Solved: Problem with Internet Access

gustavoren · ‎03-10-2016

Hello Community.

I'm having an issue with my newly deployed Cisco 1941 K9 router.

I can ping 8.8.8.8 from the wan interface, but not from inside, let alone browsing the web. I'm using Google's DNS servers for testing, but I have and internal dns server for the users.

I think there's something missing in the config, but I can't see it.

I apreciate your help in this matter.

My config is attached.

Thank you in advance.

Richard Burts · ‎03-10-2016

When someone has a problem with access to Internet from inside addresses usually the first thing that I look for is whether address translation is configured. I find that your address translation configuration is incomplete. You have this

ip nat inside source list nat-list interface FastEthernet0/0/0.1 overload

but when I look for the nat-list in your config I do not find it. That would cause address translation to fail and would produce your symptoms.

HTH

Rick

HTH

Rick

View solution in original post

Jon Marshall · ‎03-10-2016

I haven't used ZBFW so it may also be something to do with that but the most obvious thing is that in your NAT statement you are referencing an acl called "nat-list" but you haven't defined that in your configuration.

As a side point your default route uses the outgoing interface as the next hop but your interface has a public IP ie. it is not DHCP.

If you know the next hop IP then use that instead.

Jon

View solution in original post

Richard Burts · ‎03-10-2016

When someone has a problem with access to Internet from inside addresses usually the first thing that I look for is whether address translation is configured. I find that your address translation configuration is incomplete. You have this

ip nat inside source list nat-list interface FastEthernet0/0/0.1 overload

but when I look for the nat-list in your config I do not find it. That would cause address translation to fail and would produce your symptoms.

HTH

Rick

HTH

Rick

gustavoren · ‎03-10-2016

Thank you. You were right.

I changed the source list to an existing list and that was it.

Richard Burts · ‎03-10-2016

I am glad that our suggestions were helpful and that you got it to work. Thank you for using the rating system to mark this question as answered. This will help other readers of the forum to identify discussions which have helpful information.

I do agree with the comment that Jon made about the static default route. While it may work the way that you have it configured identifying the outbound interface, it would be better if you change the static route and specify the next hop address.

HTH

Rick

HTH

Rick

Jon Marshall · ‎03-10-2016

I haven't used ZBFW so it may also be something to do with that but the most obvious thing is that in your NAT statement you are referencing an acl called "nat-list" but you haven't defined that in your configuration.

As a side point your default route uses the outgoing interface as the next hop but your interface has a public IP ie. it is not DHCP.

If you know the next hop IP then use that instead.

Jon

gustavoren · ‎03-10-2016

Thank you. You were right too.

I'll take a look at the default route and add the next hop instead.

Thanks again.