here is the router i have:
i installed the firewall set on it and it's ios image is now c806 version 12.2(1)xe.
i don't understand why the wan would be trying to dial or what you mean by the architecture.
here is my latest configuration:
Building configuration...
Current configuration : 2164 bytes
!
version 12.2
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Firewall
!
logging rate-limit console 10 except errors
enable secret 5 $1$HQwp$W.vHe54zCKgiyKpl5VV2s/
!
username Firewall password 7 02000D490E110E2D40
ip subnet-zero
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw http timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
--More-- ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
no ip dhcp-client network-discovery
lcp max-session-starts 0
!
!
!
interface Ethernet0
description CRWS Generated text. Please do not delete this:192.168.100.1-255.255.255.0
ip address 192.168.100.1 255.255.255.0 secondary
ip address 10.10.10.1 255.255.255.0
ip nat inside
no cdp enable
hold-queue 32 in
!
interface Ethernet1
ip address dhcp
ip access-group 101 in
ip inspect myfw out
--More-- ip nat outside
no cdp enable
!
ip classless
ip http server
!
ip nat inside source list 102 interface Ethernet1 overload
access-list 101 permit udp any eq bootps any
access-list 101 deny icmp any any echo-reply
access-list 102 permit ip 192.168.100.0 0.0.0.255 any
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 deny ip any any
--More-- !
line con 0
exec-timeout 120 0
transport input none
stopbits 1
line vty 0 4
exec-timeout 0 0
login local
length 0
!
scheduler max-task-time 5000
end
Building configuration...
Current configuration : 2164 bytes
!
version 12.2
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Firewall
!
logging rate-limit console 10 except errors
enable secret 5 $1$HQwp$W.vHe54zCKgiyKpl5VV2s/
!
username Firewall password 7 02000D490E110E2D40
ip subnet-zero
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw http timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
--More-- ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
no ip dhcp-client network-discovery
lcp max-session-starts 0
!
!
!
interface Ethernet0
description CRWS Generated text. Please do not delete this:192.168.100.1-255.255.255.0
ip address 192.168.100.1 255.255.255.0 secondary
ip address 10.10.10.1 255.255.255.0
ip nat inside
no cdp enable
hold-queue 32 in
!
interface Ethernet1
ip address dhcp
ip access-group 101 in
ip inspect myfw out
--More-- ip nat outside
no cdp enable
!
ip classless
ip http server
!
ip nat inside source list 102 interface Ethernet1 overload
access-list 101 permit udp any eq bootps any
access-list 101 deny icmp any any echo-reply
access-list 102 permit ip 192.168.100.0 0.0.0.255 any
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 deny ip any any
--More-- !
line con 0
exec-timeout 120 0
transport input none
stopbits 1
line vty 0 4
exec-timeout 0 0
login local
length 0
!
scheduler max-task-time 5000
end
Firewall#
Building configuration...
Current configuration : 2224 bytes
!
version 12.2
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Firewall
!
logging rate-limit console 10 except errors
enable secret 5 $1$HQwp$W.vHe54zCKgiyKpl5VV2s/
!
username Firewall password 7 02000D490E110E2D40
ip subnet-zero
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw http timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
--More-- ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
no ip dhcp-client network-discovery
lcp max-session-starts 0
!
!
!
interface Ethernet0
description CRWS Generated text. Please do not delete this:192.168.100.1-255.255.255.0
ip address 192.168.100.1 255.255.255.0 secondary
ip address 10.10.10.1 255.255.255.0
ip nat inside
no cdp enable
hold-queue 32 in
!
interface Ethernet1
ip address dhcp
ip access-group 101 in
ip inspect myfw out
--More-- ip nat outside
no cdp enable
!
interface Dialer1
no ip address
shutdown
no cdp enable
!
ip classless
ip http server
!
ip nat inside source list 102 interface Ethernet1 overload
access-list 101 permit udp any eq bootps any
access-list 101 deny icmp any any echo-reply
access-list 102 permit ip 192.168.100.0 0.0.0.255 any
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
--More-- access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 deny ip any any
!
line con 0
exec-timeout 120 0
transport input none
stopbits 1
line vty 0 4
exec-timeout 0 0
login local
length 0
!
scheduler max-task-time 5000
end
Firewall# Travis McGuire