I suggest you post this information and request on the Cisco Router
Forum on

www.tek-tips.com

There are a lot of experts that there may help you with a set-up script
or to help debug the current set-up.



RymCo wrote:
> I've tried to configure my Cisco 871 and I'm either missing something
> or blocking something. I first setup the router using the SDM wizards
> and didn't get the internet. Then, after saving that config, I wiped
> out all the wizard zones, policy-maps, class-maps, etc. and tried
> building my own config, as a learning process, and still can't get the
> internet. I'm able to negotiate the expected static IP address on the
> Dialer0 interface but fail ping attempts when I use the "Test
> Connection" in the SDM (DNS?). I have the DSL modem setup as a bridge
> and supply the PPPoE authentication via the router (PPP light on the
> router lights up so I think this is OK)
>
> I'm currently just trying to get the private-internet zone pair to
> work...
> My current config: (I copied the "self" policy maps from the wizard
> config)
>
> !--------------------------------------------------------------------------*--
> !version 12.4
> no service pad
> service tcp-keepalives-in
> service tcp-keepalives-out
> service timestamps debug datetime msec localtime show-timezone
> service timestamps log datetime msec localtime show-timezone
> service password-encryption
> service sequence-numbers
> !
> hostname router
> !
> boot-start-marker
> boot-end-marker
> !
> logging buffered 51200
> logging console critical
> enable secret 5 $1$HGmN$Y5uqYVVIQ1kwoYN7U/ma70
> !
> no aaa new-model
> clock timezone EST -5
> clock summer-time EDT recurring
> !
> !
> !
> crypto pki trustpoint TP-self-signed-1683258465
> enrollment selfsigned
> subject-name cn=IOS-Self-Signed-Certificate-1683258465
> revocation-check none
> rsakeypair TP-self-signed-1683258465
> !
> !
> crypto pki certificate chain TP-self-signed-1683258465
> certificate self-signed 01
>
> quit
> no ip source-route
> ip cef
> no ip dhcp use vrf connected
> ip dhcp excluded-address 192.168.0.1 192.168.0.10
> !
> ip dhcp pool pool1
> import all
> network 192.168.0.0 255.255.255.0
> dns-server 199.166.6.2 216.183.129.9
> default-router 192.168.0.1
> !
> !
> ip port-map user-RWW port tcp 4125 description Remote Web Workplace
> ip port-map user-RMS port tcp 5270 description Rights Management
> Services
> ip port-map user-RDP port tcp 3389 description Remote Desktop
> Protocol
> no ip bootp server
> ip domain name mydomain.local
> ip name-server 199.166.6.2
> ip name-server 216.183.129.9
> !
> !
> !
> username ciscoadmin privilege 15 secret 5
> archive
> log config
> hidekeys
> !
> !
> ip tcp synwait-time 10
> ip ssh time-out 60
> ip ssh authentication-retries 2
> !
> class-map type inspect match-any sbs-traffic
> match protocol smtp
> match protocol https
> match protocol user-RWW
> match protocol user-RDP
> match protocol user-RMS
> class-map type inspect match-any icmp-access
> match protocol icmp
> match protocol tcp
> match protocol udp
> class-map type inspect match-all sbs-services
> description SBS Services
> match access-group name SBS
> match class-map sbs-traffic
> class-map type inspect match-any internet-traffic
> description Basic Internet Traffic
> match protocol http
> match protocol https
> match protocol dns
> match protocol icmp
> !
> !
> policy-map type inspect internet-self-policy
> class class-default
> policy-map type inspect self-internet-policy
> class type inspect icmp-access
> inspect
> class class-default
> pass
> policy-map type inspect guest-internet-policy
> class type inspect internet-traffic
> inspect
> class class-default
> policy-map type inspect private-internet-policy
> class type inspect internet-traffic
> inspect
> class class-default
> policy-map type inspect internet-private-policy
> class type inspect sbs-services
> inspect
> class class-default
> !
> zone security private
> zone security guest
> zone security internet
> zone security dmz
> zone-pair security internet-private source internet destination
> private
> service-policy type inspect internet-private-policy
> zone-pair security private-internet source private destination
> internet
> service-policy type inspect private-internet-policy
