Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
2048
Views
10
Helpful
27
Replies

Router 4221 WAN failed ping to external router

SimoneGasperini9549
Level 1
Level 1

ā€Ž04-26-2021 08:53 AM - edited ā€Ž04-27-2021 12:04 AM

Hi everyone,
I work on a cisco router 4221.

I enable the WebUI and try to configure the WAN GigabitEthernet 0/0/0.

I configure it as:

  • Admin Status UP
  • Port Fast disable
  • VRF None
  • Configure as WAN
  • Primary WAN
  • PPPoe Disabled
  • IP Options IPV4
  • IPv4 Type DHCP
  • NAT Enabled
  • OSPF None 

I can ping ISP

I can ping DNS Server

I can't ping Internet

 

Thank you so much

Labels:
0 Helpful
27 Replies 27

balaji.bandi
Hall of Fame
Hall of Fame

ā€Ž04-26-2021 09:44 AM

Do you have Static Route to ISP ?

 

Loging to device using SSH and post ( show run ) output here ?

 

also try from # ping 8.8.8.8 ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

SimoneGasperini9549
Level 1
Level 1
In response to balaji.bandi

ā€Ž04-26-2021 11:48 PM

Hi man,

I can ping ISP and DNS server but not Internet

 

Configuration:

 

Cisco#show run
Building configuration...

Current configuration : 6408 bytes
!
! Last configuration change at 06:34:18 UTC Tue Apr 27 2021
!
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
!
enable password cisco
!
no aaa new-model
!
!
!
ip dhcp pool WEBUIPool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
!
!
login on-success log
!
!
subscriber templating
multilink bundle-name authenticated
no device-tracking logging theft
!
!
!
crypto pki trustpoint TP-self-signed-634987232
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-634987232
revocation-check none
rsakeypair TP-self-signed-634987232
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-634987232
certificate self-signed 01
------
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
-----
quit
!
!
license udi pid ISR4221/K9 sn FGL2506L4YM
memory free low-watermark processor 69247
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username webui privilege 15 password 0 cisco
username cisco privilege 15 secret 9 $9$Pr9t5rdqO0WzN.$wwaol33yRo3hTt8g4TbdzIGHxe2Z3Ik5/uSe1iE2e/A
!
redundancy
mode none
!
!
!
interface GigabitEthernet0/0/0
description WAN
ip address dhcp hostname 10.10.1.1
ip nat outside
negotiation auto
spanning-tree portfast disable
!
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
negotiation auto
!
interface Dialer1
no ip address
ip mtu 1452
!
interface Dialer2
ip address dhcp
ip mtu 1452
!
ip http server
ip http authentication local
ip http secure-server
ip forward-protocol nd
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
!
!
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
!
route-map track-primary-if permit 1
match ip address 197
set interface GigabitEthernet0/0/0
!
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
length 0
transport input ssh
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
!
!
!
end

 

Thank you so much for the support

0 Helpful

Georg Pauwen
VIP
VIP
In response to SimoneGasperini9549

ā€Ž04-27-2021 12:18 AM

Hello,

 

add the lines marked in bold to your configuration:

 

Current configuration : 6408 bytes
!
! Last configuration change at 06:34:18 UTC Tue Apr 27 2021
!
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
!
ip dhcp pool WEBUIPool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
login on-success log
!
subscriber templating
multilink bundle-name authenticated
no device-tracking logging theft
!
crypto pki trustpoint TP-self-signed-634987232
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-634987232
revocation-check none
rsakeypair TP-self-signed-634987232
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
crypto pki certificate chain TP-self-signed-634987232
certificate self-signed 01
------
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
-----
quit
!
license udi pid ISR4221/K9 sn FGL2506L4YM
memory free low-watermark processor 69247
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username webui privilege 15 password 0 cisco
username cisco privilege 15 secret 9 $9$Pr9t5rdqO0WzN.$wwaol33yRo3hTt8g4TbdzIGHxe2Z3Ik5/uSe1iE2e/A
!
redundancy
mode none
!
interface GigabitEthernet0/0/0
description WAN
ip address dhcp hostname 10.10.1.1
ip nat outside
negotiation auto
spanning-tree portfast disable
!
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
--> ip nat inside
negotiation auto
!
interface Dialer1
no ip address
ip mtu 1452
!
interface Dialer2
ip address dhcp
ip mtu 1452
!
ip http server
ip http authentication local
ip http secure-server
ip forward-protocol nd
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
!
route-map track-primary-if permit 1
match ip address 197
set interface GigabitEthernet0/0/0
!
--> access-list 197 permit ip 192.168.1.0 0.0.0.255 any
!
control-plane
!
line con 0
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
length 0
transport input ssh
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
!
end

