Prezados,
Já tive um roteador cisco 837 e agora estou com um 1721 com uma placa ADSL. Tudo funciona perfeitamente: firewall, conexão pppoe, DHCP etc.
Um único item nunca tive sucesso, que foi o serviço de DNS Proxy (forwarding). Já ativei o servidor DNS (ip dns server), já utilizei servidores recebidos automaticamente pelo dialer (ppp ipcp dns request), já usei servidores fixos (ip name server x.x.x.x), já configurei as máquinas para utilizarem o roteador como dns, mas nada funciona.
Do roteador, a resolução de nomes funciona, ele resolve e pinga, mas das máquinas clientes, nunca funciona.
Vocês poderiam me dar uma luz? segue minha configuração:
Router#show config
Using 4802 out of 29688 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot system flash:c1700-advsecurityk9-mz124-19.bin
boot-end-marker
!
!
no aaa new-model
ip cef
!
!
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.99
!
ip dhcp pool cisco
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
lease infinite
!
!
vpdn enable
!
!
!
!
crypto pki trustpoint TP-self-signed-3666573180
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3666573180
revocation-check none
rsakeypair TP-self-signed-3666573180
!
!
crypto pki certificate chain TP-self-signed-3666573180
certificate self-signed 01 nvram:IOS-Self-Sig#3030.cer
username admin privilege 15 password 0 admin
!
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 0/33
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
description $FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
ip access-group 103 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
speed auto
!
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
ip access-group 104 in
ip mtu 1492
ip inspect SDM_LOW out
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication pap callin
ppp pap sent-username xxxxx password 0 xxxx
ppp ipcp dns request
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface Dialer1 overload
ip dns server
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 100 remark Domain/udp
access-list 100 permit udp any eq domain any
access-list 101 permit udp any eq domain any
access-list 101 permit udp any any eq domain
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 permit udp host 200.222.145.84 eq domain any
access-list 102 permit udp host 200.149.55.142 eq domain any
access-list 102 deny ip 192.168.1.0 0.0.0.255 any
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any time-exceeded
access-list 102 permit icmp any any unreachable
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip host 0.0.0.0 any
access-list 102 deny ip any any log
access-list 102 permit udp any any eq domain
access-list 102 permit udp any eq domain any
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 permit udp any eq domain any
access-list 103 deny ip host 255.255.255.255 any
access-list 103 deny ip 127.0.0.0 0.255.255.255 any
access-list 103 permit ip any any
access-list 104 remark auto generated by SDM firewall configuration
access-list 104 remark SDM_ACL Category=1
access-list 104 permit udp any eq domain any
access-list 104 deny ip 192.168.1.0 0.0.0.255 any
access-list 104 permit icmp any any echo-reply
access-list 104 permit icmp any any time-exceeded
access-list 104 permit icmp any any unreachable
access-list 104 deny ip 10.0.0.0 0.255.255.255 any
access-list 104 deny ip 172.16.0.0 0.15.255.255 any
access-list 104 deny ip 192.168.0.0 0.0.255.255 any
access-list 104 deny ip 127.0.0.0 0.255.255.255 any
access-list 104 deny ip host 255.255.255.255 any
access-list 104 deny ip host 0.0.0.0 any
access-list 104 deny ip any any log
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet
!
end
Obrigado!!!!