Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1287
Views
0
Helpful
9
Replies

Firewall on 892 Router

Go to solution
tsipoulanis
Level 1
Level 1

‎07-14-2016 07:23 AM - edited ‎03-12-2019 01:01 AM

Hello everone,

can someone help troubleshooting my new 892 router?

based on a basic configurations i have the Status below,

from the router,

1. ping internal, a host

2. ping internet IP

3. ping website(name)as

from host,

1. ping internal IP from the router

2. ping my public IP

i dont see any website from a browser.

i have configured also zones. (from both directions)

any help is wellcome,

best regards,

thomas

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to tsipoulanis

‎07-15-2016 12:13 AM

You only have "ip nat inside" configured on vlan1, but vlan1 is not a member of any zone.

You only need zone-member on layer 3 interfaces (interfaces with IP addresses).

View solution in original post

0 Helpful
9 Replies 9

Go to solution
johnd2310
Level 8
Level 8

‎07-14-2016 07:09 PM

Hi,

Can you  ping a website or external device from internal host? Have you checked DNS for internal hosts.

Thanks

John

**Please rate posts you find helpful**
0 Helpful

Go to solution
tsipoulanis
Level 1
Level 1
In response to johnd2310

‎07-15-2016 12:12 AM

hi and thanks for the respond,

from a host I ping only my gateway(the cisco router) and my pyblic IP(which is the external WAN IP from my cisco router).
no ping website, no ping 8.8.8.8 ,no ping an other Internet IP

best regards,

thomas

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni

‎07-14-2016 07:32 PM

It could be a million things. You'll need to post your config.

You could also try my wizard for an 897 to get you 99% of a working configuration for an 892.

http://www.ifm.net.nz/cookbooks/890-isr-wizard.html

0 Helpful

Go to solution
tsipoulanis
Level 1
Level 1
In response to Philip D'Ath

‎07-15-2016 12:09 AM

please see attachment,
I will try also the link you gave me to see if i succed with the tool

thanks for the respond,
Thom

configs_2.txt
Preview file
8 KB
0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to tsipoulanis

‎07-15-2016 12:13 AM

You only have "ip nat inside" configured on vlan1, but vlan1 is not a member of any zone.

You only need zone-member on layer 3 interfaces (interfaces with IP addresses).

0 Helpful

Go to solution
tsipoulanis
Level 1
Level 1
In response to Philip D'Ath

‎07-15-2016 12:28 AM

you make my day,
:) thank you.

how i forgot that ??? :)

best wishes,
TThomas

0 Helpful

Go to solution
tsipoulanis
Level 1
Level 1
In response to Philip D'Ath

‎07-15-2016 12:37 AM

and now i can have no traffic between my networks from the vpn.
i see a zone on the tunnel,
then, i think i have to create a zone-pair. ;) right?

Thom

0 Helpful

Go to solution
Philip D'Ath
VIP Alumni
VIP Alumni
In response to tsipoulanis

‎07-16-2016 12:14 AM

The short answer is - yes.

I am a little unclear if you are having an issue or not.  Is everything now working?

0 Helpful

Go to solution
tsipoulanis
Level 1
Level 1
In response to Philip D'Ath

‎07-15-2016 06:53 AM

i have also something else to ask.
i have internet, the vpn is connected and
Router_A ping all the IPs from Router_B
Router_B ping all the IPs from Router_A
Host form A ping all the IPs from Router_B
Host from B ping all the IPs from Router_A

but is not possible to ping from Host_A to Host_B

it seems to be firewall issue.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top