> zone-pair security guest-internet source guest destination internet
> service-policy type inspect guest-internet-policy
> zone-pair security internet-self source internet destination self
> service-policy type inspect internet-self-policy
> zone-pair security self-internet source self destination internet
> service-policy type inspect self-internet-policy
> !
> !
> !
> interface Null0
> no ip unreachables
> !
> interface FastEthernet0
> description Internal Port
> !
> interface FastEthernet1
> description Internal Port
> !
> interface FastEthernet2
> description Guest Port
> switchport access vlan 2
> !
> interface FastEthernet3
> description DMZ Port
> switchport access vlan 3
> shutdown
> !
> interface FastEthernet4
> description Execulink aDSL$FW_OUTSIDE$$ES_WAN$$ETH-WAN$
> no ip address
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip nat outside
> ip virtual-reassembly
> zone-member security internet
> ip route-cache flow
> duplex auto
> speed auto
> pppoe enable group global
> pppoe-client dial-pool-number 1
> !
> interface Vlan1
> description Private Network$FW_INSIDE$$ES_LAN$$ETH-SW-LAUNCH$$INTF-
> INFO-HWIC 4ESW$
> ip address 192.168.0.1 255.255.255.0
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip nat inside
> ip virtual-reassembly
> zone-member security private
> ip route-cache flow
> ip tcp adjust-mss 1412
> !
> interface Vlan2
> description Guest Network$FW_INSIDE$
> ip address 192.168.1.1 255.255.255.0
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip nat inside
> ip virtual-reassembly
> zone-member security guest
> ip route-cache flow
> !
> interface Vlan3
> description DMZ Network
> ip address 192.168.2.1 255.255.255.0
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip nat inside
> ip virtual-reassembly
> zone-member security dmz
> ip route-cache flow
> !
> interface Dialer0
> description $FW_OUTSIDE$
> ip address negotiated
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip mtu 1452
> ip nat outside
> ip virtual-reassembly
> zone-member security internet
> encapsulation ppp
> ip route-cache flow
> dialer pool 1
> dialer-group 1
> no cdp enable
> ppp authentication pap callin
> ppp pap sent-username password 7
> !
> ip route 0.0.0.0 0.0.0.0 Dialer0 permanent
> !
> ip http server
> ip http access-class 3
> ip http authentication local
> ip http secure-server
> ip http timeout-policy idle 60 life 86400 requests 10000
> ip nat inside source static tcp 192.168.0.2 25 interface Dialer0 25
> ip nat inside source static tcp 192.168.0.2 443 interface Dialer0 443
> ip nat inside source static tcp 192.168.0.2 1723 interface Dialer0
> 1723
> ip nat inside source static tcp 192.168.0.2 3389 interface Dialer0
> 3389
> ip nat inside source static tcp 192.168.0.2 4125 interface Dialer0
> 4125
> ip nat inside source static tcp 192.168.0.2 5720 interface Dialer0
> 5720
> ip nat inside source list 1 interface FastEthernet4 overload
> !
> ip access-list extended SBS
> remark SBS Server
> remark SDM_ACL Category=128
> permit ip any host 192.168.0.2
> !
> logging trap debugging
> access-list 1 remark NAT ACL
> access-list 1 remark SDM_ACL Category=2
> access-list 1 remark Internal Network
> access-list 1 permit 192.168.0.0 0.0.0.255
> access-list 1 remark Guest Network
> access-list 1 permit 192.168.1.0 0.0.0.255
> access-list 1 remark DMZ Network
> access-list 1 permit 129.168.3.0 0.0.0.255
> access-list 2 remark HTTP ACL
> access-list 2 remark SDM_ACL Category=1
> access-list 2 permit 192.168.0.0 0.0.0.255
> access-list 2 deny any
> dialer-list 1 protocol ip permit
> no cdp run
> !
> !
> !
> control-plane
> !
> banner login ^CC
> You have entered $(hostname).$(domain).
> Access is for authorized users only. Disconnect IMMEDIATELY if you are
> not
> an authorized user! Please enter your username and password.^C
> !
> line con 0
> login local
> no modem enable
> transport output telnet
> line aux 0
> login local
> transport output telnet
> line vty 0 4
> access-class 2 in
> privilege level 15
> login local
> transport input telnet ssh
> !
> scheduler max-task-time 5000
> scheduler allocate 4000 1000
> scheduler interval 500
>
>
> !
> webvpn cef
> end
>

Thanks Cal... will do that. Wasn't sure where to go...