0 Helpful

SimoneGasperini9549
Level 1
Level 1
In response to Georg Pauwen

ā€Ž04-27-2021 01:15 AM

Thank you so much,

I try it but it doesn't works

 

This is my new configuration:

 


Cisco#show run
Building configuration...

Current configuration : 6408 bytes
!
! Last configuration change at 08:03:48 UTC Tue Apr 27 2021
!
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
!
enable password cisco
!
no aaa new-model
!
!
ip dhcp pool WEBUIPool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
!
!
login on-success log
!
!
subscriber templating
multilink bundle-name authenticated
no device-tracking logging theft
!
!
!
crypto pki trustpoint TP-self-signed-634987232
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-634987232
revocation-check none
rsakeypair TP-self-signed-634987232
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-634987232
certificate self-signed 01
----
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
---
quit
!
!
license udi pid ISR4221/K9 sn FGL2506L4YM
memory free low-watermark processor 69247
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username webui privilege 15 password 0 cisco
username cisco privilege 15 secret 9 $9$Pr9t5rdqO0WzN.$wwaol33yRo3hTt8g4TbdzIGHxe2Z3Ik5/uSe1iE2e/A
!
redundancy
mode none
!
!
!
!
interface GigabitEthernet0/0/0
description WAN
ip address dhcp hostname 10.10.1.1
ip nat outside
negotiation auto
spanning-tree portfast disable
!
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
negotiation auto
!
interface Dialer1
no ip address
ip mtu 1452
!
interface Dialer2
ip address dhcp
ip mtu 1452
!
ip http server
ip http authentication local
ip http secure-server
ip forward-protocol nd
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
!
!
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
!
route-map track-primary-if permit 1
match ip address 197
set interface GigabitEthernet0/0/0
!
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
length 0
transport input ssh
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
!
!
!
end

0 Helpful

Georg Pauwen
VIP
VIP
In response to SimoneGasperini9549

ā€Ž04-27-2021 03:46 AM

Hello,

 

the 'new' configuration is the same as the old one. Make sure the new one looks exactly like below, with the two lines marked in bold added:

 

Hello,

 

add the lines marked in bold to your configuration:

 

Current configuration : 6408 bytes
!
! Last configuration change at 06:34:18 UTC Tue Apr 27 2021
!
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
!
ip dhcp pool WEBUIPool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
login on-success log
!
subscriber templating
multilink bundle-name authenticated
no device-tracking logging theft
!
crypto pki trustpoint TP-self-signed-634987232
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-634987232
revocation-check none
rsakeypair TP-self-signed-634987232
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
crypto pki certificate chain TP-self-signed-634987232
certificate self-signed 01
------
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
-----
quit
!
license udi pid ISR4221/K9 sn FGL2506L4YM
memory free low-watermark processor 69247
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username webui privilege 15 password 0 cisco
username cisco privilege 15 secret 9 $9$Pr9t5rdqO0WzN.$wwaol33yRo3hTt8g4TbdzIGHxe2Z3Ik5/uSe1iE2e/A
!
redundancy
mode none
!
interface GigabitEthernet0/0/0
description WAN
ip address dhcp hostname 10.10.1.1
ip nat outside
negotiation auto
spanning-tree portfast disable
!
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
--> ip nat inside
negotiation auto
!
interface Dialer1
no ip address
ip mtu 1452
!
interface Dialer2
ip address dhcp
ip mtu 1452
!
ip http server
ip http authentication local
ip http secure-server
ip forward-protocol nd
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
!
route-map track-primary-if permit 1
match ip address 197
set interface GigabitEthernet0/0/0
!
--> access-list 197 permit ip 192.168.1.0 0.0.0.255 any
!
control-plane
!
line con 0
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
length 0
transport input ssh
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
!
end

