cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
290
Views
0
Helpful
1
Replies

CBAC Routing issue

johnroche_2
Level 1
Level 1

Hi

I have a 2621 running cbac connected to a ISP over the FA0/0 interface. ISP requires pppoe authentication. This works fine but I cant get anything throught the router, any ideas?

Here is the config

Router#sho run

Building configuration...

Current configuration : 1978 bytes

!

version 12.3

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname router

!

boot-start-marker

boot-end-marker

!

enable secret XXXXXX

enable password XXXXXXX

!

no aaa new-model

ip subnet-zero

ip cef

!

!

!

ip inspect name FW_OUTSIDE udp

ip inspect name FW_OUTSIDE tcp

ip inspect name FW_OUTSIDE ftp

ip inspect name FW_OUTSIDE http

ip inspect name FW_OUTSIDE fragment maximum 256 timeout 1

ip inspect name FW_OUTSIDE realaudio

ip audit po max-events 100

vpdn enable

!

vpdn-group 1

request-dialin

protocol pppoe

!

interface FastEthernet0/0

no ip address

speed auto

full-duplex

pppoe enable

pppoe-client dial-pool-number 1

!

interface Serial0/0

no ip address

shutdown

!

interface FastEthernet0/1

ip address 192.168.11.250 255.255.255.0

ip nat inside

speed 100

full-duplex

!

interface Dialer0

ip address negotiated

ip access-group 105 in

ip mtu 1454

ip nat outside

ip inspect FW_OUTSIDE out

encapsulation ppp

ip tcp adjust-mss 1414

no ip mroute-cache

dialer pool 1

dialer idle-timeout 0

dialer-group 1

ppp authentication pap callin

ppp chap hostname johnroche

ppp chap password pppoeisgreat

ppp chap refuse

!

ip nat inside source list 101 interface Dialer0 overload

ip http server

no ip http secure-server

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

!

!

access-list 101 permit ip 192.168.11.0 0.0.0.255 any

access-list 105 deny ip 192.168.11.0 0.0.0.255 any

access-list 105 permit icmp any any echo-reply

access-list 105 permit icmp any 192.168.11.0 0.0.0.255 time-exceeded

access-list 105 permit icmp any 192.168.11.0 0.0.0.255 packet-too-big

access-list 105 permit icmp any 192.168.11.0 0.0.0.255 traceroute

access-list 105 permit icmp any 192.168.11.0 0.0.0.255 unreachable

access-list 105 deny ip any any

dialer-list 1 protocol ip permit

!

!

voice-port 1/0/0

!

voice-port 1/0/1

!

voice-port 1/1/0

!

voice-port 1/1/1

!

!

!

!

!

line con 0

line aux 0

line vty 0 4

password c1sc0

login

!

!

end

1 Reply 1

robhorniachek
Level 1
Level 1

This is a duplicate post - there are answers posted under the previous post...

Just in case you can't find it, you are missing the 'ip nat outside' on the outside interface...