1

I am relatively new to Cisco routers but managed to configure most of the stuff successfully. However, there is one problem that I just can't find a solution to. I have set up a VDSL connection on Dialer0 interface and configured some basic forwarding and firewall rules. These rules do not reload on start, each time I need to re-enable them manually:

ip nat source static tcp 192.168.0.2 25 interface Dialer0 25
ip nat source static tcp 192.168.0.2 587 interface Dialer0 587
ip nat source static tcp 192.168.0.2 993 interface Dialer0 993

ip inspect name INSPECT_OUT tcp router-traffic
ip inspect name INSPECT_OUT udp router-traffic
ip inspect name INSPECT_OUT icmp router-traffic
ip inspect name INSPECT_OUT dns
ip inspect name INSPECT_OUT icmp
ip inspect name INSPECT_OUT ntp
ip inspect name INSPECT_OUT tcp

ip access-list extended FIREWALL
permit tcp any any eq 587
permit tcp any any eq 993
permit tcp any any eq 25

Full config:

ip dhcp excluded-address 192.168.0.1
ip dhcp pool LAN
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1 
dns-server 192.168.0.1 

controller VDSL 0
operating mode auto
sra

interface Dialer0
no shut
ip address negotiated
ip nat enable
no ip redirects
ip inspect INSPECT_OUT out
ip access-group FIREWALL in
ip mtu 1492
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
dialer idle-timeout 0
dialer persistent
encapsulation ppp
ppp authentication chap pap callin
ppp chap hostname xxx
ppp chap password xxx
ppp pap sent-username xxx password xxx
ppp ipcp dns request
ppp ipcp route default

interface Ethernet0
no ip address
no shut
pppoe enable group global
pppoe-client dial-pool-number 1

interface ATM0
no ip address
no shut
no atm ilmi-keepalive
pvc 8/35
pppoe-client dial-pool-number 1

interface Vlan1
ip address 192.168.0.1 255.255.255.0
ip nat enable
no ip redirects

access-list 1 permit 192.168.0.0 0.0.0.255
ip nat source list 1 interface Dialer0 overload

ip inspect name INSPECT_OUT tcp router-traffic
ip inspect name INSPECT_OUT udp router-traffic
ip inspect name INSPECT_OUT icmp router-traffic
ip inspect name INSPECT_OUT dns
ip inspect name INSPECT_OUT icmp
ip inspect name INSPECT_OUT ntp
ip inspect name INSPECT_OUT tcp

ip access-list extended FIREWALL
permit tcp any any eq 587
permit tcp any any eq 993
permit tcp any any eq 25

ip nat source static tcp 192.168.0.2 25 interface Dialer0 25
ip nat source static tcp 192.168.0.2 587 interface Dialer0 587
ip nat source static tcp 192.168.0.2 993 interface Dialer0 993

What am I doing wrong?

Eliazar
  • 11
  • 1
  • Silly question, but since you are new to Cisco- are you copying the running configuration to the start-up configuration? 'copy start run' or 'write memory' – TDurden Feb 12 '21 at 04:28
  • It's a reasonable question but yes, I do it. All settings get loaded on reboot except for NAT rules and firewall – Eliazar Feb 12 '21 at 10:49

0 Answers0