Thanks for the links. Here's the config I came up with but I it doesn't seem to want to make a pppoe connection.

The relevant entries in the log:

%DIALER-6-UNBIND: Interface Vi1 unbound from profile Di1

%LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down

Sending PADI: Interface = FastEthernet0/0

PPPoE 0: I PADO R:0030.802b.9f95 L:000f.9018.71a0 Fa0/0

PPPOE: we've got our pado and the pado timer went off

OUT PADR from PPPoE Session

PPPoE 55559: I PADS R:0030.802b.9f95 L:000f.9018.71a0 Fa0/0

IN PADS from PPPoE Session

Configuration:

Current configuration : 4857 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname 2651xm

!

boot-start-marker

boot-end-marker

!

logging buffered 4096 debugging

!

!

resource policy

!

no aaa new-model

clock timezone EST -5

clock summer-time EST recurring

no network-clock-participate slot 1

no network-clock-participate wic 0

ip subnet-zero

!

!

no ip dhcp use vrf connected

!

!

ip cef

no ip domain lookup

ip inspect name ethernetin cuseeme timeout 3600

ip inspect name ethernetin ftp timeout 3600

ip inspect name ethernetin h323 timeout 3600

ip inspect name ethernetin http timeout 3600

ip inspect name ethernetin rcmd timeout 3600

ip inspect name ethernetin realaudio timeout 3600

ip inspect name ethernetin smtp timeout 3600

ip inspect name ethernetin sqlnet timeout 3600

ip inspect name ethernetin streamworks timeout 3600

ip inspect name ethernetin tcp timeout 3600

ip inspect name ethernetin tftp timeout 30

ip inspect name ethernetin udp timeout 15

ip inspect name ethernetin vdolive timeout 3600

no ip ips deny-action ips-interface

vpdn enable

vpdn ip udp ignore checksum

!

vpdn-group 2

request-dialin

protocol pppoe

!

!

interface FastEthernet0/0

description world (outside)

no ip address

duplex auto

speed auto

pppoe enable

pppoe-client dial-pool-number 2

!

interface FastEthernet0/1

description home (inside)

ip address 192.168.xxx.1 255.255.255.0

ip access-group 101 in

ip nat inside

ip inspect ethernetin in

ip virtual-reassembly

no ip mroute-cache

speed auto

half-duplex

!

interface Dialer1

description pppoe (virtual/outside)

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

no ip mroute-cache

dialer pool 2

dialer string 1111111111

dialer-group 2

ppp authentication pap

ppp pap sent-username blah password 0 password

!

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

!

!

ip http server

no ip http secure-server

ip nat inside source list 2 interface Dialer1 overload

!

access-list 2 permit 192.168.xxx.0 0.0.0.255

access-list 101 permit tcp 192.168.xxx.0 0.0.0.255 any

access-list 101 permit udp 192.168.xxx.0 0.0.0.255 any

access-list 101 permit icmp 192.168.xxx.0 0.0.0.255 any

access-list 101 deny ip any any log

access-list 112 permit icmp any any unreachable

access-list 112 permit icmp any any echo-reply

access-list 112 permit icmp any any packet-too-big

access-list 112 permit icmp any any time-exceeded

access-list 112 permit icmp any any traceroute

access-list 112 permit icmp any any administratively-prohibited

access-list 112 permit icmp any any echo

access-list 112 deny ip any any log

dialer-list 2 protocol ip permit

!

!

!

control-plane

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

password passw0rd

login

!

end

When you say it doesnt want to work how are you troubleshooting it? Can you provide out of the following commands:

show vpdn

show vpdn session all

show ip int brief

I enabled debugging for the following and posted the relevant piece of the log in the post above (before the config):

Dial on demand:

Dial on demand events debugging is on

PPPoE:

PPPoE protocol events debugging is on

PPPoE protocol errors debugging is on

VPN:

VPDN events debugging is on

PPP:

PPP protocol errors debugging is on

PPP packet display debugging is on

Here's the info you asked about:

%No active L2F tunnels

%No active L2TP tunnels

%No active PPTP tunnels

PPPoE Tunnel and Session Information Total tunnels 1 sessions 1

PPPoE Session Information

Uniq ID PPPoE RemMAC Port VT VA State

SID LocMAC VA-st

N/A 55708 0030.802b.9f95 Fa0/0 Di1 N/A N/A

000f.9018.71a0

%No active L2F tunnels

%No active L2TP tunnels

%No active PPTP tunnels

PPPoE Session Information Total tunnels 1 sessions 1

PPPoE Session Information

SID Pkts-In Pkts-Out Bytes-In Bytes-Out

55708 78 99 1408 1664

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 unassigned YES NVRAM up down