On Oct 10, 6:17 pm, Cal Vanize wrote:
> I suggest you post this information and request on the Cisco Router
> Forum on
>
> www.tek-tips.com
>
> There are a lot of experts that there may help you with a set-up script
> or to help debug the current set-up.
>

RymCo wrote:

> I've tried to configure my Cisco 871 and I'm either missing something
> or blocking something. I first setup the router using the SDM wizards
> and didn't get the internet. Then, after saving that config, I wiped
> out all the wizard zones, policy-maps, class-maps, etc. and tried
> building my own config, as a learning process, and still can't get the
> internet. I'm able to negotiate the expected static IP address on the
> Dialer0 interface but fail ping attempts when I use the "Test
> Connection" in the SDM (DNS?). I have the DSL modem setup as a bridge
> and supply the PPPoE authentication via the router (PPP light on the
> router lights up so I think this is OK)
>
> I'm currently just trying to get the private-internet zone pair to
> work...
> My current config: (I copied the "self" policy maps from the wizard
> config)
>
> !--------------------------------------------------------------------------*--
> !version 12.4
> no service pad
> service tcp-keepalives-in
> service tcp-keepalives-out
> service timestamps debug datetime msec localtime show-timezone
> service timestamps log datetime msec localtime show-timezone
> service password-encryption
> service sequence-numbers
> !
> hostname router
> !
> boot-start-marker
> boot-end-marker
> !
> logging buffered 51200
> logging console critical
> enable secret 5 $1$HGmN$Y5uqYVVIQ1kwoYN7U/ma70
> !
> no aaa new-model
> clock timezone EST -5
> clock summer-time EDT recurring
> !
> !
> !
> crypto pki trustpoint TP-self-signed-1683258465
> enrollment selfsigned
> subject-name cn=IOS-Self-Signed-Certificate-1683258465
> revocation-check none
> rsakeypair TP-self-signed-1683258465
> !
> !
> crypto pki certificate chain TP-self-signed-1683258465
> certificate self-signed 01
>
> quit
> no ip source-route
> ip cef
> no ip dhcp use vrf connected
> ip dhcp excluded-address 192.168.0.1 192.168.0.10
> !
> ip dhcp pool pool1
> import all
> network 192.168.0.0 255.255.255.0
> dns-server 199.166.6.2 216.183.129.9
> default-router 192.168.0.1
> !
> !
> ip port-map user-RWW port tcp 4125 description Remote Web Workplace
> ip port-map user-RMS port tcp 5270 description Rights Management
> Services
> ip port-map user-RDP port tcp 3389 description Remote Desktop
> Protocol
> no ip bootp server
> ip domain name mydomain.local
> ip name-server 199.166.6.2
> ip name-server 216.183.129.9
> !
> !
> !
> username ciscoadmin privilege 15 secret 5
> archive
> log config
> hidekeys
> !
> !
> ip tcp synwait-time 10
> ip ssh time-out 60
> ip ssh authentication-retries 2
> !
> class-map type inspect match-any sbs-traffic
> match protocol smtp
> match protocol https
> match protocol user-RWW
> match protocol user-RDP
> match protocol user-RMS
> class-map type inspect match-any icmp-access
> match protocol icmp
> match protocol tcp
> match protocol udp
> class-map type inspect match-all sbs-services
> description SBS Services
> match access-group name SBS
> match class-map sbs-traffic
> class-map type inspect match-any internet-traffic
> description Basic Internet Traffic
> match protocol http
> match protocol https
> match protocol dns
> match protocol icmp
> !
> !
> policy-map type inspect internet-self-policy
> class class-default
> policy-map type inspect self-internet-policy
> class type inspect icmp-access
> inspect
> class class-default
> pass
> policy-map type inspect guest-internet-policy
> class type inspect internet-traffic
> inspect
> class class-default
> policy-map type inspect private-internet-policy
> class type inspect internet-traffic
> inspect
> class class-default
> policy-map type inspect internet-private-policy
> class type inspect sbs-services
> inspect
> class class-default
> !
> zone security private
> zone security guest
> zone security internet
> zone security dmz
> zone-pair security internet-private source internet destination
> private
> service-policy type inspect internet-private-policy
> zone-pair security private-internet source private destination
> internet
> service-policy type inspect private-internet-policy
> zone-pair security guest-internet source guest destination internet
> service-policy type inspect guest-internet-policy
> zone-pair security internet-self source internet destination self