0 Helpful

SimoneGasperini9549
Level 1
Level 1
In response to Georg Pauwen

ā€Ž04-27-2021 03:54 AM

Yes, it's right now.
I can see the blod line in show run but it doesn't work yet

I can't ping 8.8.8.8 from router

0 Helpful

Georg Pauwen
VIP
VIP
In response to SimoneGasperini9549

ā€Ž04-27-2021 04:30 AM

Hello,

 

post the running configuration again with the changes you have made.

0 Helpful

SimoneGasperini9549
Level 1
Level 1
In response to Georg Pauwen

ā€Ž04-27-2021 06:05 AM

Yes of sure:

 

Router#show run
Building configuration...

*Apr 27 12:58:44.875: %SYS-6-PRIVCFG_ENCRYPT_SUCCESS: Successfully encrypted private config file
Current configuration : 6167 bytes
!
! Last configuration change at 12:58:30 UTC Tue Apr 27 2021 by cisco
!
version 17.3
service config
service timestamps debug datetime msec
service timestamps log datetime msec
! Call-home is enabled by Smart-Licensing.
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
ip dhcp pool WEBUIPool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
!
!
!
login on-success log
!
!
subscriber templating
multilink bundle-name authenticated
no device-tracking logging theft
!
!
!
crypto pki trustpoint TP-self-signed-634987232
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-634987232
revocation-check none
rsakeypair TP-self-signed-634987232
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-634987232
certificate self-signed 01
---------
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
---------------
quit
!
!
license udi pid ISR4221/K9 sn FGL2506L4YM
memory free low-watermark processor 69247
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username cisco privilege 15 secret 9 $9$aVW7qHlEHAO27U$iSXww62GxWz42gNMBewMecUZlkLKHRoY8q6VHy/E8p6
!
redundancy
mode none
!
!
!
interface GigabitEthernet0/0/0
ip dhcp client client-id ascii FGL2506L4YM
ip address dhcp
negotiation auto
!
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
negotiation auto
!
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0/0/0
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
!
!
ip access-list extended 197
10 permit ip 192.168.1.0 0.0.0.255 any
!
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
transport input ssh
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
!
!
end

Georg Pauwen
VIP
VIP
In response to SimoneGasperini9549

ā€Ž04-27-2021 07:25 AM

Hello,

 

you keep changing things around, the config you posted is still incorrect. I don't know how to solve this...are you using the WebUI or the command line ?

 

Either way, make sure the config looks exactly (line by line) like the one below:

 

Current configuration : 6408 bytes
!
! Last configuration change at 06:34:18 UTC Tue Apr 27 2021
!
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
!
ip dhcp pool WEBUIPool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
login on-success log
!
subscriber templating
multilink bundle-name authenticated
no device-tracking logging theft
!
crypto pki trustpoint TP-self-signed-634987232
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-634987232
revocation-check none
rsakeypair TP-self-signed-634987232
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
crypto pki certificate chain TP-self-signed-634987232
certificate self-signed 01
------
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
-----
quit
!
license udi pid ISR4221/K9 sn FGL2506L4YM
memory free low-watermark processor 69247
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username webui privilege 15 password 0 cisco
username cisco privilege 15 secret 9 $9$Pr9t5rdqO0WzN.$wwaol33yRo3hTt8g4TbdzIGHxe2Z3Ik5/uSe1iE2e/A
!
redundancy
mode none
!
interface GigabitEthernet0/0/0
description WAN
ip address dhcp hostname 10.10.1.1
ip nat outside
negotiation auto
spanning-tree portfast disable
!
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
--> ip nat inside
negotiation auto
!
interface Dialer1
no ip address
ip mtu 1452
!
interface Dialer2
ip address dhcp
ip mtu 1452
!
ip http server
ip http authentication local
ip http secure-server
ip forward-protocol nd
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
!
route-map track-primary-if permit 1
match ip address 197
set interface GigabitEthernet0/0/0
!
--> access-list 197 permit ip 192.168.1.0 0.0.0.255 any
!
control-plane
!
line con 0
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
length 0
transport input ssh
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
!
end

