Re: Cisc 4300 initial setup - Can't get internet

allinarush · ‎11-01-2018

This is my first Cisco setup. Local workstations get ip address but cannot get out to the internet. Can someone look over my running config?


Building configuration...


Current configuration : 4318 bytes
!
! Last configuration change at 12:29:28 Chicago Thu Nov 1 2018 by admin
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname cisco4321
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 *****************
enable password ******
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local 
!
!
!
!
!
!
aaa session-id common
no process cpu autoprofile hog
clock timezone Chicago -6 0
clock summer-time Chicago date Apr 6 2003 2:00 Oct 26 2003 2:00
!
!
!
!
!
!
!
!
!
!
!

 

!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-1724128401
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1724128401
revocation-check none
rsakeypair TP-self-signed-1724128401
!
!
crypto pki certificate chain TP-self-signed-1724128401
certificate self-signed 01
************************************************************************************
quit
license udi pid *************************
!
spanning-tree extend system-id
!
username admin privilege 15 password 0 ******
username craig privilege 15 secret *****************
!
redundancy
mode none
!
!
!
!
!
vlan internal allocation policy ascending
no cdp run
!
!
class-map type inspect match-any WEBSERVER
match protocol http
match protocol https
match protocol ftp
match protocol ftps
class-map type inspect match-all ccp-cls--1
match class-map WEBSERVER
match access-group name SYNOLOGY
!
policy-map type inspect ccp-policy-ccp-cls--1
class type inspect ccp-cls--1
pass
class class-default
!
zone security INSIDE
zone security Outside
zone-pair security sdm-zp-Outside-INSIDE source Outside destination INSIDE
service-policy type inspect ccp-policy-ccp-cls--1
! 
!
!
!
!
!
!
!
!
!
!
!
!
! 
! 
! 
! 
! 
! 
!
!
interface GigabitEthernet0/0/0
description $ETH-WAN$
ip address 184.184.206.207 255.255.255.240
ip nat outside
zone-member security Outside
media-type rj45
negotiation auto
!
interface GigabitEthernet0/0/1
ip address 192.168.2.1 255.255.255.0
ip nat inside
zone-member security INSIDE
negotiation auto
!
interface GigabitEthernet0
description $ETH-LAN$
vrf forwarding Mgmt-intf
ip address 192.168.1.1 255.255.255.0
negotiation auto
no cdp enable
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip tftp source-interface GigabitEthernet0
!
!
ip access-list extended SYNOLOGY
remark CCP_ACL Category=128
permit ip host 192.168.2.20 any
!
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.2.0 0.0.0.255
!
snmp-server community public RO
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password ******
!
!
end

Rob Ingram · ‎11-01-2018

Hi,
I don't see a default static route in your configuration, also you are running ZBFW but you don't have a zone-pair defined from inside to outside.

HTH

Dennis Mink · ‎11-02-2018

your default route to an IP address on the outside is missing

Please remember to rate useful posts, by clicking on the stars below.