08-26-2004 11:32 AM - edited 03-09-2019 08:36 AM
Hi
I have a 2621 running cbac connected to a ISP over the FA0/0 interface. ISP requires pppoe authentication. This works fine but I cant get anything throught the router, any ideas?
Here is the config
Router#sho run
Building configuration...
Current configuration : 1978 bytes
!
version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
enable secret XXXXXX
enable password XXXXXXX
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip inspect name FW_OUTSIDE udp
ip inspect name FW_OUTSIDE tcp
ip inspect name FW_OUTSIDE ftp
ip inspect name FW_OUTSIDE http
ip inspect name FW_OUTSIDE fragment maximum 256 timeout 1
ip inspect name FW_OUTSIDE realaudio
ip audit po max-events 100
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
interface FastEthernet0/0
no ip address
speed auto
full-duplex
pppoe enable
pppoe-client dial-pool-number 1
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
ip address 192.168.11.250 255.255.255.0
ip nat inside
speed 100
full-duplex
!
interface Dialer0
ip address negotiated
ip access-group 105 in
ip mtu 1454
ip nat outside
ip inspect FW_OUTSIDE out
encapsulation ppp
ip tcp adjust-mss 1414
no ip mroute-cache
dialer pool 1
dialer idle-timeout 0
dialer-group 1
ppp authentication pap callin
ppp chap hostname johnroche
ppp chap password pppoeisgreat
ppp chap refuse
!
ip nat inside source list 101 interface Dialer0 overload
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
access-list 101 permit ip 192.168.11.0 0.0.0.255 any
access-list 105 deny ip 192.168.11.0 0.0.0.255 any
access-list 105 permit icmp any any echo-reply
access-list 105 permit icmp any 192.168.11.0 0.0.0.255 time-exceeded
access-list 105 permit icmp any 192.168.11.0 0.0.0.255 packet-too-big
access-list 105 permit icmp any 192.168.11.0 0.0.0.255 traceroute
access-list 105 permit icmp any 192.168.11.0 0.0.0.255 unreachable
access-list 105 deny ip any any
dialer-list 1 protocol ip permit
!
!
voice-port 1/0/0
!
voice-port 1/0/1
!
voice-port 1/1/0
!
voice-port 1/1/1
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password c1sc0
login
!
!
end
08-26-2004 11:44 AM
This is a duplicate post - there are answers posted under the previous post...
Just in case you can't find it, you are missing the 'ip nat outside' on the outside interface...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide