Cisco 837 Config

[Stinkeye]

I am having trouble with my config for a Cisco 837 router I have it correctly configured to connect to the ISP but no client that connect to the router can ping or browse http traffic. The Router can ping out so there is something blocking but I am not sure what.
Here is my config

Current configuration : 4139 bytes
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router1
!
logging buffered 51200 warnings
!
clock timezone BST 0
no aaa new-model
ip subnet-zero
no ip source-route
ip domain name XXXXXXXXXX
ip name-server XXXXXXXX
ip name-server XXXXXXXX
ip name-server XXXXXXXX
ip dhcp excluded-address 172.168.1.1
ip dhcp excluded-address 172.168.1.2 172.168.1.160
!
ip dhcp pool CLIENT
import all
network 172.168.1.0 255.255.255.0
default-router 172.168.1.1
dns-server 172.168.1.1
lease 0 2
!
!
no ip bootp server
ip inspect max-incomplete low 10
ip inspect one-minute low 10
ip inspect udp idle-time 15
ip inspect tcp idle-time 1800
ip inspect tcp finwait-time 1
ip inspect tcp synwait-time 15
ip inspect name INTERNET-OUT tcp alert on audit-trail on
ip inspect name INTERNET-OUT udp alert on audit-trail on
ip inspect name INTERNET-OUT smtp alert on audit-trail on
ip inspect name INTERNET-OUT http alert on audit-trail on
ip inspect name INTERNET-OUT fragment maximum 50 timeout 1
ip inspect name INTERNET-IN tcp alert on audit-trail on
ip inspect name INTERNET-IN udp alert on audit-trail on
ip inspect name INTERNET-IN smtp alert on audit-trail on
ip inspect name INTERNET-IN http alert on audit-trail on
ip inspect name INTERNET-IN fragment maximum 50 timeout 1
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
ip address 172.168.1.1 255.255.255.0
ip access-group E0-in in
no ip redirects
no ip unreachables
no ip proxy-arp
no ip route-cache
no cdp enable
hold-queue 100 out
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no ip route-cache
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
no ip route-cache
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname XXXXXXXX@btinternet.com
ppp chap password 7 XXXXXXXXXXX
ppp pap sent-username XXXXXXXX@btinternet.com password 7 XXXXXXXXXXX
!
interface Dialer1
no ip address
ip access-group Internet-in in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect INTERNET-IN in
ip inspect INTERNET-OUT out
no cdp enable
!
ip nat inside source list 1 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
ip http authentication local
no ip http secure-server
ip dns server
!
!
ip access-list extended Internet-in
deny ip 0.0.0.0 0.255.255.255 any log
deny ip 127.0.0.0 0.255.255.255 any log
deny ip 10.0.0.0 0.255.255.255 any log
deny ip 192.168.0.0 0.0.255.255 any log
deny ip 192.0.2.0 0.0.0.255 any log
deny ip 169.254.0.0 0.0.255.255 any log
deny ip 224.0.0.0 31.255.255.255 any log
permit tcp any gt 1023 host 100.0.0.2 eq smtp
permit tcp any gt 1023 host 100.0.0.2 eq www
permit tcp host 172.1.1.1 gt 1023 host 172.0.0.2 eq domain
permit esp any host 172.1.0.2
permit ip 172.0.0.8 0.0.0.7 172.0.0.0 0.0.0.7
permit icmp any 172.0.0.0 0.0.0.7 time-exceeded
permit icmp any 172.0.0.0 0.0.0.7 echo-reply
deny tcp any range 0 65535 any range 0 65535 log
deny udp any range 0 65535 any range 0 65535 log
deny ip any any log
access-list 23 permit 10.10.10.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
banner login ^CCC
No unauthorised Access
^C
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 120 0
login local
length 0
!
scheduler max-task-time 5000
!
end

 

[unclerico]

access-list 101 permit ip 172.168.1.0 0.0.0.255 any
ip nat inside source list 101 int di0 overload
add ip nat inside to e0

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[burtsbees]

And ip nat out on the di0 interface...

Uncle---gettin' blind in your "old" age?lol

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[Stinkeye]

Thanks for the quick response. I will give that a try now.

 

[unclerico]

haha burt...you gotta look again though brah, tis already there. S'ok, i forgive you.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[Stinkeye]

Thanks for that it seems to work fine. Can I ask what those lines did so that I know next time.
Thanks

 

[unclerico]

sure, the first line creates an ACL to match on for the NAT process (it says permit any host in the 172.168.1/24 subnet into the NAT process). the second line uses that ACL to setup PAT on the dialer0 interface. the third line enables NAT on your inside interface (your inside local addresses).

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[burtsbees]

Crap...I was looking at the other dialer...

Eh? What was that? Speak up...lol

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!