# Help with Cisco 857 ADSL configuration



## jobinjv (Jul 7, 2008)

I have a DSL connection in our office and just found a Cisco 857 router while doing an inventory and thought of using the device as an ADSL modem for my connection instead of the present US Robotics but little did I know that my lack of experience is goona make this a tough task.

Here I am posting my start-up configuration:

Building configuration...

Current configuration : 3546 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SAHARANET
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$RWKB$DXerOxv.9UZNo0/E2yMpk1
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-364691165
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-364691165
revocation-check none
rsakeypair TP-self-signed-364691165
! 
!
crypto pki certificate chain TP-self-signed-364691165
certificate self-signed 01
3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33363436 39313136 35301E17 0D303230 33303130 32323134
365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3336 34363931
31363530 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
88AED869 BF4146E2 0CCFBDCE E3FF1749 DAED60CC 561DBCB8 AC38D0E1 08EE50B6
22CA77DE 378BE869 3B9EE13A D868DF91 2EED88C0 B156650A FD5280D9 5F629396
3529CA75 952E889A C0B3571C 153BA656 8125F70E D5283B9F B251A9EC B2D9DDFA
6C044576 10A45249 2B835875 E1E3BA8C 3BC9528E C56A615C F1D29D92 FA6055BF
02030100 01A36930 67300F06 03551D13 0101FF04 05300301 01FF3014 0603551D
11040D30 0B820953 41484152 414E4554 301F0603 551D2304 18301680 14EBA9A2
E5172B65 AE5001CE 64429064 FED78163 F2301D06 03551D0E 04160414 EBA9A2E5
172B65AE 5001CE64 429064FE D78163F2 300D0609 2A864886 F70D0101 04050003
8181004F B0D43AC8 63A1372B 547E30C0 6A5D2069 C1F24D3E 34447486 4E2754EE
2CDD103B 0DF5BB1B DF97E12A 65BF310B E26C11D6 15E3D972 7E7FF96F DF87CB70
BC55D83A 49691535 7D0B9949 1F5882D8 13CA2FC3 E49B18A8 1B15FC2B 3C04BF3B
7034D89B 441ED09E 2901DC2D CF4845C0 75B085FE 14697425 4B29ECA6 BC0C7CA8 C26626
quit
dot11 syslog
!
!
ip cef
ip name-server 212.76.68.200
ip name-server 212.76.68.201
!
!
!
username jobin privilege 15 secret 5 $1$VorZ$AJVnnkKBsDvi0pG7xF5QX0
username pacs privilege 15 secret 5 $1$B4lk$q8tfMXH9O1ofAzLEMNZzB1
username admin privilege 15 secret 5 $1$P2y3$Qff5r3Qg135IKKfABBUWC/
!
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
no ip address
ip virtual-reassembly
no atm ilmi-keepalive
pvc 0/35
pppoe-client dial-pool-number 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 192.168.6.1 255.255.255.0 secondary
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
hold-queue 100 out
! 
interface Dialer0
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer remote-name redback
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname ***@**.sahara.net.sa
ppp chap password 0 ******
ppp pap sent-username ***@**.sahara.net.sa password 0 ******
ppp ipcp wins request
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
! 
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.6.0 0.0.0.255
dialer-list 1 protocol ip permit
!
control-plane
!
!
line con 0
password cisco
logging synchronous
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end

I have used two IP on VLAN 1 as the 192.168.1.1 is supposed to be for our bluecoat device and the 192.168.6.1 is for another UTM device.

I get connected and I get an external IP assigned also. The problem starts from there. 

When I telnet the router and ping 4.2.2.2, it is successful. So is it successful when I ping few other domains like facebook.com, gmail.com, google.com, our mail server but the ping fails when I try hotmail.com. The second problem is while I try to surf the net. If I enter any qualified domain address like www.google.com, mail.google.com, or any other I cannot access the page but if I try surfing to Google using the IP address I am shown the page or any other web site with their IP address I am taken to the webpage except hotmail.

Could someone help me as to why I can’t access hotmail and why I am not able to surf using the domain name.


----------



## scottsee (Feb 28, 2007)

That's a tough one.. Try removing your ACL from the controlling interface or add this command to your ACL 1.

```
permit any
```
I'm surprised your vty session can use the nameserver and works with qualified domains, but when you browse you receives an icmp code 3 type 3 error. Is your name server IP different then your DNS?

Can you capture a Wireshark .pcap file trying to initiate the handshake?

I'm kind of baffled..

Side note, I like those 800 series, I've almost bought the 851w on several occasions for my home network..


----------



## jobinjv (Jul 7, 2008)

Thnaks for the reply scottsee. I found out that it was due to ip dns server missing in the configuration. the new configuration is so.



> Building configuration...
> 
> Current configuration : 3820 bytes
> !
> ...


A new problem that I am facing now is that I cannot telnet using 192.168.1.1 but it is possible through 192.168.6.1. Also I am not able to ping the 1 range from within my network.


----------



## scottsee (Feb 28, 2007)

I figured it was your DNS server if your name server was working.

As for your followup question. I noticed that earlier, I just didn't want to point it out. You can only use 1 ip address for any vlan, including your default. Vlans = broadcast domains = subnets. They all mean the same thing, so you can't have 2 different subnet masks on the same vlan. Weren't you seeing vlan mismatch errors in your terminal sessions?. Append the vlan ip address you don't want with the 'no' command. 

Do you have a reason you wanted to setup 2 different vlan's,I don't want to insult you, but if so I'll walk you through it.


----------

