Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
327
Views
2
Helpful
6
Replies

Cisco 2811 Router can't reach internet

Go to solution
Student5333
Level 1
Level 1

‎11-24-2025 10:18 AM

Hi all, I'm posting for a group of students attempting to make a network for a class. We currently have a Cisco 2811 router we are configuring. We can ping within the local network but we can't seem to ping to the internet. We have tried everything we can think of but are at a loss. Can anyone see an error in our config that we are not seeing?

Labels:
Preview file
2 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Student5333

‎11-25-2025 11:01 AM 

access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 10.0.0.0 0.0.0.255

Above doesn't cover 10.10.20.0/24, 10.10.30.0/24 or 10.10.40.0/24.  Intentional?  If not, you can add those /24s or possibly consider just covering the whole 10.0.0.0/8.

Try:

ip nat pool inside-nat 10.10.10.1 10.10.10.254 netmask 255.255.255.0

ip nat inside source list 1 pool inside-nat overload => ip nat inside source list 1 interface FastEthernet0/0 overload

BTW, possibly you can:

ip route 0.0.0.0 0.0.0.0 172.16.0.1 => ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 dhcp

View solution in original post

0 Helpful
6 Replies 6

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎11-24-2025 05:36 PM

Can the router ping the Internet?

Well, I believe you have multiple issues.

First, for the inside subinterfaces, believe you need the "ip nat inside" on any you want to do NAT for.  I.e. placing the statement, on the main interface alone, doesn't automatically imply the subinterfaces will be NATted.

Second, I don't see any configuration of NAT beyond defining the inside and outside interfaces.  You need to configure NAT for what you want it do to using those interfaces.

These Cisco documents might be of help to you:

https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13772-12.html

https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/26704-nat-faq-00.html

BTW:

interface FastEthernet0/1.10
encapsulation dot1Q 10
ip address 10.10.10.1 255.255.255.0
ip helper-address 10.10.10.2 !not needed, as it's this interface's network

Go to solution
Student5333
Level 1
Level 1
In response to Joseph W. Doherty

‎11-25-2025 10:14 AM

Yes, the router can currently ping the internet. We implemented your suggestions on the NAT side of things to the best of our knowledge. However, we still can't ping outside the network. Here is our current config. Please let us know if we failed to implement something correctly.

Preview file
3 KB
0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame
In response to Student5333

‎11-25-2025 11:01 AM 

access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 10.0.0.0 0.0.0.255

Above doesn't cover 10.10.20.0/24, 10.10.30.0/24 or 10.10.40.0/24.  Intentional?  If not, you can add those /24s or possibly consider just covering the whole 10.0.0.0/8.

Try:

ip nat pool inside-nat 10.10.10.1 10.10.10.254 netmask 255.255.255.0

ip nat inside source list 1 pool inside-nat overload => ip nat inside source list 1 interface FastEthernet0/0 overload

BTW, possibly you can:

ip route 0.0.0.0 0.0.0.0 172.16.0.1 => ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 dhcp

0 Helpful

Go to solution
paul driver
VIP
VIP

‎11-24-2025 09:05 PM

Hello
looks like you are running ROAS
your sub interfaces require “ ip nat inside”
also you require a default nat statement 

“ip nat inside source-list 1 interface  fa0/0 overload “
Lastly make sure the switch attached to the rts fa0/1 interface is a trunk and it has it’s necessary vlans created and allowed on the trunk

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
Student5333
Level 1
Level 1
In response to paul driver

‎11-25-2025 10:20 AM

We updated our router with the NAT suggestions both you and Joseph suggested. We are still unable to ping outside the network. Here is our current config. Please let us know if you see anything that needs changing.

Preview file
3 KB
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Student5333

‎11-25-2025 11:13 AM

I have looked through the config and have several things to comment about:

- first and most important is that your default route specifies a next hop of 172.16.0.1. But there is no interface that shows that address or subnet. The config suggests that F0/0 is the outside interface. Is this address used for that interface? I would suggest a default route of ip route 0.0.0.0 0.0.0.0 dhcp

- Your configuration of a routing protocol includes networks 192.168.1.0 and 192.168.10.0. Where are these networks?

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents