cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
630
Views
0
Helpful
3
Replies

No Internet access inside the network

Tommy Svensson
Level 1
Level 1

Hi.

Im using a Cisco 1941 router with two WAN interfaces. One is directry connected to our ISP and one is connected to another router wich is then connected to another ISP. Hosts on the LAN cannot access the Internet at all but the router has Internet access, im guessing its something simple but i cant seem to spot the error, i have removed the ZBF configuration from the interfaces.

Hoping someone could spot the error.

Regards Tommy Svensson

aaa new-model
!
!
aaa authentication login default local
aaa authentication login vpn_auth local
aaa authorization exec default local
!
!
aaa session-id common
!
clock timezone +2 2 0
!
no ipv6 cef
ip source-route
ip cef
!
!
ip ssh authentication-retries 5
ip ssh version 2
!
class-map type inspect match-any LAN_TO_WAN
match access-group name LAN_TO_WAN
class-map type inspect match-any WAN_TO_LAN
match access-group name WAN_TO_LAN
!
!
policy-map type inspect LAN_TO_WAN
class type inspect LAN_TO_WAN
inspect
class class-default
drop
policy-map type inspect WAN_TO_LAN
class type inspect WAN_TO_LAN
inspect
class class-default
drop
!
zone security WAN_ZONE
zone security LAN_ZONE
zone-pair security LAN_TO_WAN source LAN_ZONE destination WAN_ZONE
service-policy type inspect LAN_TO_WAN
zone-pair security WAN_TO_LAN source WAN_ZONE destination LAN_ZONE
service-policy type inspect WAN_TO_LAN
!
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address xxxxxxxxxxxxxxxxx 255.255.255.240
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address xxxxxxxxxxxxxxxxx 255.255.255.240
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/0/0
vlan-id dot1q 1
exit-vlan-config
!
!
interface FastEthernet0/0/1
!
interface FastEthernet0/0/2
!
interface FastEthernet0/0/3
!
interface Virtual-Template1
ip unnumbered GigabitEthernet0/0
ip nat inside
ip virtual-reassembly in
!
interface Vlan1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip local pool vpn_pool 192.168.0.200 192.168.0.220
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip dns server
ip nat inside source list 105 pool with_overload2 overload
ip nat inside source route-map isp1 interface GigabitEthernet0/0 overload
ip nat inside source route-map isp2 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 xxxxxxxxxxxxxxxx
ip route 0.0.0.0 0.0.0.0 xxxxxxxxxxxxxxxx 10
!
ip access-list extended LAN_TO_WAN
permit gre any any
permit ip any any
ip access-list extended WAN_TO_LAN
permit tcp any eq 3389 any
permit tcp any eq www any
permit tcp any eq 22 any
permit tcp any eq 443 any
permit tcp any any eq 22
permit tcp any any eq 2087
permit tcp any any eq 443
permit tcp any any eq www
permit tcp any any eq smtp
permit tcp any any eq ftp
permit tcp any any eq ftp-data
permit ip 192.168.3.0 0.0.0.255 10.10.15.0 0.0.0.255
permit udp any any eq isakmp
permit icmp any any
permit tcp any any eq 3389
permit tcp any eq ftp-data any
permit tcp any eq ftp any
!
logging trap debugging
logging 10.10.50.5
access-list 9 permit 83.252.20.1
access-list 9 permit 81.232.43.93
access-list 9 permit 212.181.79.206
access-list 9 permit 212.181.79.194
access-list 9 permit 10.10.1.0 0.0.0.255
access-list 9 permit 10.10.15.0 0.0.0.255
access-list 105 permit ip 192.168.0.0 0.0.0.255 any
access-list 150 permit ip any any log
access-list 151 permit ip host 10.10.1.0 any log
access-list 151 permit ip any host 10.10.1.0 log
!
no cdp run

!
!
!
route-map isp2 permit 10
match ip address 105
match interface GigabitEthernet0/1
!
route-map isp1 permit 10
match ip address 105
match interface GigabitEthernet0/0
!
!
control-plane
!
!
line con 0
timeout login response 300
logging synchronous
login authentication console
transport output telnet
line aux 0
transport output telnet
line vty 0 4
privilege level 15
logging synchronous
transport input ssh
line vty 5 15
access-class 9 in
privilege level 15
logging synchronous
transport input ssh
!
scheduler allocate 20000 1000
ntp server 194.35.252.7
!
!

vpn#

1 Accepted Solution

Accepted Solutions

Hi Tommy,

   Just try this for testing

Router(conf)#no ip nat inside source list 105 pool with_overload2 overload

HTH,

Toshi

View solution in original post

3 Replies 3

Hi Tommy,

   Just try this for testing

Router(conf)#no ip nat inside source list 105 pool with_overload2 overload

HTH,

Toshi

Yes it worked, its the NAT configuration thats wrong

Ok its NATed and is working, thank you.

Review Cisco Networking for a $25 gift card