> service-policy type inspect internet-self-policy
> zone-pair security self-internet source self destination internet
> service-policy type inspect self-internet-policy
> !
> !
> !
> interface Null0
> no ip unreachables
> !
> interface FastEthernet0
> description Internal Port
> !
> interface FastEthernet1
> description Internal Port
> !
> interface FastEthernet2
> description Guest Port
> switchport access vlan 2
> !
> interface FastEthernet3
> description DMZ Port
> switchport access vlan 3
> shutdown
> !
> interface FastEthernet4
> description Execulink aDSL$FW_OUTSIDE$$ES_WAN$$ETH-WAN$
> no ip address
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip nat outside
> ip virtual-reassembly
> zone-member security internet
> ip route-cache flow
> duplex auto
> speed auto
> pppoe enable group global
> pppoe-client dial-pool-number 1
> !
> interface Vlan1
> description Private Network$FW_INSIDE$$ES_LAN$$ETH-SW-LAUNCH$$INTF-
> INFO-HWIC 4ESW$
> ip address 192.168.0.1 255.255.255.0
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip nat inside
> ip virtual-reassembly
> zone-member security private
> ip route-cache flow
> ip tcp adjust-mss 1412
> !
> interface Vlan2
> description Guest Network$FW_INSIDE$
> ip address 192.168.1.1 255.255.255.0
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip nat inside
> ip virtual-reassembly
> zone-member security guest
> ip route-cache flow
> !
> interface Vlan3
> description DMZ Network
> ip address 192.168.2.1 255.255.255.0
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip nat inside
> ip virtual-reassembly
> zone-member security dmz
> ip route-cache flow
> !
> interface Dialer0
> description $FW_OUTSIDE$
> ip address negotiated
> no ip redirects
> no ip unreachables
> no ip proxy-arp
> ip mtu 1452
> ip nat outside
> ip virtual-reassembly
> zone-member security internet
> encapsulation ppp
> ip route-cache flow
> dialer pool 1
> dialer-group 1
> no cdp enable
> ppp authentication pap callin
> ppp pap sent-username password 7
> !
> ip route 0.0.0.0 0.0.0.0 Dialer0 permanent
> !
> ip http server
> ip http access-class 3
> ip http authentication local
> ip http secure-server
> ip http timeout-policy idle 60 life 86400 requests 10000
> ip nat inside source static tcp 192.168.0.2 25 interface Dialer0 25
> ip nat inside source static tcp 192.168.0.2 443 interface Dialer0 443
> ip nat inside source static tcp 192.168.0.2 1723 interface Dialer0
> 1723
> ip nat inside source static tcp 192.168.0.2 3389 interface Dialer0
> 3389
> ip nat inside source static tcp 192.168.0.2 4125 interface Dialer0
> 4125
> ip nat inside source static tcp 192.168.0.2 5720 interface Dialer0
> 5720
> ip nat inside source list 1 interface FastEthernet4 overload
> !
> ip access-list extended SBS
> remark SBS Server
> remark SDM_ACL Category=128
> permit ip any host 192.168.0.2
> !
> logging trap debugging
> access-list 1 remark NAT ACL
> access-list 1 remark SDM_ACL Category=2
> access-list 1 remark Internal Network
> access-list 1 permit 192.168.0.0 0.0.0.255
> access-list 1 remark Guest Network
> access-list 1 permit 192.168.1.0 0.0.0.255
> access-list 1 remark DMZ Network
> access-list 1 permit 129.168.3.0 0.0.0.255
> access-list 2 remark HTTP ACL
> access-list 2 remark SDM_ACL Category=1
> access-list 2 permit 192.168.0.0 0.0.0.255
> access-list 2 deny any
> dialer-list 1 protocol ip permit
> no cdp run
> !
> !
> !
> control-plane
> !
> banner login ^CC
> You have entered $(hostname).$(domain).
> Access is for authorized users only. Disconnect IMMEDIATELY if you are
> not
> an authorized user! Please enter your username and password.^C
> !
> line con 0
> login local
> no modem enable
> transport output telnet
> line aux 0
> login local
> transport output telnet
> line vty 0 4
> access-class 2 in
> privilege level 15
> login local
> transport input telnet ssh
> !
> scheduler max-task-time 5000
> scheduler allocate 4000 1000
> scheduler interval 500
>
>
> !
> webvpn cef
> end
>
First off, you FastEthernet must be set to NAT inside. I see that you
have it set to NAT Outside - that will never work. The fastethernet is
the port that connects to your inside (home) network. Then make sure
that you have Ethernet0 (or whatever you happen to call your DSL card)
set to NAT outside. By the way, don't do the manual configuration, it
can only lead to trouble. Make sure you read the error messages when
you test each interface set up and you will find that the connection
problem is related to the error message given when the interface test
fails.

