connect your router with the console cable
say 'no' for initial configuration
configure terminal mode
# conf term
change the enable secret password
# enable secret
change the hostname
# hostname adslrouter
assign IP address to the ethernet adapter (private IP address), use NAT
# int fastethernet 0
# ip address 192.168.0.254 255.255.255.0
# ip nat inside
# no shut
# exit
configure ATM interface
# int atm0
# no ip address
# no atm ilmi-keepalive
# dsl operating-mode auto
# no shut
# exit
configure ATM sub-interface
# int atm0.1 point-to-point
! find the PVC from your ISP
# pvc 8/35
# encapsulation aal5mux ppp dialer
# dialer pool-member 1
# exit
# exit
configure dialer interface
# int dialer 1
! if you get IP address from your ISP's DHCP, otherwise assign static address
# ip address negotiated
! access list for inbound traffic
# ip access-group 110 in
# ip nat outside
# encapsulation ppp
# dialer pool 1
! ppp authentication usernamen and password from your ISP
# ppp authentication chap callin
# ppp chap hostname <username@domain.com>
# ppp chap password
# exit
! NAT for internal clients
# ip nat inside source route-map NAT interface Dialer1 overload
! Port fowarding to internal Firewall
# ip nat inside source static tcp 192.168.0.10 22 interface Dialer1 22
# ip classless
! static route to dialer interface
# ip route 0.0.0.0 0.0.0.0 Dialer1
! access list for inbound connection to Dialer 1
# access-list 110 remark Inboud traffic to internal firewall
# access-list 110 remark Allow access to HTTPS from everywhere
# access-list 110 permit tcp any any eq 443
# access-list 110 remark Allow access to SSH only from X
# access-list 110 permit tcp host a.b.c.d any eq 22
! DNS is UDP that is not connection oriented, thus this is needed
# access-list 110 remark Allow DNS inbound
# access-list 110 permit ip host a.b.c.d any
! If you have SMTP server
# access-list 110 permit tcp any any eq smtp
! allow all established connection
# access-list 110 permit tcp any any established
# access-list 110 permit icmp any any
! deny all
# access-list 110 deny ip any any
! access list for route-map, being used by the ip nat
# access-list 150 remark NAT Traffic from Inside
# access-list 150 permit ip 192.168.0.0 0.0.0.255 any
# dialer-list 1 protocol ip permit
# route-map NAT permit 10
# match ip address 150
save it
# wr mem
1 comment:
Thanks very much your ADSL setup for the 1720 worked a treat.
i had my 2621 doing the ADSL. the diffrence i saw in yours is the ATM sub interface.
PS
i am starting the study again for BSCI i was ready then the exam was stopped at x-mass i just got the new BSCI eamx book from cisco today>
thanks
Michael
Post a Comment