troubleshooting Question

Bad routes on Cisco 1811 using DSL on the WAN

Avatar of Rainman13
Rainman13Flag for United States of America asked on
RoutersBroadbandHardware Firewalls
7 Comments1 Solution451 ViewsLast Modified:
I am setting up a Cisco 1811 at a small office.  Eventually I will have 3 PIX 501s VPN back to this router.  This is the first 1800 series I have setup with DSL, so any help would be appreciated.

My problem is this - I have everything working except routing (internal machines cant access the internet).  After much time with the folks from qwest helping me setup the PPPoE interface (even though thye wanted me to use PPPoA) I do get authenticated and I get an IP address back.  Qset also tells me that my IP address is <wan-ip>/32 with the gateway of the same address.  I tried seting up the dialer0 adapter as the default route, but to no avail.  Here is my startup-config.  Please let me know what changes I need to make to get the rouing to work.

!This is the running config of the router: 192.168.100.1
!----------------------------------------------------------------------------
!version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname WSIHQRouter
!
boot-start-marker
boot-end-marker
!
logging buffered 52000 debugging
enable password xxxxxxx
!
no aaa new-model
!
resource policy
!
clock timezone Chicago -6
clock summer-time Chicago date Apr 6 2003 2:00 Oct 26 2003 2:00
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.100.1 192.168.100.99
ip dhcp excluded-address 192.168.100.151 192.168.100.254
!
ip dhcp pool sdm-pool
   import all
   network 192.168.100.0 255.255.255.0
   default-router 192.168.100.1
   dns-server 192.168.100.5 192.168.100.6
   lease 0 2
!
!
ip domain name wsiinc.local
ip name-server 192.168.100.5
ip name-server 192.168.100.6
ip inspect log drop-pkt
ip inspect name SDM_MEDIUM appfw SDM_MEDIUM
ip inspect name SDM_MEDIUM cuseeme
ip inspect name SDM_MEDIUM dns
ip inspect name SDM_MEDIUM ftp
ip inspect name SDM_MEDIUM h323
ip inspect name SDM_MEDIUM https
ip inspect name SDM_MEDIUM icmp
ip inspect name SDM_MEDIUM imap reset
ip inspect name SDM_MEDIUM pop3 reset
ip inspect name SDM_MEDIUM netshow
ip inspect name SDM_MEDIUM rcmd
ip inspect name SDM_MEDIUM realaudio
ip inspect name SDM_MEDIUM rtsp
ip inspect name SDM_MEDIUM esmtp
ip inspect name SDM_MEDIUM sqlnet
ip inspect name SDM_MEDIUM streamworks
ip inspect name SDM_MEDIUM tftp
ip inspect name SDM_MEDIUM tcp
ip inspect name SDM_MEDIUM udp
ip inspect name SDM_MEDIUM vdolive
ip ips sdf location flash://128MB.sdf
ip ips notify SDEE
ip ips name sdm_ips_rule
!
appfw policy-name SDM_MEDIUM
  application im aol
    service default action allow alarm
    service text-chat action allow alarm
    server permit name login.oscar.aol.com
    server permit name toc.oscar.aol.com
    server permit name oam-d09a.blue.aol.com
    audit-trail on
  application im msn
    service default action allow alarm
    service text-chat action allow alarm
    server permit name messenger.hotmail.com
    server permit name gateway.messenger.hotmail.com
    server permit name webmessenger.msn.com
    audit-trail on
  application http
    strict-http action allow
    port-misuse im action reset alarm
    port-misuse p2p action reset alarm
    port-misuse tunneling action allow alarm
  application im yahoo
    service default action allow alarm
    service text-chat action allow alarm
    server permit name scs.msg.yahoo.com
    server permit name scsa.msg.yahoo.com
    server permit name scsb.msg.yahoo.com
    server permit name scsc.msg.yahoo.com
    server permit name scsd.msg.yahoo.com
    server permit name cs16.msg.dcn.yahoo.com
    server permit name cs19.msg.dcn.yahoo.com
