SteveDT123MemberOct 14, 2007 at 10:43 pm #128266
Hello all, this is my first post so feel free to correct me if I am posting incorrectly. Also, thanks in advance for anyone who takes the time to read this.
I recently purchased a Cisco 851 for my home, and used the SDM to configure it. The first time I chose defaults (basic firewall, basic NAT, DHCP internally, connect to my ISP using DHCP as well). I didn’t manually override anything. I found the tool helpful and easy to use. My hope was to then examine my run config and reverse engineer what it had done as a jumpstart into learning IOS.
After the initial install everything was fine, except that I could not connect to my friends Microsoft VPN (PPTP with MSCHAP) whereas when I connect directly to cable modem, I am able to. I suspected firewall rules at play.
My other problem (and persistent problem) is that I cannot get my Tivo to connect to the host service going through the router. Connecting directly to the modem, everything works fine.
To rule out firewall, I reset to factory defaults, reran SDM and chose to skip enabling the firewall, and unchecked the SDM options that pertained to security. After doing this, my MSCHAP PPTP connection works fine, but my Tivo still cannot connect. Tivo reports that it uses services on ports: UDP 37, 123; TCP 37,80,443,5005,5222,5223,7287,7288,8000,8080-8089.
Obviously, I am not looking to a solution to my problem with this little of info that I have provided. Instead, I am looking for advice on how to troubleshoot this. Is there a way that I can log the activities while the Tivo is sending outbound traffic to determine whats happening? or is there a better “diagnostic approach” I should take? Of course any resources or links anyone has that will give me a better understanding of Cisco routing / config concepts would be great. I assume its NAT/PAT problem, even though I don’t seem to see how it could be since everything else appears to work correctly. As far as I know Tivo is just making standard requests outside the wall (presumably HTTP requests).
Here is my current config if this sheds any light. Again thanks so much for reading and even giving this half a second of thought. I realize that its vague and naive, but Im feeling a bit at a loss.
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
logging buffered 51200 debugging
logging console critical
enable secret 5 …
no aaa new-model
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.102.1 192.168.102.99
ip dhcp pool sdm-pool1
network 192.168.102.0 255.255.255.0
dns-server 220.127.116.11 18.104.22.168
ip tcp synwait-time 10
ip domain name steve.dnsdojo.com
ip name-server 22.214.171.124
ip name-server 126.96.36.199
crypto pki trustpoint TP-self-signed-2778007988
crypto pki certificate chain TP-self-signed-2778007988
certificate self-signed 01
username steve privilege 15 secret 5
ip address dhcp client-id FastEthernet4
ip nat outside
ip route-cache flow
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.102.1 255.255.255.0
ip mtu 1492
ip nat inside
ip route-cache flow
ip tcp adjust-mss 1452
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.102.0 0.0.0.255
no cdp run
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
You must be logged in to reply to this topic.