FastEthernet0/1 192.168.xxx.1 YES NVRAM up up

NVI0 unassigned YES unset up up

Virtual-Access1 unassigned YES unset down down

Dialer1 unassigned YES NVRAM up up

I turned on some more debugging but I still can't figure out why it's not connecting. Can anyone help? ..Thanks! :)

19020: .270: Sending PADI: Interface = FastEthernet0/0

19021: .294: PPPoE 0: I PADO R:0030.802b.9f95 L:000f.9018.71a0 Fa0/0

19022: .321: PPPOE: we've got our pado and the pado timer went off

19023: .321: OUT PADR from PPPoE Session

19024: .345: PPPoE 30300: I PADS R:0030.802b.9f95 L:000f.9018.71a0 Fa0/0

19025: .345: IN PADS from PPPoE Session

19026: .349: %DIALER-6-BIND: Interface Vi1 bound to profile Di1

19026: .349: %DIALER-6-BIND: Interface Vi1 bound to profile Di1

19027: .349: PPPoE: Virtual Access interface obtained.

19028: .349: PPPoE : encap string prepared

19029: .349: [0]PPPoE 30300: data path set to Virtual Acess

19030: .353: Vi1 PPP: Phase is DOWN, Setup

19031: .353: Vi1 PPP: Using dialer call direction

19032: .353: Vi1 PPP: Treating connection as a callout

19033: .353: Vi1 PPP: Session handle[A2000095] Session id[0]

19034: .353: Vi1 PPP: Phase is ESTABLISHING, Active Open

19035: .353: Vi1 PPP: Authorization required

19036: .353: Vi1 LCP: O CONFREQ [Closed] id 1 len 14

19037: .353: Vi1 LCP: AuthProto PAP (0x0304C023)

19038: .353: Vi1 LCP: MagicNumber 0x1F4CD581 (0x05061F4CD581)

19039: .357: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to up

19040: .357: Vi1 DDR: Dialer statechange to up

19041: .381: Vi1 PPP: I pkt type 0xC021, datagramsize 16 link[ppp]

19042: .381: Vi1 LCP: I CONFACK [REQsent] id 1 len 14

19043: .381: Vi1 LCP: AuthProto PAP (0x0304C023)

19044: .381: Vi1 LCP: MagicNumber 0x1F4CD581 (0x05061F4CD581)

19045: .353: Vi1 PPP: I pkt type 0xC021, datagramsize 20 link[ppp]

19046: .353: Vi1 LCP: I CONFREQ [ACKrcvd] id 2 len 18

19047: .353: Vi1 LCP: MRU 1492 (0x010405D4)

19048: .353: Vi1 LCP: AuthProto PAP (0x0304C023)

19049: .353: Vi1 LCP: MagicNumber 0x433ACC51 (0x0506433ACC51)

19050: .353: Vi1 LCP: O CONFNAK [ACKrcvd] id 2 len 8

19051: .353: Vi1 LCP: MRU 1500 (0x010405DC)

19052: .361: Vi1 LCP: TIMEout: State ACKrcvd

19053: .361: Vi1 LCP: O CONFREQ [ACKrcvd] id 2 len 14

19054: .361: Vi1 LCP: AuthProto PAP (0x0304C023)

19055: .361: Vi1 LCP: MagicNumber 0x1F4CD581 (0x05061F4CD581)

19056: .377: Vi1 PPP: I pkt type 0xC021, datagramsize 20 link[ppp]

19057: .377: Vi1 LCP: I CONFREQ [REQsent] id 3 len 18

19058: .377: Vi1 LCP: MRU 1500 (0x010405DC)

19059: .381: Vi1 LCP: AuthProto PAP (0x0304C023)

19060: .381: Vi1 LCP: MagicNumber 0x433ACC51 (0x0506433ACC51)

19061: .381: Vi1 LCP: O CONFACK [REQsent] id 3 len 18

19062: .381: Vi1 LCP: MRU 1500 (0x010405DC)

19063: .381: Vi1 LCP: AuthProto PAP (0x0304C023)