    server permit name cs42.msg.dcn.yahoo.com
    server permit name cs53.msg.dcn.yahoo.com
    server permit name cs54.msg.dcn.yahoo.com
    server permit name ads1.vip.scd.yahoo.com
    server permit name radio1.launch.vip.dal.yahoo.com
    server permit name in1.msg.vip.re2.yahoo.com
    server permit name data1.my.vip.sc5.yahoo.com
    server permit name address1.pim.vip.mud.yahoo.com
    server permit name edit.messenger.yahoo.com
    server permit name messenger.yahoo.com
    server permit name http.pager.yahoo.com
    server permit name privacy.yahoo.com
    server permit name csa.yahoo.com
    server permit name csb.yahoo.com
    server permit name csc.yahoo.com
    audit-trail on
!
!
crypto pki trustpoint TP-self-signed-4XXXXXXX3
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-4XXXXXXX3
 revocation-check none
 rsakeypair TP-self-signed-4XXXXXXX3
!
!
crypto pki certificate chain TP-self-signed-4XXXXXXX3
 certificate self-signed 01
  3082024E ... A990DE89 4C74
  quit
username admin privilege 15 secret 5 $1$XXXXXXXXXXXXXXXXXXXXXX.b1
!
!
class-map match-any sdm_p2p_kazaa
 match protocol fasttrack
 match protocol kazaa2
class-map match-any sdm_p2p_edonkey
 match protocol edonkey
class-map match-any sdm_p2p_gnutella
 match protocol gnutella
class-map match-any sdm_p2p_bittorrent
 match protocol bittorrent
!
!
policy-map sdmappfwp2p_SDM_MEDIUM
 class sdm_p2p_edonkey
 class sdm_p2p_gnutella
 class sdm_p2p_kazaa
 class sdm_p2p_bittorrent
!
!
!
!
!
!
interface FastEthernet0
 description $ETH-WAN$
 no ip address
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface FastEthernet1
 description $FW_OUTSIDE$
 no ip address
 ip verify unicast reverse-path
 ip ips sdm_ips_rule in
 ip virtual-reassembly
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$
 ip address 192.168.100.1 255.255.255.0
 ip access-group 102 in
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1412
!
interface Async1
 no ip address
 encapsulation slip
!
interface Dialer0
 description $FW_OUTSIDE$
 ip address negotiated
 ip access-group 103 in
 ip mtu 1452
 ip nat outside
 ip ips sdm_ips_rule in
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname XXXXXXX@qwest.net
 ppp chap password 0 XXXXXXX
 service-policy output sdmappfwp2p_SDM_MEDIUM
!
ip route 0.0.0.0 0.0.0.0 Dialer0 permanent
ip route 192.168.100.0 255.255.255.0 Vlan1 permanent
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 192.168.100.5 25 interface Dialer0 25
ip nat inside source static tcp 192.168.100.5 110 interface Dialer0 110
ip nat inside source static tcp 192.168.100.5 366 interface Dialer0 366
ip nat inside source static tcp 192.168.100.5 587 interface Dialer0 587
ip nat inside source static udp 192.168.100.5 1195 interface Dialer0 1195
ip nat inside source static udp 192.168.100.5 1194 interface Dialer0 1194
ip nat inside source static tcp 192.168.100.5 22 interface Dialer0 22
!
ip access-list extended sdm_dialer0_in
 remark SDM_ACL Category=1
 permit tcp any eq smtp host 192.168.100.5 eq smtp
 remark SDM_ACL Category=1
 remark SDM_ACL Category=1
 remark SDM_ACL Category=1
 remark SDM_ACL Category=1
 remark SDM_ACL Category=1
!
access-list 2 remark SDM_ACL Category=1
access-list 2 remark SDM_ACL Category=1
access-list 2 remark SDM_ACL Category=1
access-list 2 remark SDM_ACL Category=1
access-list 2 remark SDM_ACL Category=1
access-list 2 remark SDM_ACL Category=1
access-list 23 permit 192.168.100.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip 207.224.111.0 0.0.0.255 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 deny   ip 192.168.100.0 0.0.0.255 any
access-list 101 permit icmp any host <wan-ip> echo-reply
access-list 101 permit icmp any host <wan-ip> time-exceeded
