[gestevam]

Hello.
I need some help to configure a Cisco 857W. At this point i don't know what to do more to fix this problem.
My router, when is booting, i see in the console (Hyperterminal) at the end of the boot, two messages:

%NAT: Error activating CNBAR on the interface BVI1
%NAT: Error activating CNBAR on the interface Dialer0

After that, i can get a ip address with wire and wireless, so i can access the server over the LAN.
But i can't access the internet and to the VPN, i think everything is ok, but it is clearly that it is not.
Hear is my configuration, any help i will appreciate.

My network is this:
1 Server with DHCP, DNS w/ IP 192.168.43.2
Router Cisco 857W IP 192.168.43.1
ISP IP Static


!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service sequence-numbers
no service dhcp
!
hostname Router
!
logging buffered 51200 debugging
logging console critical
enable secret 5 MY_PASSWORD_ROUTER
!
clock timezone PCTime 0
clock summer-time PCTime recurring 1 Sun Oct 2:00 3 Sun Mar 3:00
!
!
ip domain-name MYDOMAIN
ip name-server DNS ISP
ip name-server DNS ISP
ip name-server 192.168.43.2
!
!
ip tcp selective-ack
ip tcp timestamp
no ip bootp server
no ip domain lookup
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp key MY_KEY address MY_PUBLIC_ADDRESS no-xauth
!
crypto ipsec transform-set tr-null-sha esp-null esp-sha-hmac
crypto ipsec transform-set tr-des-md5 esp-des esp-md5-hmac
crypto ipsec transform-set tr-3des-md5 esp-3des esp-md5-hmac
crypto ipsec transform-set tr-3des-sha esp-3des esp-sha-hmac
crypto ipsec transform-set tr-aes-sha esp-aes esp-sha-hmac
!
crypto map cm-cryptomap 110 ipsec-isakmp
set peer MY_PUBLIC_ADDRESS
set transform-set tr-3des-md5
match address 110
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
!
encryption mode ciphers tkip
!
ssid MY_SSID
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii MY_WIRELESS_KEY
!
speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
!
interface bvi1
ip address 192.168.43.1 255.255.255.0
ip access-group 102 in
ip nat inside
no ip directed-broadcast
exit
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$
no snmp trap link-status
pvc 0/35
pppoe-client dial-pool-number 1
!
exit
!
interface Dialer0
ip address MY_STATIC_IP_ADDRESS_ISP 255.255.255.0
ip access-group 101 in
no ip redirects
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username MY_USER password 0 MY_PASSWORD
!
ip nat inside source list 1 interface Dialer0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
!
!
line vty 0 4
access-class 2 in
exit
!
access-list 1 remark The local LAN.
access-list 1 permit 192.168.43.0 0.0.0.255
!
access-list 2 remark Where management can be done from.
access-list 2 permit 192.168.43.0 0.0.0.255
!
access-list 3 remark Traffic not to check for intrustion detection.
access-list 3 deny 192.168.40.0 0.0.0.255
access-list 3 permit any
!
access-list 101 remark Traffic allowed to enter the router from the Internet
access-list 101 permit ip 192.168.40.0 0.0.0.255 192.168.43.0 0.0.0.255
access-list 101 permit ip 192.168.0.0 0.0.255.255 any
access-list 101 permit udp any any eq 4500
access-list 101 permit udp any any eq isakmp
access-list 101 permit esp any any
access-list 101 permit tcp any any eq 1723
access-list 101 permit gre any any
access-list 101 deny icmp any any echo
access-list 101 deny ip any any log
!
access-list 102 remark Traffic allowed to enter the router from the Ethernet
access-list 102 permit ip any host 192.168.43.1
access-list 102 permit ip 192.168.43.0 0.0.0.255 192.168.40.0 0.0.0.255
access-list 102 deny ip any 0.0.0.0 0.255.255.255 log
access-list 102 permit ip 192.168.43.0 0.0.0.255 any
access-list 102 permit ip any host 255.255.255.255
access-list 102 deny ip any any log
!
access-list 110 remark Site to Site VPN
access-list 110 permit ip 192.168.43.0 0.0.0.255 192.168.40.0 0.0.0.255
access-list 110 permit ip 192.168.43.0 0.0.0.255 any
!
bridge 1 route ip
dialer-list 1 protocol ip permit
!
interface FastEthernet0
no shutdown
exit
interface FastEthernet1
no shutdown
exit
interface FastEthernet2
no shutdown
exit
interface FastEthernet3
no shutdown
exit
interface vlan1
no shutdown
exit
interface ATM0
no shutdown
exit
interface Dot11Radio0
no shutdown
exit
interface bvi1
no shutdown
exit

Once again i will appreciate some help, this is my first configuration in the cisco router and i tried everything, that i saw in the forum.

Best regards
Gestevam

[gestevam]

Anyone coul'd help me?

[Dumber]

Well I don't know if this will help but it might
http://www.cisco.com/univercd/cc/td/...2/pppoanat.pdf

I came it across searching for your error and founded this source which is reffering to the above document
http://www.telecom-gear.com/Cisco-87...e41708--12.htm


Also your acl doesn't look correctly

Quote:

access-list 1 remark The local LAN.
access-list 1 permit 192.168.43.0 0.0.0.255
!

Quote:

access-list 1 remark Access from internal to any.
access-list 1 permit 192.168.43.0 0.0.0.255 any

!

[gestevam]

Hi Dumber!
Sorry only now i reply your post, but i've been out a few days and so...
In first place, thank you for your answer. I read it and the pdf file for NAT over PPPoA, is a part of a complete cisco file that call "Cisco 850 series and 870 series - Access Routers Software And Configuration Guide" and i tried everything that i can "translate" for my situation and it didn't work. Even your suggestion, didn't work too. I put a "any" in the end of my access list 1 (from internal to any and it mark a error in the "any" cwhen it is booting.

At this moment i have 2 configurations:

Config 1: I can access from any computer to the internet, on the wire cable, the wireless doesn't work.

Config 2: The wire and wireless works well, login on the server, etc. But i can't reach de internet.

I tried to make a mix of the 2 configs and i can't understand waht is going worng.

The config 1 i made it with the steps of the SDM Express, but unfornatelly like i saw in several foruns the SDM express isn't a good thing...

The config 2 i made it over this site and i put my configurations
http://www.ifm.net.nz/cookbooks/800-isr-wizard.html

I will try again, step by step recreate a good router-confg file. If i can do evreything working i'll inform. Otherwise if you or anyone have a suggestion i'll accept the explanation.

Thank you again

GE

[gestevam]

Just one information, that i forgot to supply.
The configuration that is in the first post, is the config 2.

Best regards