http://www.dslreports.com/forum/r20768080 en Wed, 03 Dec 2008 03:17:01 EDT Wed, 03 Dec 2008 03:17:01 EDT http://www.dslreports.com/forum/remark,20772083 anon : You're welcome.. Glad to hear.. and don't beat yourself up too much, we're all here to learn something. ;)]]> http://www.dslreports.com/forum/remark,20772083 Thu, 10 Jul 2008 20:03:04 EDT http://www.dslreports.com/forum/remark,20772003 anon : I thank you very much, I have made the changes and it is indeed working. I feel ashamed at the same time but it has been a good learning experience. ]]> http://www.dslreports.com/forum/remark,20772003 Thu, 10 Jul 2008 19:47:17 EDT http://www.dslreports.com/forum/remark,20771494 anon : Doesn't sound like a nat issue, but sounds like you removed CBAC? CBAC will allow the return traffic through that it inspects leaving your router.

You don't need all of this, but I've found them usefull at one point or another... example:

ip inspect name general-purpose cuseemeip inspect name general-purpose dnsip inspect name general-purpose ftpip inspect name general-purpose icmpip inspect name general-purpose rcmdip inspect name general-purpose realaudioip inspect name general-purpose rtspip inspect name general-purpose sqlnetip inspect name general-purpose streamworksip inspect name general-purpose tftpip inspect name general-purpose tcpip inspect name general-purpose udpip inspect name general-purpose vdoliveip inspect name general-purpose sipip inspect name general-purpose esmtp alert onip inspect name general-purpose pop3 alert on resetip inspect name general-purpose ftpsip inspect name general-purpose isakmpip inspect name general-purpose ipsec-msftip inspect name general-purpose pptpip inspect name general-purpose ntpip inspect name general-purpose imapip inspect name general-purpose imapsip inspect name general-purpose imap3ip inspect name general-purpose pop3s interface FastEthernet4 ip inspect general-purpose out 
Also, doesn't look like you need this line in there:

ip nat pool home 10.10.10.0 10.10.10.255 netmask 255.255.255.0
]]> http://www.dslreports.com/forum/remark,20771494 Thu, 10 Jul 2008 18:00:21 EDT http://www.dslreports.com/forum/remark,20768080 anon : Hello all,

First and foremost I want to thank you for taking the time to read this.

How I got to where I am now.
Decided to mess around with my configuration about 5 days ago and I think I messed something up and unfortunately I did not back up my config.

Here is what I've learned:
Keep frequent backups: Once my issue gets resolved I will definetely run a kron job to ftp over configurations on a daily basis.

Here is how it used to work:
Any traffic I requested from my inside interface in this case BVI1 as long as the acl in was configured to permit ip 10.10.10.0 0.0.0.255 any
anything I requested would be allowed to come back to me without problems

Here is how it's working now:
any traffic I request from the bvi1 interface with the same ACL as I had before gets denied by ACL 101 which is assigned to the public outside interface which basically allows bootpc traffic for it to receive DHCP info from the ISP and a deny ip all rule.

I can't just put an permit ip any any on the 101 ACL that's like not having a firewall. I have pasted my configuration here: »pastebin.be/12710

Once again, I thank you for your time, any help you provide here hope it comes back tenfold.]]> http://www.dslreports.com/forum/remark,20768080 Thu, 10 Jul 2008 01:43:30 EDT