Diagnosing NAT problems with Cisco 851

Home Forums Networking Cisco Routers & Switches How-to Diagnosing NAT problems with Cisco 851

Viewing 1 post (of 1 total)
  • Author
  • Avatar

    Hello all, this is my first post so feel free to correct me if I am posting incorrectly. Also, thanks in advance for anyone who takes the time to read this.

    I recently purchased a Cisco 851 for my home, and used the SDM to configure it. The first time I chose defaults (basic firewall, basic NAT, DHCP internally, connect to my ISP using DHCP as well). I didn’t manually override anything. I found the tool helpful and easy to use. My hope was to then examine my run config and reverse engineer what it had done as a jumpstart into learning IOS.

    After the initial install everything was fine, except that I could not connect to my friends Microsoft VPN (PPTP with MSCHAP) whereas when I connect directly to cable modem, I am able to. I suspected firewall rules at play.

    My other problem (and persistent problem) is that I cannot get my Tivo to connect to the host service going through the router. Connecting directly to the modem, everything works fine.

    To rule out firewall, I reset to factory defaults, reran SDM and chose to skip enabling the firewall, and unchecked the SDM options that pertained to security. After doing this, my MSCHAP PPTP connection works fine, but my Tivo still cannot connect. Tivo reports that it uses services on ports: UDP 37, 123; TCP 37,80,443,5005,5222,5223,7287,7288,8000,8080-8089.

    Obviously, I am not looking to a solution to my problem with this little of info that I have provided. Instead, I am looking for advice on how to troubleshoot this. Is there a way that I can log the activities while the Tivo is sending outbound traffic to determine whats happening? or is there a better “diagnostic approach” I should take? Of course any resources or links anyone has that will give me a better understanding of Cisco routing / config concepts would be great. I assume its NAT/PAT problem, even though I don’t seem to see how it could be since everything else appears to work correctly. As far as I know Tivo is just making standard requests outside the wall (presumably HTTP requests).

    Here is my current config if this sheds any light. Again thanks so much for reading and even giving this half a second of thought. I realize that its vague and naive, but Im feeling a bit at a loss.

    version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    hostname steverouter
    logging buffered 51200 debugging
    logging console critical
    enable secret 5 …
    no aaa new-model
    resource policy
    clock timezone PCTime -6
    clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
    ip subnet-zero
    no ip dhcp use vrf connected
    ip dhcp excluded-address
    ip dhcp pool sdm-pool1
    import all
    ip cef
    ip tcp synwait-time 10
    ip domain name steve.dnsdojo.com
    ip name-server
    ip name-server
    crypto pki trustpoint TP-self-signed-2778007988
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-2778007988
    revocation-check none
    rsakeypair TP-self-signed-2778007988
    crypto pki certificate chain TP-self-signed-2778007988
    certificate self-signed 01

    username steve privilege 15 secret 5
    interface FastEthernet0
    interface FastEthernet1
    interface FastEthernet2
    interface FastEthernet3
    interface FastEthernet4
    description $ES_WAN$$FW_OUTSIDE$
    ip address dhcp client-id FastEthernet4
    ip nat outside
    ip virtual-reassembly
    ip route-cache flow
    duplex auto
    speed auto
    interface Vlan1
    ip address
    ip mtu 1492
    ip nat inside
    ip virtual-reassembly
    ip route-cache flow
    ip tcp adjust-mss 1452
    ip classless
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source list 1 interface FastEthernet4 overload
    logging trap debugging
    access-list 1 remark INSIDE_IF=Vlan1
    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit
    no cdp run
    banner login ^CAuthorized access only!
    Disconnect IMMEDIATELY if you are not an authorized user!^C
    line con 0
    login local
    no modem enable
    line aux 0
    line vty 0 4
    privilege level 15
    login local
    transport input telnet ssh
    scheduler max-task-time 5000
    scheduler allocate 4000 1000
    scheduler interval 500

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.