Finally, check you router's Configuration register by doing a, show
version, from the enabled prompt#. The last line in the display will
show you the configuration register. For example, I set my
configuration register to be 0x0101 and it shows up in the "show
version" command as "Configuration register is 0x101. If you are using
another configuration register, be sure to look up what those numbers
mean. In some cases, the configuration register prohibit an inside
interface from connecting to an outside interface!

DatrhOdor

On Oct 15, 12:34 am, DarthOdor wrote:
> RymCo wrote:
> > I've tried to configure my Cisco 871 and I'm either missing something
> > or blocking something. I first setup the router using the SDM wizards
> > and didn't get the internet. Then, after saving that config, I wiped
> > out all the wizard zones, policy-maps, class-maps, etc. and tried
> > building my own config, as a learning process, and still can't get the
> > internet. I'm able to negotiate the expected static IP address on the
> > Dialer0 interface but fail ping attempts when I use the "Test
> > Connection" in the SDM (DNS?). I have the DSL modem setup as a bridge
> > and supply the PPPoE authentication via the router (PPP light on the
> > router lights up so I think this is OK)
>
> > I'm currently just trying to get the private-internet zone pair to
> > work...
> > My current config: (I copied the "self" policy maps from the wizard
> > config)
>
> > !--------------------------------------------------------------------------**--
> > !version 12.4
> > no service pad
> > service tcp-keepalives-in
> > service tcp-keepalives-out
> > service timestamps debug datetime msec localtime show-timezone
> > service timestamps log datetime msec localtime show-timezone
> > service password-encryption
> > service sequence-numbers
> > !
> > hostname router
> > !
> > boot-start-marker
> > boot-end-marker
> > !
> > logging buffered 51200
> > logging console critical
> > enable secret 5 $1$HGmN$Y5uqYVVIQ1kwoYN7U/ma70
> > !
> > no aaa new-model
> > clock timezone EST -5
> > clock summer-time EDT recurring
> > !
> > !
> > !
> > crypto pki trustpoint TP-self-signed-1683258465
> > enrollment selfsigned
> > subject-name cn=IOS-Self-Signed-Certificate-1683258465
> > revocation-check none
> > rsakeypair TP-self-signed-1683258465
> > !
> > !
> > crypto pki certificate chain TP-self-signed-1683258465
> > certificate self-signed 01
> >
> > quit
> > no ip source-route
> > ip cef
> > no ip dhcp use vrf connected
> > ip dhcp excluded-address 192.168.0.1 192.168.0.10
> > !
> > ip dhcp pool pool1
> > import all
> > network 192.168.0.0 255.255.255.0
> > dns-server 199.166.6.2 216.183.129.9
> > default-router 192.168.0.1
> > !
> > !
> > ip port-map user-RWW port tcp 4125 description Remote Web Workplace
> > ip port-map user-RMS port tcp 5270 description Rights Management
> > Services
> > ip port-map user-RDP port tcp 3389 description Remote Desktop
> > Protocol
> > no ip bootp server
> > ip domain name mydomain.local
> > ip name-server 199.166.6.2
> > ip name-server 216.183.129.9
> > !
> > !
> > !
> > username ciscoadmin privilege 15 secret 5
> > archive
> > log config
> > hidekeys
> > !
> > !
> > ip tcp synwait-time 10
> > ip ssh time-out 60
> > ip ssh authentication-retries 2
> > !
> > class-map type inspect match-any sbs-traffic
> > match protocol smtp
> > match protocol https
> > match protocol user-RWW
> > match protocol user-RDP
> > match protocol user-RMS
> > class-map type inspect match-any icmp-access
> > match protocol icmp
> > match protocol tcp
> > match protocol udp
> > class-map type inspect match-all sbs-services
> > description SBS Services
> > match access-group name SBS
> > match class-map sbs-traffic
> > class-map type inspect match-any internet-traffic
> > description Basic Internet Traffic
