Diagnosing NAT problems with Cisco 851

Home Forums Networking Cisco Routers & Switches How-to Diagnosing NAT problems with Cisco 851

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    SteveDT123
    Member
    #128266

    Hello all, this is my first post so feel free to correct me if I am posting incorrectly. Also, thanks in advance for anyone who takes the time to read this.

    I recently purchased a Cisco 851 for my home, and used the SDM to configure it. The first time I chose defaults (basic firewall, basic NAT, DHCP internally, connect to my ISP using DHCP as well). I didn’t manually override anything. I found the tool helpful and easy to use. My hope was to then examine my run config and reverse engineer what it had done as a jumpstart into learning IOS.

    After the initial install everything was fine, except that I could not connect to my friends Microsoft VPN (PPTP with MSCHAP) whereas when I connect directly to cable modem, I am able to. I suspected firewall rules at play.

    My other problem (and persistent problem) is that I cannot get my Tivo to connect to the host service going through the router. Connecting directly to the modem, everything works fine.

    To rule out firewall, I reset to factory defaults, reran SDM and chose to skip enabling the firewall, and unchecked the SDM options that pertained to security. After doing this, my MSCHAP PPTP connection works fine, but my Tivo still cannot connect. Tivo reports that it uses services on ports: UDP 37, 123; TCP 37,80,443,5005,5222,5223,7287,7288,8000,8080-8089.

    Obviously, I am not looking to a solution to my problem with this little of info that I have provided. Instead, I am looking for advice on how to troubleshoot this. Is there a way that I can log the activities while the Tivo is sending outbound traffic to determine whats happening? or is there a better “diagnostic approach” I should take? Of course any resources or links anyone has that will give me a better understanding of Cisco routing / config concepts would be great. I assume its NAT/PAT problem, even though I don’t seem to see how it could be since everything else appears to work correctly. As far as I know Tivo is just making standard requests outside the wall (presumably HTTP requests).

    Here is my current config if this sheds any light. Again thanks so much for reading and even giving this half a second of thought. I realize that its vague and naive, but Im feeling a bit at a loss.

    version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    !
    hostname steverouter
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200 debugging
    logging console critical
    enable secret 5 …
    !
    no aaa new-model
    !
    resource policy
    !
    clock timezone PCTime -6
    clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
    ip subnet-zero
    no ip dhcp use vrf connected
    ip dhcp excluded-address 192.168.102.1 192.168.102.99
    !
    ip dhcp pool sdm-pool1
    import all
    network 192.168.102.0 255.255.255.0
    dns-server 68.87.68.162 68.87.74.162
    default-router 192.168.102.1
    !
    !
    ip cef
    ip tcp synwait-time 10
    ip domain name steve.dnsdojo.com
    ip name-server 68.87.68.162
    ip name-server 68.87.74.162
    !
    !
    crypto pki trustpoint TP-self-signed-2778007988
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-2778007988
    revocation-check none
    rsakeypair TP-self-signed-2778007988
    !
    !
    crypto pki certificate chain TP-self-signed-2778007988
    certificate self-signed 01

    username steve privilege 15 secret 5
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface FastEthernet4
    description $ES_WAN$$FW_OUTSIDE$
    ip address dhcp client-id FastEthernet4
    ip nat outside
    ip virtual-reassembly
    ip route-cache flow
    duplex auto
    speed auto
    !
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
    ip address 192.168.102.1 255.255.255.0
    ip mtu 1492
    ip nat inside
    ip virtual-reassembly
    ip route-cache flow
    ip tcp adjust-mss 1452
    !
    ip classless
    !
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source list 1 interface FastEthernet4 overload
    !
    logging trap debugging
    access-list 1 remark INSIDE_IF=Vlan1
    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit 192.168.102.0 0.0.0.255
    no cdp run
    !
    control-plane
    !
    banner login ^CAuthorized access only!
    Disconnect IMMEDIATELY if you are not an authorized user!^C
    !
    line con 0
    login local
    no modem enable
    line aux 0
    line vty 0 4
    privilege level 15
    login local
    transport input telnet ssh
    !
    scheduler max-task-time 5000
    scheduler allocate 4000 1000
    scheduler interval 500
    end

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.