1 255.255.255.0
ip access-group 102 in
ip nat inside
no ip directed-broadcast
exit
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$
no snmp trap link-status
pvc 0/35
pppoe-client dial-pool-number 1
!
exit
!
interface Dialer0
ip address MY_STATIC_IP_ADDRESS_ISP 255.255.255.0
ip access-group 101 in
no ip redirects
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username MY_USER password 0 MY_PASSWORD
!
ip nat inside source list 1 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
!
!
line vty 0 4
access-class 2 in
exit
!
access-list 1 remark The local LAN.
access-list 1 permit 192.168.43.0 0.0.0.255
!
access-list 2 remark Where management can be done from.
access-list 2 permit 192.168.43.0 0.0.0.255
!
access-list 3 remark Traffic not to check for intrustion detection.
access-list 3 deny 192.168.40.0 0.0.0.255
access-list 3 permit any
!
access-list 101 remark Traffic allowed to enter the router from the Internet
access-list 101 permit ip 192.168.40.0 0.0.0.255 192.168.43.0 0.0.0.255
access-list 101 permit ip 192.168.0.0 0.0.255.255 any
access-list 101 permit udp any any eq 4500
access-list 101 permit udp any any eq isakmp
access-list 101 permit esp any any
access-list 101 permit tcp any any eq 1723
access-list 101 permit gre any any
access-list 101 deny icmp any any echo
access-list 101 deny ip any any log
!
access-list 102 remark Traffic allowed to enter the router from the Ethernet
access-list 102 permit ip any host 192.168.43.1
access-list 102 permit ip 192.168.43.0 0.0.0.255 192.168.40.0 0.0.0.255
access-list 102 deny ip any 0.0.0.0 0.255.255.255 log
access-list 102 permit ip 192.168.43.0 0.0.0.255 any
access-list 102 permit ip any host 255.255.255.255
access-list 102 deny ip any any log
!
access-list 110 remark Site to Site VPN
access-list 110 permit ip 192.168.43.0 0.0.0.255 192.168.40.0 0.0.0.255
access-list 110 permit ip 192.168.43.0 0.0.0.255 any
!
bridge 1 route ip
dialer-list 1 protocol ip permit
!
interface FastEthernet0
no shutdown
exit
interface FastEthernet1
no shutdown
exit
interface FastEthernet2
no shutdown
exit
interface FastEthernet3
no shutdown
exit
interface vlan1
no shutdown
exit
interface ATM0
no shutdown
exit
interface Dot11Radio0
no shutdown
exit
interface bvi1
no shutdown
exit

Once again i will appreciate some help, this is my first configuration in the cisco router and i tried everything, that i saw in the forum.

Best regards
Gestevam
  #2  
Old 8th September 2008, 11:30
gestevam gestevam is offline
Casual
Casual
 
 Join Date: Aug 2008
  6 month star 12 month star
 Posts: 7
 Reputation: gestevam is on a distinguished road (10)
Default Re: Problems with Cisco 857W with VPN tunnel

Anyone coul'd help me?
  #3  
Old 8th September 2008, 11:56
Dumber's Avatar
Dumber Dumber is offline
Moderator
 
 Join Date: Dec 2003
  6 month star 12 month star
 Location: The Netherlands
 Posts: 8,184
 Reputation: Dumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to beholdDumber is a splendid one to behold (849)
Default Re: Problems with Cisco 857W with VPN tunnel

Well I don't know if this will help but it might
http://www.cisco.com/univercd/cc/td/...2/pppoanat.pdf

I came it across searching for your error and founded this source which is reffering to the above document
http://www.telecom-gear.com/Cisco-87...e41708--12.htm


Also your acl doesn't look correctly

Quote:
access-list 1 remark The local LAN.
access-list 1 permit 192.168.43.0 0.0.0.255
!

Quote:
access-list 1 remark Access from internal to any.
access-list 1 permit 192.168.43.0 0.0.0.255 any
!
__________________
Marcel
Technical Consultant
Netherlands
http://www.phetios.com
http://blog.nessus.nl

MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
"No matter how secure, there is always the human factor."

"Enjoy life today, tomorrow may never come."
"If you're going through hell, keep going. ~Winston Churchill"

  #4  
Old 11th September 2008, 19:35
gestevam gestevam is offline
Casual
Casual
 
 Join Date: Aug 2008
  6 month star 12 month star
 Posts: 7
 Reputation: gestevam is on a distinguished road (10)
Smile Re: Problems with Cisco 857W with VPN tunnel

Hi Dumber!
Sorry only now i reply your post, but i've been out a few days and so...
In first place, thank you for your answer. I read it and the pdf file for NAT over PPPoA, is a part of a complete cisco file that call "Cisco 850 series and 870 series - Access Routers Software And Configuration Guide" and i tried everything that i can "translate" for my situation and it didn't work. Even your suggestion, didn't work too. I put a "any" in the end of my access list 1 (from internal to any and it mark a error in the "any" cwhen it is booting.

At this moment i have 2 configurations:

Config 1: I can access from any computer to the internet, on the wire cable, the wireless doesn't work.

Config 2: The wire and wireless works well, login on the server, etc. But i can't reach de internet.

I tried to make a mix of the 2 configs and i can't understand waht is going worng.

The config 1 i made it with the steps of the SDM Express, but unfornatelly like i saw in several foruns the SDM express isn't a good thing...

The config 2 i made it over this site and i put my configurations
http://www.ifm.net.nz/cookbooks/800-isr-wizard.html

I will try again, step by step recreate a good router-confg file. If i can do evreything working i'll inform. Otherwise if you or anyone have a suggestion i'll accept the explanation.

Thank you again

GE
  #5  
Old 12th September 2008, 14:33
gestevam gestevam is offline
Casual
Casual
 
 Join Date: Aug 2008
  6 month star 12 month star
 Posts: 7
 Reputation: gestevam is on a distinguished road (10)
Default Re: Problems with Cisco 857W with VPN tunnel

Just one information, that i forgot to supply.
The configuration that is in the first post, is the config 2.

Best regards
Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco 2811 - SP Services & VPN Problems felix_cohen Cisco Routers & Switches How-to 1 20th October 2008 23:03
Configure Cisco 857W with AP gestevam Cisco Routers & Switches How-to 2 20th August 2008 16:17
857W and 857W site-to-site VPN, What am I missing? rowie Cisco Routers & Switches How-to 5 7th July 2008 16:11
VPN Tunnel and Vista Security John Farthing Windows Vista 1 13th February 2008 14:31
Cisco 857W router config help Uncle_Bob Cisco Routers & Switches How-to 9 3rd May 2007 13:28


All times are GMT +3. The time now is 07:33.

Steel Blue 3.5.4 vBulletin Style ©2006 vBEnhanced
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
 

Valid XHTML 1.0!   Valid CSS!

Copyright 2005 Daniel Petri