> > match protocol http
> > match protocol https
> > match protocol dns
> > match protocol icmp
> > !
> > !
> > policy-map type inspect internet-self-policy
> > class class-default
> > policy-map type inspect self-internet-policy
> > class type inspect icmp-access
> > inspect
> > class class-default
> > pass
> > policy-map type inspect guest-internet-policy
> > class type inspect internet-traffic
> > inspect
> > class class-default
> > policy-map type inspect private-internet-policy
> > class type inspect internet-traffic
> > inspect
> > class class-default
> > policy-map type inspect internet-private-policy
> > class type inspect sbs-services
> > inspect
> > class class-default
> > !
> > zone security private
> > zone security guest
> > zone security internet
> > zone security dmz
> > zone-pair security internet-private source internet destination
> > private
> > service-policy type inspect internet-private-policy
> > zone-pair security private-internet source private destination
> > internet
> > service-policy type inspect private-internet-policy
> > zone-pair security guest-internet source guest destination internet
> > service-policy type inspect guest-internet-policy
> > zone-pair security internet-self source internet destination self
> > service-policy type inspect internet-self-policy
> > zone-pair security self-internet source self destination internet
> > service-policy type inspect self-internet-policy
> > !
> > !
> > !
> > interface Null0
> > no ip unreachables
> > !
> > interface FastEthernet0
> > description Internal Port
> > !
> > interface FastEthernet1
> > description Internal Port
> > !
> > interface FastEthernet2
> > description Guest Port
> > switchport access vlan 2
> > !
> > interface FastEthernet3
> > description DMZ Port
> > switchport access vlan 3
> > shutdown
> > !
> > interface FastEthernet4
> > description Execulink aDSL$FW_OUTSIDE$$ES_WAN$$ETH-WAN$
> > no ip address
> > no ip redirects
> > no ip unreachables
> > no ip proxy-arp
> > ip nat outside
> > ip virtual-reassembly
> > zone-member security internet
> > ip route-cache flow
> > duplex auto
> > speed auto
> > pppoe enable group global
> > pppoe-client dial-pool-number 1
> > !
> > interface Vlan1
> > description Private Network$FW_INSIDE$$ES_LAN$$ETH-SW-LAUNCH$$INTF-
> > INFO-HWIC 4ESW$
> > ip address 192.168.0.1 255.255.255.0
> > no ip redirects
> > no ip unreachables
> > no ip proxy-arp
> > ip nat inside
> > ip virtual-reassembly
> > zone-member security private
> > ip route-cache flow
> > ip tcp adjust-mss 1412
> > !
> > interface Vlan2
> > description Guest Network$FW_INSIDE$
> > ip address 192.168.1.1 255.255.255.0
> > no ip redirects
> > no ip unreachables
> > no ip proxy-arp
> > ip nat inside
> > ip virtual-reassembly
> > zone-member security guest
> > ip route-cache flow
> > !
> > interface Vlan3
> > description DMZ Network
> > ip address 192.168.2.1 255.255.255.0
> > no ip redirects
> > no ip unreachables
> > no ip proxy-arp
> > ip nat inside
> > ip virtual-reassembly
> > zone-member security dmz
> > ip route-cache flow
> > !
> > interface Dialer0
> > description $FW_OUTSIDE$
> > ip address negotiated
> > no ip redirects
> > no ip unreachables
> > no ip proxy-arp
> > ip mtu 1452
> > ip nat outside
> > ip virtual-reassembly
> > zone-member security internet
> > encapsulation ppp
> > ip route-cache flow
> > dialer pool 1
> > dialer-group 1
> > no cdp enable
> > ppp authentication pap callin
> > ppp pap sent-username password 7
> > !
> > ip route 0.0.0.0 0.0.0.0 Dialer0 permanent
> > !
> > ip http server
> > ip http access-class 3
> > ip http authentication local
> > ip http secure-server
> > ip http timeout-policy idle 60 life 86400 requests 10000
> > ip nat inside source static tcp 192.168.0.2 25 interface Dialer0 25
> > ip nat inside source static tcp 192.168.0.2 443 interface Dialer0 443