access-list 101 permit icmp any host <wan-ip> unreachable
access-list 101 remark SSH
access-list 101 permit tcp any host <wan-ip> eq 22
access-list 101 remark OpenVPN
access-list 101 permit udp any host <wan-ip> range 1194 1195
access-list 101 remark Submission
access-list 101 permit tcp any host <wan-ip> eq 587
access-list 101 remark ODMR
access-list 101 permit tcp any host <wan-ip> eq 366
access-list 101 remark pop
access-list 101 permit tcp any host <wan-ip>eq pop3
access-list 101 remark SMTP
access-list 101 permit tcp any host <wan-ip> eq smtp
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any log
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 remark SSH
access-list 101 remark OpenVPN
access-list 101 remark Submission
access-list 101 remark ODMR
access-list 101 remark pop
access-list 101 remark SMTP
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 remark SSH
access-list 101 remark OpenVPN
access-list 101 remark Submission
access-list 101 remark ODMR
access-list 101 remark pop
access-list 101 remark SMTP
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 remark SSH
access-list 101 remark OpenVPN
access-list 101 remark Submission
access-list 101 remark ODMR
access-list 101 remark pop
access-list 101 remark SMTP
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 remark SSH
access-list 101 remark OpenVPN
access-list 101 remark Submission
access-list 101 remark ODMR
access-list 101 remark pop
access-list 101 remark SMTP
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 remark SSH
access-list 101 remark OpenVPN
access-list 101 remark Submission
access-list 101 remark ODMR
access-list 101 remark pop
access-list 101 remark SMTP
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 deny   ip 207.224.111.208 0.0.0.15 any
access-list 102 deny   ip host 255.255.255.255 any
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip any any
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 permit tcp any host <wan-ip> eq 22
access-list 103 permit udp any host <wan-ip> eq 1195
access-list 103 permit udp any host <wan-ip> eq 1194
access-list 103 permit tcp any host <wan-ip> eq 587
access-list 103 permit tcp any host <wan-ip> eq 366
access-list 103 permit tcp any host <wan-ip> eq pop3
access-list 103 deny   ip 192.168.100.0 0.0.0.255 any
access-list 103 permit icmp any host <wan-ip> echo-reply
access-list 103 permit icmp any host <wan-ip> time-exceeded
access-list 103 permit icmp any host <wan-ip> unreachable
access-list 103 permit tcp any host <wan-ip> eq smtp
access-list 103 deny   ip 10.0.0.0 0.255.255.255 any
access-list 103 deny   ip 172.16.0.0 0.15.255.255 any
access-list 103 deny   ip 192.168.0.0 0.0.255.255 any
access-list 103 deny   ip 127.0.0.0 0.255.255.255 any
access-list 103 deny   ip host 255.255.255.255 any
access-list 103 deny   ip host 0.0.0.0 any
access-list 103 deny   ip any any log
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
!
!
control-plane
!
banner login ^CCCCCCCCCC
-----------------------------------------------------------------------
This the primary router for HQ of W-S Industrial.  AUTHORIZED USERS ONLY!
Cisco Router and Security Device Manager (SDM) is installed on this device.
-----------------------------------------------------------------------
^C
!
line con 0
 password XXXXXXX
 login
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 password XXXXXXX
 login local
 transport input telnet ssh
line vty 5 15
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
!
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end


ASKER CERTIFIED SOLUTION
rsivanandan

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 7 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 7 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros