cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
391
Views
0
Helpful
1
Replies

ISSUE : LAN Can't Acces To Internet With ACL STANDARD LIST CONIFGURED

Hi there,

 

I am currently configuring a c888 series router.

 

I have a Lan network at 192.168.10.0/24 (Native Vlan 1 by default - ETH0-1-2-3).

An interface TO WAN THROUGH DIALER 1, the default route is via this DIALER 1 interface.

 

I configured a loopback10 interface:

ip address 10.0.0.1 255.255.255.255 !!! (Not real IP is just for example)

 

Outgoing nat performed:

ip nat inside source list 10 interface Loopback10 overload

 

I need to access from the outside to a machine which is on the LAN network, IP of the machine: 192.168.10.3/24.

I did port forwarding:

ip nat inside source static tcp 192.168.10.3 443 10.0.0.1 8083 extendable

 

I now need to filter incoming traffic so that certain public IPs can access this port forwarding:

I configured a standard Access-list 50

access-list 50 permit 99.20.10.63
access-list 50 permit 85.24.20.54


I added this access-list on the VLAN1 interface:

ip address 192.168.10.1 255.255.255.0
ip access-group 50 out
ip nat inside
ip virtual-reassembly in
no autostate

 

Port forwarding works and filtering by ip too. The problem is that the machine 192.168.10.3/24 cannot access the internet following this configuration while I can ping: ping 8.8.8.8 source vlan1.

 

Could you help me ?

 

Thanks

1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

how is your access list 10 Looks like, can you post ip nat outside interface config ?

also show ip route output

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help