19064: .381: Vi1 LCP: MagicNumber 0x433ACC51 (0x0506433ACC51)

19065: .385: Vi1 PPP: I pkt type 0xC021, datagramsize 16 link[ppp]

19066: .389: Vi1 LCP: I CONFACK [ACKsent] id 2 len 14

19067: .389: Vi1 LCP: AuthProto PAP (0x0304C023)

19068: .389: Vi1 LCP: MagicNumber 0x1F4CD581 (0x05061F4CD581)

19069: .389: Vi1 LCP: State is Open

19070: .389: Vi1 PPP: Phase is AUTHENTICATING, by both

19071: .389: Vi1 PAP: Using hostname from interface PAP

19072: .389: Vi1 PAP: Using password from interface PAP

19073: .393: Vi1 PAP: O AUTH-REQ id 1 len 20 from "username9"

19074: .405: PPPoE 30300: I PADT R:0030.802b.9f95 L:000f.9018.71a0 Fa0/0

19075: .405: PPPoE : Shutting down client session

19076: .405: [0]PPPoE 30300: O PADT R:0030.802b.9f95 L:000f.9018.71a0 Fa0/0

19077: .409: %DIALER-6-UNBIND: Interface Vi1 unbound from profile Di1

19078: .409: Vi1 PPP: Block vaccess from being freed [0x10]

19079: .413: %LINK-3-UPDOWN: Interface Virtual-Access1, changed state to down

Under your dialer1 you have 'ppp authentication pap' command configured. Try removing it and then see if it works. What this command does is that it requires the other device to authenticate itself with you and mostly we do not require the server to authenticate itself to the client. So your dialer configuration should look like:

!

interface Dialer1

description pppoe (virtual/outside)

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

no ip mroute-cache

dialer pool 2

dialer string 1111111111

dialer-group 2

ppp pap sent-username blah password 0 password

!

I copied the username and password from a Win box running WinPoet (that's currently working as a router/firewall - I want to replace it with the cisco box) but I'll try your suggestion.

Thanks!

Thank you. I'll give it a shot tonight. Is the "dialer string" required?

No I do not think the dialer string is required so remove that statement also.

Thanks guys! Removing "ppp authentication pap" and "dialer string" did the trick. Too bad I removed most of the firewall config before I read your replies so it's just a NAT router with DSL client at the moment. I'll post the results once I have the fw config setup.

Glad to hear it worked.

As always please rate posts that help you.

Thanks again. It's working witht he fw config as well. I'm posting via the 2651 now. I have two other questions about access-list 112 in the FW example. It has the following:

access-list 112 permit icmp any 150.150.150.0 0.0.0.255 unreachable

access-list 112 permit icmp any 150.150.150.0 0.0.0.255 echo-reply

access-list 112 permit icmp any 150.150.150.0 0.0.0.255 packet-too-big

access-list 112 permit icmp any 150.150.150.0 0.0.0.255 time-exceeded

access-list 112 permit icmp any 150.150.150.0 0.0.0.255 traceroute

access-list 112 permit icmp any 150.150.150.0 0.0.0.255 administratively-prohibited

access-list 112 permit icmp any 150.150.150.0 0.0.0.255 echo

access-list 112 deny ip any any log

How should I configure the outside access list in my scenario since the my external IP is obtained via PPPoE and it's different every time I make a connection.

For now, I have:

access-list 112 permit icmp any any unreachable

access-list 112 permit icmp any any echo-reply

access-list 112 permit icmp any any packet-too-big

access-list 112 permit icmp any any time-exceeded

access-list 112 permit icmp any any traceroute

access-list 112 permit icmp any any administratively-prohibited

access-list 112 permit icmp any any echo

access-list 112 deny ip any any log

...but is that really a good idea? Can I create a list that would read the address of the Dialer interface for src or dst?

Another question that I have is: I need to make a connection from the internal network to a remote PPTP server. I'm pretty sure that I need to enable GRE somewhere but I'm not quite sure how/where.

Thank you!

Depending on this IOS version you have your router might be supporting stateful inspection of ICMP. If that is the case then you can remove the icmp lines from the access list. You can check if your router supports it or not by trying:

ip inspect name ethernetin icmp

If that works then your access-list will look like:

access-list 112 permit gre any any

access-list 112 deny ip any any log

I have added the gre line for PPTP as the IOS FW is not GRE aware.