10-05-2021 02:35 AM
I have connected my CISCO 1921 Router as show in diagram and configure it , but I could not get internet access in my LAN 10.60.100.0/23 , the configuration are as
DSLAMJP#show config
Using 1738 out of 262136 bytes
!
! Last configuration change at 08:03:08 UTC Tue Oct 5 2021
!
version 15.8
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname DSLAMJP
!
boot-start-marker
boot-end-marker
!
!
enable password xxxxxx
!
no aaa new-model
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 10.60.100.1 10.60.100.10
!
ip dhcp pool LAN
network 10.60.100.0 255.255.254.0
default-router 10.60.100.1
dns-server 203.153.41.28 203.153.44.44
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-3873411360
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3873411360
revocation-check none
rsakeypair TP-self-signed-3873411360
!
!
crypto pki certificate chain TP-self-signed-3873411360
certificate self-signed 01 nvram:IOS-Self-Sig#3.cer
license udi pid CISCO1921/K9 sn FGL190321FA
!
!
!
redundancy
!
!
!
!
!
!
interface Loopback0
no ip address
!
interface Loopback1
no ip address
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 10.255.241.26 255.255.255.252
description WAN
ip nat outside
ip virtual-reassembly in
duplex full
speed auto
!
interface GigabitEthernet0/1
description LAN
ip address 10.60.100.1 255.255.254.0
ip nat inside
ip virtual-reassembly in
duplex full
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
Ip nat inside source list 99 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 10.255.241.25
!
!
access-list 99 permit any
!
control-plane
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password xxxxxx
login
transport input telnet
!
scheduler allocate 20000 1000
!
end
DSLAMJP#
Please help in this matter
10-05-2021 10:27 PM - edited 10-05-2021 11:09 PM
Hi,
Have you checked that there is no routing problem?
Have you checked ping from address 10.255.241.26 to the internet?
Is there another router in the topology described where NAT is configured?
about the NAT
Cisco highly recommends that you do not configure access lists referenced by NAT commands with permit any. Using permit any can result in NAT consuming too many router resources which can cause network problems.
no access-list 99 permit any
access-list 99 permit 10.60.100.0 0.0.1.255
10-05-2021 11:31 PM
Hello,
in addition to what @pman said, what is the router in the middle, the one with IP address 10.255.241.25, doing ? That router needs to NAT as well, can you post the config of this device as well ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide