I'll post it tonight when I go back to work on the network again. I was hoping it was something simple that I was missing and It's been bugging me for 2 days now.

OK here's the current configuration thats on the router (hope thats enough info). Bare with me if this isn't what your asking for as I'm new to Cisco routers.

clock timezone PCTime -5

clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00

ip subnet-zero

no ip source-route

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.1.1 192.168.1.99

!

ip dhcp pool sdm-pool1

import all

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

!

!

ip cef

ip inspect name DEFAULT100 cuseeme

ip inspect name DEFAULT100 ftp

ip inspect name DEFAULT100 h323

ip inspect name DEFAULT100 icmp

ip inspect name DEFAULT100 rcmd

ip inspect name DEFAULT100 realaudio

ip inspect name DEFAULT100 rtsp

ip inspect name DEFAULT100 esmtp

ip inspect name DEFAULT100 sqlnet

ip inspect name DEFAULT100 streamworks

ip inspect name DEFAULT100 tftp

ip inspect name DEFAULT100 tcp

ip inspect name DEFAULT100 udp

ip inspect name DEFAULT100 vdolive

ip tcp synwait-time 10

no ip bootp server

ip name-server 207.181.101.4

ip name-server 207.181.101.5

ip ssh time-out 60

ip ssh authentication-retries 2

!

bridge irb

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

description $ES_WAN$$FW_OUTSIDE$

ip address 66.46.23.50 255.255.255.248

ip access-group 101 in

ip verify unicast reverse-path

no ip redirects

no ip unreachables

no ip proxy-arp

ip inspect DEFAULT100 out

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

!

interface Dot11Radio0

no ip address

!

ssid Century21

authentication open

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0

54.0

station-role root

bridge-group 1

bridge-group 1 spanning-disabled

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$

no ip address

ip tcp adjust-mss 1452

bridge-group 1

!

interface BVI1

description $ES_LAN$$FW_INSIDE$

ip address 192.168.1.1 255.255.255.0

ip access-group 100 in

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1412

!

ip classless

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 1 interface FastEthernet4 overload

!

logging trap debugging

access-list 1 remark INSIDE_IF=BVI1

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 100 remark auto generated by Cisco SDM Express firewall configuratio

n

access-list 100 remark SDM_ACL Category=1

access-list 100 deny ip 66.46.23.48 0.0.0.7 any

access-list 100 deny ip host 255.255.255.255 any

access-list 100 deny ip 127.0.0.0 0.255.255.255 any

access-list 100 permit ip any any

access-list 101 remark auto generated by Cisco SDM Express firewall configuratio

n

access-list 101 remark SDM_ACL Category=1

access-list 101 permit udp host 207.181.101.5 eq domain host 66.46.23.50

access-list 101 permit udp host 207.181.101.4 eq domain host 66.46.23.50

access-list 101 deny ip 192.168.1.0 0.0.0.255 any

access-list 101 permit icmp any host 66.46.23.50 echo-reply

access-list 101 permit icmp any host 66.46.23.50 time-exceeded

access-list 101 permit icmp any host 66.46.23.50 unreachable

access-list 101 deny ip 10.0.0.0 0.255.255.255 any

access-list 101 deny ip 172.16.0.0 0.15.255.255 any

access-list 101 deny ip 192.168.0.0 0.0.255.255 any

access-list 101 deny ip 127.0.0.0 0.255.255.255 any

access-list 101 deny ip host 255.255.255.255 any

access-list 101 deny ip host 0.0.0.0 any

access-list 101 deny ip any any

Static IP settings are as follows...

IP: 66.46.23.50

Subnet Mask: 255.255.255.248

Default Gateway: 66.46.23.49

DNS1: 207.181.101.4

DNS2: 207.181.101.5

Anyone have any ideas? Did I miss something?

Can you also post a "show ip route" ?

Routing is disabled so I can use the "ip default-gateway 66.46.23.49". But I did try routing and I inputed the default gateway address there. From what I remember it would looked like "ip route 0.0.0.0 0.0.0.0 66.46.23.49". I'll enable routing again when I get to the network tonight and post back the config.

Thanks for the help so far, much appreciated.

Brian

Also my Cisco 851 is being connected to another Cisco ADSL router (provided by isp) and setup with 5 private ips. Not sure if that makes a difference or not.

Assuming that your ISP's router is .49, your route statement should be-

ip route 0.0.0.0 0.0.0.0 66.46.23.49

Once routing is in place, I would test by (stop as soon as the first one fails):

1. From the router, ping the default gateway.

2. From the router, ping the DNS servers

3. From the router, ping 4.2.2.2

4. From a client repeat steps 1,2,3

If steps 1-3 are OK, but 4 fails, turn on logging-

'logging on'

'logging buff debug'

then try step 4 again and post results of the log-

'show log'

Let us know what happens.

Thanks for your quick reply. I'm heading over to the network tonight I'll let you know how it goes.

Thanks again,

Brian

Well no luck. I set ip route and can't ping the gateway but via a client it's fine. This one seriously has me scracthing my head. I've very close to calling the ISP and asking them to switch the box over to DHCP. Here's a link to the log and config.

http://www.pc-experts.ca/cisco/config.txt

Thanks again for any help.

Thanks for all your help! Calling the ISP and clearing the ARP worked! So the problem was the ISP's ADSL router couldn't see my new firewall. It didn't work the first time but I reset the router to factory settings and reconfigered it and worked no problem.

Again, thanks for all the help.

Regards,

Brian