> > ip nat inside source static tcp 192.168.0.2 1723 interface Dialer0
> > 1723
> > ip nat inside source static tcp 192.168.0.2 3389 interface Dialer0
> > 3389
> > ip nat inside source static tcp 192.168.0.2 4125 interface Dialer0
> > 4125
> > ip nat inside source static tcp 192.168.0.2 5720 interface Dialer0
> > 5720
> > ip nat inside source list 1 interface FastEthernet4 overload
> > !
> > ip access-list extended SBS
> > remark SBS Server
> > remark SDM_ACL Category=128
> > permit ip any host 192.168.0.2
> > !
> > logging trap debugging
> > access-list 1 remark NAT ACL
> > access-list 1 remark SDM_ACL Category=2
> > access-list 1 remark Internal Network
> > access-list 1 permit 192.168.0.0 0.0.0.255
> > access-list 1 remark Guest Network
> > access-list 1 permit 192.168.1.0 0.0.0.255
> > access-list 1 remark DMZ Network
> > access-list 1 permit 129.168.3.0 0.0.0.255
> > access-list 2 remark HTTP ACL
> > access-list 2 remark SDM_ACL Category=1
> > access-list 2 permit 192.168.0.0 0.0.0.255
> > access-list 2 deny any
> > dialer-list 1 protocol ip permit
> > no cdp run
> > !
> > !
> > !
> > control-plane
> > !
> > banner login ^CC
> > You have entered $(hostname).$(domain).
> > Access is for authorized users only. Disconnect IMMEDIATELY if you are
> > not
> > an authorized user! Please enter your username and password.^C
> > !
> > line con 0
> > login local
> > no modem enable
> > transport output telnet
> > line aux 0
> > login local
> > transport output telnet
> > line vty 0 4
> > access-class 2 in
> > privilege level 15
> > login local
> > transport input telnet ssh
> > !
> > scheduler max-task-time 5000
> > scheduler allocate 4000 1000
> > scheduler interval 500
>
> > !
> > webvpn cef
> > end
>
> First off, you FastEthernet must be set to NAT inside. I see that you
> have it set to NAT Outside - that will never work. The fastethernet is
> the port that connects to your inside (home) network. Then make sure
> that you have Ethernet0 (or whatever you happen to call your DSL card)
> set to NAT outside. By the way, don't do the manual configuration, it
> can only lead to trouble. Make sure you read the error messages when
> you test each interface set up and you will find that the connection
> problem is related to the error message given when the interface test
> fails.
>
> Finally, check you router's Configuration register by doing a, show
> version, from the enabled prompt#. The last line in the display will
> show you the configuration register. For example, I set my
> configuration register to be 0x0101 and it shows up in the "show
> version" command as "Configuration register is 0x101. If you are using
> another configuration register, be sure to look up what those numbers
> mean. In some cases, the configuration register prohibit an inside
> interface from connecting to an outside interface!
>
> DatrhOdor- Hide quoted text -
>
> - Show quoted text -

DarthOdor,

Thanks for the reply. I'm still having trouble with this...
My Fe4 port IS my WAN port. Fe0-Fe3 are the internal ethernet ports.
There isn't a DSL card in this model... I'm using the DSL modem (in
bridge mode) my ISP supplied me which is why I bought the ethernet
version of the router. I have taken this router all the way back to
factory default without a firewall and still can't connect.

show version yeilds: Configuration Register 0x2102

Thanks again for helping me out...

DarthOdor,

Thanks for the reply. I'm still having this problem...
My Fe4 port IS my WAN port. Fe0-Fe3 are the internal ports. There
isn't a DSL card in this model. I'm using the DSL modem supplied to
me by my ISP (in bridge mode). I have taken this all the way back to
factory default without a firewall and still can't connect...

show version yields: Configuration Register 0x2102

Thanks again for helping me out...