8 Replies Latest reply on Aug 5, 2013 6:53 AM by dsiomtw

    Router is up/up but can't connect to Internet from LAN

    dsiomtw New Member

      So as luck would have it my techie is on vacation and they just activated my new T1. I've managed to get the router configured, or so I thought, but I can't connect to the Internet from my LAN so I figure I must have a setting wrong somewhere. If someone could take a look at my config posted below and see what you think I'd REALLY appreciate it. I can ping, traceroute, etc. from the router just fine, and DHCP seems to be working as it's assigning an IP to my laptop, but I just can't connect from the laptop. Eventually I'd like to add my netgear wireless router behind the 3200, but for now I just have my laptop plugged directly into the single ethernet port on the back of the 3200 ...

       

       

       

      Router#show run

      Building configuration...

      !

      !

      ! ADTRAN, Inc. OS version 15.12.00

      ! Boot ROM version 12.02.00

      ! Platform: NetVanta 3200, part number 1202860L1

      ! Serial number LBADTN0651AF993

      !

      !

      hostname "Router"

      enable password ********

      !

      clock timezone -8

      !

      ip subnet-zero

      ip classless

      ip name-server 198.6.100.98 198.6.100.25

      ip default-gateway 152.179.250.29

      no ip routing

      !

      auto-config

      !

      event-history on

      no logging forwarding

      no logging email

      logging email priority-level info

      !

      no service password-encryption

      !

      username "admin" password "********"

      !

      !

      no ip firewall alg msn

      no ip firewall alg h323

      !

      !

      !

      !

      !

      !

      !

      !

      ip dhcp-server database local

      ip dhcp-server excluded-address 192.168.1.1

      ip dhcp-server excluded-address 192.168.1.197

      !

      ip dhcp-server pool "Office"

        network 192.168.1.0 255.255.255.0

        dns-server 198.6.100.98

        netbios-node-type h-node

        default-router 192.168.1.1

      !

      !

      !

      interface eth 0/1

        ip address  192.168.1.1  255.255.255.0

        no shutdown

      !

      !

      !

      !

      interface t1 1/1

        tdm-group 1 timeslots 1-24 speed 64

        no shutdown

      !

      interface ppp 1

        ip address  152.179.250.30  255.255.255.252

        no shutdown

        cross-connect 1 t1 1/1 1 ppp 1

      !

      !

      !

      router rip

        version 2

      !

      !

      !

      !

      !

      !

      !

      no ip tftp server

      no ip tftp server overwrite

      ip http server

      ip http secure-server

      no ip snmp agent

      no ip ftp server

      no ip scp server

      no ip sntp server

      !

      !

      !

      !

      !

      !

      !

      line con 0

        login

        password adtran

      !

      line telnet 0 4

        login

        password ********

        line-timeout 30

        no shutdown

      line ssh 0 4

        login local-userlist

        no shutdown

      !

      !

      end

      Router#

        • Re: Router is up/up but can't connect to Internet from LAN
          jayh Hall_of_Fame

          Your LAN addresses are private and can't directly route across the Internet.  You need to define access policies to NAT them to the public Internet address of the T1.  Add the following:

           

          ip access-list standard self

            remark Traffic to Adtran

            permit any

           

          ip access-list standard ics

            remark Internet Connection Sharing

            permit any

           

          ip policy-class Public

            allow list self self

           

           

          ip policy-class Private

            allow list self self

            nat source list ics interface ppp 1 overload

           

          Then add the policies to the interfaces and enable the firewall.

           

          interface ppp 1

            access-policy Public

           

          interface eth 0/1

            access-policy Private

           

          ip firewall

           

            • Re: Router is up/up but can't connect to Internet from LAN
              dsiomtw New Member

              Doh! Thanks so much for the detailed help I REALLY appreciate it.

               

              Now that I have it working I'd like to add a wireless router to give me more ports and wireless access. Would I simply turn off DHCP on the adtran and turn on DHCP on my wireless router, or is there more that I would need to do?

                • Re: Router is up/up but can't connect to Internet from LAN
                  jayh Hall_of_Fame

                  dsiomtw wrote:

                   

                  Now that I have it working I'd like to add a wireless router to give me more ports and wireless access. Would I simply turn off DHCP on the adtran and turn on DHCP on my wireless router, or is there more that I would need to do?

                  What I do is add a wireless access point instead of a router.  This allows wired and wireless devices on the LAN to share the same DHCP pool, avoids double NAT, and is cleaner IMHO.

                   

                  What is weird is that consumer wireless routers are typically priced much lower than access points, most likely due to volume purchasing.  What often works is to get a wireless router, turn off DHCP on it, don't use its "Internet" or WAN port, and connect one of its LAN ports to the ethernet of the Adtran, effectively turning it into an access point and small ethernet switch.

                  1 of 1 people found this helpful
                    • Re: Router is up/up but can't connect to Internet from LAN
                      dsiomtw New Member

                      Thanks for the advice. I'll pickup a wireless access point as I definitely don't need to make this any more technical than it needs to be. I'm struggling to keep up as it is.


                      Last question for now if you have 2 more seconds...


                      I just noticed my adtran router is accessible via the web if you just type in the IP for my side of the circuit. I definitely don't want this. Any chance you know what I need to do to make my router inaccessible via the WAN?

                        • Re: Router is up/up but can't connect to Internet from LAN
                          jayh Hall_of_Fame

                          dsiomtw wrote:


                          Last question for now if you have 2 more seconds...


                          I just noticed my adtran router is accessible via the web if you just type in the IP for my side of the circuit. I definitely don't want this. Any chance you know what I need to do to make my router inaccessible via the WAN?


                          Most secure and flexible:


                          ip access-list standard admin-access

                            permit 192.168.1.0 0.0.0.255

                           

                          http ip access-class admin-access in

                          http ip secure-access-class admin-access in

                           

                          line telnet 0 4

                             ip access-class admin-access in

                           

                          line ssh 0 4

                            ip access-class admin-access in

                           

                          This allows you to allow specific outside hosts or networks to administer the device by modifying the admin-access list.

                           

                          Alternatively, remove the line

                              allow list self self

                          from the Public policy-class.  This can bite you later if you add a VPN or voice/dns/other proxy where sources on the Internet need to communicate with the Adtran itself but you don't want to allow remote administration.

                           

                          Or do both.



                          1 of 1 people found this helpful