Hey everyone,

I have an issue with my cisco router 1921. I configured two VLANs (192.168.0.0 & 192.168.1.0) and a pppoe connection with my internet provider. The routing between the two VLAN is fine and the pppoe over fiber as well.

The thing is I can ping an internet website from the router interface but can not from a computer on the LAN. I think it is an issue with NAT/PAT or access list.  Hereafter you will find the configuration of the router.

Does someone can help me ?

GVANE01#show running-config

Building configuration...

Current configuration : 5268 bytes

!

! Last configuration change at 10:24:34 GMT Thu Sep 19 2013 by admin

! NVRAM config last updated at 10:26:47 GMT Thu Sep 19 2013 by admin

! NVRAM config last updated at 10:26:47 GMT Thu Sep 19 2013 by admin

version 15.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname GVANE01

!

boot-start-marker

boot-end-marker

!

!

logging buffered 51200 warnings

enable secret 4 O8gVxDZkPDpDZ8jTgGXAY2O0eE0ZpmGM6gPQMFkOCaw

enable password xxxxxxx

!

no aaa new-model

clock timezone GMT 1 0

clock summer-time GMT recurring

!

ip cef

!

!

!

ip dhcp excluded-address 10.10.10.1

ip dhcp excluded-address 192.168.0.1 192.168.0.99

!

ip dhcp pool ccp-pool

import all

network 10.10.10.0 255.255.255.248

default-router 10.10.10.1

lease 0 2

!

ip dhcp pool DHCP_GREENWICH

import all

network 192.168.0.0 255.255.255.0

dns-server 195.186.1.162 195.186.4.162

default-router 192.168.0.254

!

!

!

ip domain name yourdomain.com

ip name-server 195.186.1.162

ip name-server 195.186.4.162

no ipv6 cef

multilink bundle-name authenticated

!

vpdn enable

!

vpdn-group Swisscomm

!

!

template Virtual-Access1

!

!

crypto pki trustpoint TP-self-signed-98202878

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-98202878

revocation-check none

rsakeypair TP-self-signed-98202878

!

!

crypto pki certificate chain TP-self-signed-98202878

certificate self-signed 01

  30820227 30820190 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 39383230 32383738 301E170D 31333036 31323137 30303533

  5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53

  2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D393832 30323837

  3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100D506

  92C9EA0B 7C5B4ABD D0D949C4 4B44C378 0A3804A6 13EDD1DD A086B242 E2AD293B

  57E13770 27150AD1 9AD2E4A4 02DCAF50 D3FC9A0D A07AAA85 997350FD AFB66AA6

  2AF7805F 74C3A9EC 9BA47A11 6D1930A8 318C68AC 4D6328B4 74D30054 0AEFF5B0

  8246B3A0 8662CE0B 32EE7258 0DCBAEB4 61EB5D90 11581DE6 CA0BEB7A 9DC90203

  010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304

  18301680 14272741 32B671FF 353902C8 DAE12FA7 13800772 32301D06 03551D0E

  04160414 27274132 B671FF35 3902C8DA E12FA713 80077232 300D0609 2A864886

  F70D0101 05050003 81810067 89A94BA9 DCB26B1E 1009F68B EBCC61FE AAC3AC68

  63CD2E46 5082F976 D470F5E6 9031B21A 9C03E93B AF956157 5F0117D6 9CF372F0

  47425C0B BBB11E81 89F1AD58 F37E7EEB 6C3DB780 5FC80888 159B6E9C 56BD388F

  EB6C9DB9 9C677B72 A1D216EF 91D40B11 422F2378 0C211171 6C2B9AE9 4BCC1762

  E8FC4B69 E8198EF0 51B54B

        quit

license udi pid CISCO1921/K9 sn FCZ1724C2ZC

!

!

username admin privilege 15 secret 4 O8gVxDZkPDpDZ8jTgGXAY2O0eE0ZpmGM6gPQMFkOCaw

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description Fiber Swisscomm

mtu 1452

no ip address

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

no mop enabled

!

interface GigabitEthernet0/1

description LAN-Greenwich

no ip address

duplex auto

speed auto

no mop enabled

!

interface GigabitEthernet0/1.1

description LAN Greenwich

encapsulation dot1Q 1 native

ip address 192.168.0.254 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

interface GigabitEthernet0/1.2

description IPC

encapsulation dot1Q 2

ip address 192.168.1.254 255.255.255.0

!

interface Dialer1

mtu 1492

ip address negotiated

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication pap callin

ppp chap hostname xxxxxxxxxxxxxxxxxxxx

ppp chap password 0 xxxxxxxxx

ppp pap sent-username xxxxxxxxxxxxxxxxx password 0 xxxxxxxx

!

ip forward-protocol nd

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source list 1 interface Dialer1 overload

ip nat inside source list DSL_ACCESSLIST interface Dialer1 overload

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 192.168.0.0 255.255.255.0 GigabitEthernet0/1.1

ip route 192.168.1.0 255.255.255.0 GigabitEthernet0/1.2

!

ip access-list extended DSL_ACCESSLIST

permit ip 10.10.10.0 0.0.0.255 any

!

!

!

snmp-server community Greenwich RO

snmp-server community public RO

snmp-server enable traps entity-sensor threshold

access-list 10 permit 192.168.0.0 0.0.0.255

access-list 23 permit 10.10.10.0 0.0.0.7

access-list 100 permit ip 10.10.10.0 0.0.0.255 any

access-list 101 permit tcp any any

access-list 101 permit udp any any

access-list 101 permit icmp any any

!

control-plane

!

!

!

line con 0

login local

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

access-class 23 in

privilege level 15

password xxxxxxxx

login local

transport input telnet ssh

line vty 5 15

access-class 23 in

privilege level 15

password xxxxxxx

login local

transport input telnet ssh

!

scheduler allocate 20000 1000

ntp update-calendar

ntp server ch.pool.ntp.org

!

end