Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5038
Views
26
Helpful
16
Replies

NAT and ACL configuration

snoto1974
Level 1
Level 1

‎04-25-2017 10:36 AM - edited ‎03-05-2019 08:25 AM

It's been a while since the last time I worked on a router config. I'm having issues giving the inside network access to the internet via the GigabitEthernet0/0/0 interface. In the end I would like to have a redundant route to go out the GigabitEthernet0/0/1 interface but I will work on that once get the traffic flowing out of the primary network. Below is the start of my config. Can someone tell me what I am missing? Is my NAT or ACL wrong? Thanks in advanced. 

Current configuration : 1745 bytes
!
! Last configuration change at 17:17:30 UTC Tue Apr 25 2017
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
no logging buffered
enable password <Removed>
!
no aaa new-model!
!
!
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
!
license udi pid ISR4331/K9 sn FDO20450SH5
!
spanning-tree extend system-id
!
username <Removed> privilege 15 password <Removed>
!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description Primary Network
ip address <IP Removed> 
ip nat outside
ip nat allow-static-host
negotiation auto
!
interface GigabitEthernet0/0/1
description Secondary Network
ip address <IP removed> 
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/2
description To ASA Port 0
ip address 192.168.20.1 255.255.255.0
ip nat inside
ip access-group 100 in
ip access-group 100 out
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
negotiation auto
!
interface Vlan1
no ip address
shutdown
!
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 204.148.103.197
ip route 0.0.0.0 0.0.0.0 70.107.239.1 10
!
!
access-list 100 permit ip any any
!
!
!
control-plane
!
!
line con 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password <Removed>
login
!
!
end

1 person had this problem
Labels:
0 Helpful
16 Replies 16

snoto1974
Level 1
Level 1
In response to singhkulbir29881

‎05-04-2017 07:02 AM

Below is the output of the show ip route command. The primary line is currently disconnected.  

Gateway of last resort is 70.107.239.1 to network 0.0.0.0

S* 0.0.0.0/0 [10/0] via 70.107.239.1
70.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 70.107.239.0/24 is directly connected, GigabitEthernet0/0/1
L 70.107.239.211/32 is directly connected, GigabitEthernet0/0/1

0 Helpful

Vipin Sharma
Level 1
Level 1
In response to singhkulbir29881

‎05-19-2017 06:49 AM

Hi singh,

This post is very helpful. Thanks for sharing your knowledge.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card