+ Reply to Thread
Results 1 to 2 of 2
  1. Junior Member Registered Member
    Join Date
    Nov 2015
    Posts
    1
    #1

    Default Test internet connection failed Cisco router 800 series

    I have mail server using to send and recieve emails in server obly mode
    and i use router cisco 800 series as gateway to mail server
    inside my network
    mail server take ip 192.168.1.4
    router cisco 192.168.1.254
    public ip for mail server is 78.93.244.61 and port 25 is open in it
    i do nat from outside public ip 78.93.244.61 to inside local netork mail server 192.168.1.4
    but no access for internet to mail server
    I check every thing in my network every thing is ok
    but remaining i not check cisco router 800 series config file
    config file as following :
    ------------
    xxxx#sh run
    Building configuration...

    Current configuration : 4660 bytes
    !

    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !

    hostname xxxxx
    !

    boot-start-marker
    boot-end-marker
    !

    !
    aaa new-model
    !

    !
    aaa authentication login default local
    aaa authentication login sdm_vpn_xauth_ml_1 local
    aaa authentication login sdm_vpn_xauth_ml_2 local
    aaa authorization exec default local
    aaa authorization network sdm_vpn_group_ml_1 local
    !

    !
    aaa session-id common
    clock timezone KSA 3
    !

    crypto pki trustpoint TP-self-signed-xxxxx
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-164429193
    revocation-check none
    rsakeypair TP-self-signed-xxxx
    !

    !
    dot11 syslog
    !

    dot11 ssid xxxx
    vlan 1
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 0 xxxx
    !

    ip cef
    no ip dhcp use vrf connected
    ip dhcp excluded-address 10.10.10.1
    ip dhcp excluded-address 10.10.11.1
    !

    ip dhcp pool wireless
    import all
    network 10.10.11.0 255.255.255.0
    default-router 10.10.11.1
    dns-server 212.93.192.4 212.93.192.5
    lease 0 2
    !

    !
    ip auth-proxy max-nodata-conns 3
    ip admission max-nodata-conns 3
    ip domain name awalnet.net.sa
    ip name-server 84.22.224.11
    ip name-server 84.22.224.12
    !

    !
    !

    crypto isakmp policy 1
    encr 3des
    authentication pre-share
    group 2
    !

    crypto isakmp client configuration group xxx
    key xxx
    dns 212.93.192.4 212.93.192.5
    include-local-lan
    dhcp server 10.10.10.1
    max-users 10
    netmask 255.255.255.0
    crypto xxx profile sdm-ike-profile-1223
    match identity group xxx
    client authentication list sdm_vpn_xauth_ml_2
    isakmp authorization list sdm_vpn_group_ml_1
    client configuration address respond
    virtual-template 1
    !

    !
    crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
    !

    crypto ipsec profile SDM_Profile1
    set security-association idle-time 60
    set transform-set xxxxx
    set isakmp-profile sdm-ike-profile-1
    !

    !
    archive
    log config
    hidekeys
    !

    !
    !

    bridge irb
    !

    !
    interface ATM0
    no ip address
    no atm ilmi-keepalive
    dsl operating-mode auto
    !

    interface ATM0.1 point-to-point
    pvc 0/35
    pppoe-client dial-pool-number 1
    !
    !

    interface FastEthernet0
    !

    interface FastEthernet1
    !

    interface FastEthernet2
    !

    interface FastEthernet3
    !

    interface Virtual-Template1 type tunnel
    ip unnumbered Dialer0
    tunnel mode ipsec ipv4
    tunnel protection ipsec profile SDM_Profile1
    !

    interface Dot11Radio0
    no ip address
    !
    encryption vlan 1 mode ciphers tkip
    !
    ssid xxxx
    !
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
    station-role root
    !

    interface Dot11Radio0.1
    encapsulation dot1Q 1 native
    no cdp enable
    bridge-group 1
    bridge-group 1 subscriber-loop-control
    bridge-group 1 spanning-disabled
    bridge-group 1 block-unknown-source
    no bridge-group 1 source-learning
    no bridge-group 1 unicast-flooding
    !

    interface Vlan1
    description $xxxxxx$
    ip address 78.93.244.61 255.255.255.252 secondary
    ip address 192.168.1.254 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    ip tcp adjust-mss 1452
    !

    interface Dialer0
    ip address negotiated
    ip mtu 1452
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication chap pap callin
    ppp chap hostname xxxx
    ppp chap password xxxx
    ppp pap sent-username xxxx.xx password xxxxx
    !

    interface BVI1
    ip address 10.10.11.1 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    !

    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 Dialer0
    !

    ip http server
    ip http access-class 23
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source list 1 interface Dialer0 overload
    ip nat inside source static tcp 192.168.1.4 25 78.93.244.61 25 extendable
    !

    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit 10.10.10.0 0.0.0.255
    access-list 1 permit 10.10.11.0 0.0.0.255
    access-list 1 permit 192.168.1.0 0.0.0.255
    access-list 23 permit 212.93.196.0 0.0.0.255
    access-list 23 permit 212.93.192.0 0.0.0.255
    access-list 23 permit 212.93.193.0 0.0.0.255
    access-list 23 permit 10.10.10.0 0.0.0.255
    access-list 23 permit 212.93.208.0 0.0.0.255
    dialer-list 1 protocol ip permit
    snmp-server community private RW
    snmp-server community public RO
    !

    !
    !

    control-plane
    !

    bridge 1 protocol ieee
    bridge 1 route ip
    !

    line con 0
    no modem enable
    line aux 0
    line vty 0 4
    !

    scheduler max-task-time 5000
    end

    -------------
    Are there are any thing wrong in config file delay or stop internet connection to mail server
    please help me
    Reply With Quote Quote  

  2. Woohoo! It's over 1000!
    Join Date
    Aug 2015
    Location
    Australia
    Posts
    1,683

    Certifications
    Linux+, ACSA, ACTC, ACSP, MCSA:7, MCTS, ITIL F, Prince2 Pract, AgilePM Practitioner, VCP-DCV 5/6, Storage+, CCNA R+S/Sec/CyberOps, Sec+, CEH, CASP
    #2
    I might not be understanding this, but your Outside address is 78.93.244.61 and the inside natted range is 192.168.1.0/24 ?

    Is the Outside your DSL connection (dialer0)? If so, shouldn't that be the one with your outside address?

    Also, what is the 10.10.10.0/24 and 10.10.11.0/24 ranges for?
    2017 Goals - Something Cisco, Something Linux, Agile PM
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks