03-10-2016 08:30 AM - edited 03-05-2019 03:32 AM
Hello Community.
I'm having an issue with my newly deployed Cisco 1941 K9 router.
I can ping 8.8.8.8 from the wan interface, but not from inside, let alone browsing the web. I'm using Google's DNS servers for testing, but I have and internal dns server for the users.
I think there's something missing in the config, but I can't see it.
I apreciate your help in this matter.
My config is attached.
Thank you in advance.
Solved! Go to Solution.
03-10-2016 08:57 AM
When someone has a problem with access to Internet from inside addresses usually the first thing that I look for is whether address translation is configured. I find that your address translation configuration is incomplete. You have this
ip nat inside source list nat-list interface FastEthernet0/0/0.1 overload
but when I look for the nat-list in your config I do not find it. That would cause address translation to fail and would produce your symptoms.
HTH
Rick
03-10-2016 09:22 AM
I haven't used ZBFW so it may also be something to do with that but the most obvious thing is that in your NAT statement you are referencing an acl called "nat-list" but you haven't defined that in your configuration.
As a side point your default route uses the outgoing interface as the next hop but your interface has a public IP ie. it is not DHCP.
If you know the next hop IP then use that instead.
Jon
03-10-2016 08:57 AM
When someone has a problem with access to Internet from inside addresses usually the first thing that I look for is whether address translation is configured. I find that your address translation configuration is incomplete. You have this
ip nat inside source list nat-list interface FastEthernet0/0/0.1 overload
but when I look for the nat-list in your config I do not find it. That would cause address translation to fail and would produce your symptoms.
HTH
Rick
03-10-2016 12:34 PM
Thank you. You were right.
I changed the source list to an existing list and that was it.
03-10-2016 01:15 PM
I am glad that our suggestions were helpful and that you got it to work. Thank you for using the rating system to mark this question as answered. This will help other readers of the forum to identify discussions which have helpful information.
I do agree with the comment that Jon made about the static default route. While it may work the way that you have it configured identifying the outbound interface, it would be better if you change the static route and specify the next hop address.
HTH
Rick
03-10-2016 09:22 AM
I haven't used ZBFW so it may also be something to do with that but the most obvious thing is that in your NAT statement you are referencing an acl called "nat-list" but you haven't defined that in your configuration.
As a side point your default route uses the outgoing interface as the next hop but your interface has a public IP ie. it is not DHCP.
If you know the next hop IP then use that instead.
Jon
03-10-2016 12:46 PM
Thank you. You were right too.
I'll take a look at the default route and add the next hop instead.
Thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide