02-02-2014 11:27 PM - edited 03-04-2019 10:14 PM
i'm configure cisco 2620 as a internet router. my cisco 2620 router has 5 Ethernet interface. One FE and four Ethernet interface (NM-4E). i'm configure the FE interface as ISP internet interface. and Ethernet 1/1 as a DHCP LAN interface. as i see my config are ok. but unable to access the internet from LAN side. below is my config. please help me to solve this.
Current configuration : 1498 bytes
!
version 12.2
service config
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname xxx
!
enable secret 5 $1$LvPI$UtOZEPSXBrf
enable password xxxxxx
!
ip subnet-zero
no ip routing
!
!
ip name-server 100.12.13.13
ip name-server 200.100.12.12
ip dhcp excluded-address 192.168.5.1 192.168.5.10
!
ip dhcp pool insideDHCP
network 192.168.5.0 255.255.255.0
default-router 192.168.5.1
dns-server 100.12.13.13 200.100.12.12
!
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description Broadband Internet
ip address 20.110.211.154 255.255.255.240
ip nat outside
no ip route-cache
no ip mroute-cache
duplex auto
speed auto
no cdp enable
!
interface Ethernet1/0
no ip address
no ip route-cache
no ip mroute-cache
half-duplex
no cdp enable
!
interface Ethernet1/1
description DHCP LAN
ip address 192.168.5.1 255.255.255.0
ip nat inside
no ip route-cache
no ip mroute-cache
full-duplex
no cdp enable
!
interface Ethernet1/2
no ip address
no ip route-cache
no ip mroute-cache
shutdown
half-duplex
no cdp enable
!
interface Ethernet1/3
no ip address
no ip route-cache
no ip mroute-cache
full-duplex
no cdp enable
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 0.110.211.155
no ip http server
!
!
dial-peer cor custom
!
!
!
!
!
line con 0
exec-timeout 0 0
password xxxxxxx
login
line aux 0
line vty 0 4
password xxxxxxxx
login
!
end
02-03-2014 02:21 AM
Your NAT statement is referencing an acl that you have not defined.
I generally use an extended acl ie.
access-list 101 permit ip 192.168.5.0 0.0.0.255 any
ip nat inside source list 101 interface fa0/0 overload
you can use a standard acl if you want but either way you need to define an acl.
Jon
02-03-2014 02:25 AM
this is correct please make an ACL reflecting the source list 1
"ip access-list standard 1"
"permit 192.168.5.0 0.0.0.255 any"
02-03-2014 04:08 AM
I offer a slightly different alternative. In my experience using extended access lists for NAT where you are going to permit any destination can produce some complications which are avoided when you use a standard access list. So if you are going to use permit ip 192.168.5.0 0.0.0.255 any then I suggest that you make it into a standard access list and permit ip 192.168.5.0 0.0.0.255.
I also note an issue that I hope is just a typo in the default route
ip route 0.0.0.0 0.0.0.0 0.110.211.155
If this is really what is in the config then I can certainly see why nothing can access the Internet.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: