Hi there,
I have just installed a cisco 837 which I have done many times before but this time things are not working. The router has been configured using the CRWS utility and setup with PAT for various services such as smtp, http etc. Everything worked execept the port address translations. After many hours and a lot of hair pulling I found the case below suggesting there is a known bug with IOS 12.3 and all that was needed was to remove the inspect statements. Inspect statements removed and PAT started to work. BUT now there is no internet access from the LAN. Pings and trace routes to external domains all work fine. Any help is most appreciated.
ip audit notify log ip audit po max-events 100 no ftp-server write-enable ! ! ! ! ! ! ! interface Ethernet0 description CRWS Generated text. Please do not delete this:10.0.0.254-255.255.255.0 ip address 10.0.0.254 255.255.255.0 secondary ip address 10.10.10.1 255.255.255.0 ip nat inside ip tcp adjust-mss 1452 hold-queue 100 out ! interface ATM0 no ip address atm vc-per-vp 64 no atm ilmi-keepalive pvc 0/38 pppoe-client dial-pool-number 1 ! dsl operating-mode auto ! interface FastEthernet1 no ip address duplex auto speed auto ! interface FastEthernet2 no ip address duplex auto speed auto ! interface FastEthernet3 no ip address duplex auto speed auto ! interface FastEthernet4 no ip address duplex auto speed auto ! interface Dialer1 ip address negotiated ip access-group 111 in ip mtu 1492 ip nat outside
encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 dialer remote-name redback dialer-group 1 ppp authentication pap chap callin ppp chap hostname xxxxxxxxxxxxxxxx ppp chap password 7 xxxxxxxxxxxxxxxxx ppp pap sent-username xxxxxxxxxxxx password 7 xxxxxxxxxxxxxxx ! ip nat inside source list 102 interface Dialer1 overload ip nat inside source static tcp 10.0.0.1 3389 interface Dialer1 3389 ip nat inside source static tcp 10.0.0.1 443 interface Dialer1 443 ip nat inside source static tcp 10.0.0.1 110 interface Dialer1 110 ip nat inside source static tcp 10.0.0.1 25 interface Dialer1 25 ip classless ip route 0.0.0.0 0.0.0.0 Dialer1 ip http server no ip http secure-server ! access-list 23 permit 10.0.0.0 0.0.0.255 access-list 23 permit 10.10.10.0 0.0.0.255 access-list 102 permit ip 10.0.0.0 0.0.0.255 any access-list 111 permit tcp any any eq 3389 access-list 111 permit tcp any any eq 443 access-list 111 permit tcp any any eq pop3 access-list 111 permit tcp any any eq smtp access-list 111 permit icmp any any administratively-prohibited access-list 111 permit icmp any any echo access-list 111 permit icmp any any echo-reply access-list 111 permit icmp any any packet-too-big access-list 111 permit icmp any any time-exceeded access-list 111 permit icmp any any traceroute access-list 111 permit icmp any any unreachable access-list 111 permit udp any eq bootps any eq bootpc access-list 111 permit udp any eq bootps any eq bootps access-list 111 permit udp any eq domain any access-list 111 permit esp any any access-list 111 permit udp any any eq isakmp access-list 111 permit udp any any eq 10000 access-list 111 permit tcp any any eq 1723 access-list 111 permit tcp any any eq 139 access-list 111 permit udp any any eq netbios-ns access-list 111 permit udp any any eq netbios-dgm access-list 111 permit gre any any access-list 111 deny ip any any log dialer-list 1 protocol ip permit ! line con 0 exec-timeout 120 0 no modem enable stopbits 1 line aux 0 line vty 0 4 access-class 23 in exec-timeout 120 0 login local length 0 ! scheduler max-task-time 5000 ! end