Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1114
Views
10
Helpful
5
Replies

No route 4331 - Internet and internal network

Go to solution
KMX762
Level 1
Level 1

‎03-06-2019 12:34 PM

Built a new config for a new 4331 ISR but cannot seem to get either internet access, nor ping devices on the network. 

Gig0/0/0 - connected to an unconfigured switch, with cable modem connected

Gig0/0/2 - Connected to a 2960X switch on 1/0/49.

Cannot ping the switch @ 10.0.0.2. DHCP lease obtained from ISP on Gig0/0/0, but cannot ping 8.8.8.8. 

Adjacent to this router, on the same switch, I have a 3825, running an almost identical config and has no issue with network access as well as internet access (on a separate switch stack)

 

What am I missing here?

 

Attached is the config from the router as well as output of "sh ip route".

 

Labels:
Preview file
2 KB
Preview file
5 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to KMX762

‎03-06-2019 02:30 PM - edited ‎03-06-2019 02:30 PM

Hello,

 

interface GigabitEthernet0/0/0
description Cable-WAN Interface
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip access-group IF-InternetAccess-ACL in  <<  you dont need this acl here. So, you can remove it.
negotiation auto
ip virtual-reassembly

 

To make the intenet works well, run it.

ip nat inside source list NAT interface GigabitEthernet0/0/0 overload

Jaderson Pessoa
*** Rate All Helpful Responses ***

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni

‎03-06-2019 12:47 PM

Hello @KMX762 

 

ip access-list extended NAT
permit ip 10.0.0.0 0.0.0.255 any
permit ip 10.1.0.0 0.0.0.255 any
permit ip 10.99.0.0 0.0.0.255 any
!
!
route-map NATACL permit 10
match ip address NAT
match interface GigabitEthernet0/0/0
!
!
ip nat inside source list NAT interface GigabitEthernet0/0/0 overload

 

you dont apply your route-map on any interface. change your nat configuration for this above

 

test your connection again.

 

Regards

 

 

Jaderson Pessoa
*** Rate All Helpful Responses ***

Go to solution
KMX762
Level 1
Level 1
In response to Jaderson Pessoa

‎03-06-2019 01:46 PM

To what would I apply the "IF-InternetAccess-ACL" to limit incoming connections? Would that not be applied to Gig0/0/0 in ?

0 Helpful

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to KMX762

‎03-06-2019 02:30 PM - edited ‎03-06-2019 02:30 PM

Hello,

 

interface GigabitEthernet0/0/0
description Cable-WAN Interface
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip access-group IF-InternetAccess-ACL in  <<  you dont need this acl here. So, you can remove it.
negotiation auto
ip virtual-reassembly

 

To make the intenet works well, run it.

ip nat inside source list NAT interface GigabitEthernet0/0/0 overload

Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Go to solution
KMX762
Level 1
Level 1
In response to Jaderson Pessoa

‎03-06-2019 03:21 PM

Dropping IF-InternetAccess-ACL from Gig0/0/0 allows icmp outside now. 

0 Helpful

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to KMX762

‎03-06-2019 03:23 PM

Great,


If possible, mark as solved and helpful

thanks in advance.

Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card