0 Helpful

SimoneGasperini9549
Level 1
Level 1
In response to Georg Pauwen

ā€Ž04-28-2021 12:02 AM - edited ā€Ž04-28-2021 12:07 AM

Thank you for the patience Georg,
I reset the configuration.

I wanted to use also WebUI but lateral menu of interface many time is blank and I don't know why.
I tried to clean cache, change browser, but nothing.


These are the lines that now I write into CLI:

 

enable
configure terminal
ip dhcp pool WEBUIPool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
username cisco privilege 15 algorithm-type scrypt secret cisco
interface gig 0/0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
exit
access-list 197 permit ip 192.168.1.0 0.0.0.255 any


interface gig 0/0/0
ip nat outside
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0

route-map track-primary-if permit 1
match ip address 197
set interface GigabitEthernet0/0/0
access-list 197 permit 192.168.1.0 0.0.0.255 any

 

And this is the actually show run:

Router#show run
Building configuration...

Current configuration : 6476 bytes
!
! Last configuration change at 06:51:19 UTC Wed Apr 28 2021
!
version 17.3
service config
service timestamps debug datetime msec
service timestamps log datetime msec
! Call-home is enabled by Smart-Licensing.
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
ip dhcp pool WEBUIPool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
!
!
login on-success log
!
!
!
subscriber templating
multilink bundle-name authenticated
no device-tracking logging theft
!
!
!
crypto pki trustpoint TP-self-signed-634987232
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-634987232
revocation-check none
rsakeypair TP-self-signed-634987232
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-634987232
certificate self-signed 01
-------
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
---------
quit
!
!
license udi pid ISR4221/K9 sn FGL2506L4YM
memory free low-watermark processor 69247
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username cisco privilege 15 secret 9 $9$kXPddDSAmBHxh.$PRm3l3hE.W/YnOhCLYVgJ/XXBKY/xRsom0eehYHPzkQ
username admin privilege 15 secret 9 $9$NLuAcsG9pVZdIk$z9oxopInQOA/FnlXM.QsNACsaxP8fX2hTVa7SCygsSg
!
redundancy
mode none
!
!
interface GigabitEthernet0/0/0
ip dhcp client client-id ascii FGL2506L4YM
ip address dhcp
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
negotiation auto
!
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0/0/0
ip forward-protocol nd
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
!
ip access-list extended 197
10 permit ip 192.168.1.0 0.0.0.255 any
!
route-map track-primary-if permit 1
match ip address 197
set interface GigabitEthernet0/0/0
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
transport input ssh
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
!
!
end

 

It doesn't works

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to SimoneGasperini9549

ā€Ž04-27-2021 01:25 AM

below suggestions make changes and test it.

 

interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
negotiation auto
!

 

I do not see any Access List matching with 197

 

I willl make simple - ( You do not have 2 Linkls right, you have only 1 Path to Go out)

 

access-list 10 permit ip 192.168.1.0 0.0.0.255 any

!

no ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload

!

ip nat inside source  list 10 interface GigabitEthernet0/0/0 overload

 

 

Make sure DNS also configured :

 

ip dhcp pool WEBUIPool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1

dns-server 8.8.8.8

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

SimoneGasperini9549
Level 1
Level 1
In response to balaji.bandi

ā€Ž04-27-2021 02:54 AM

Thank you man,

I have a problem with "access-list 10 permit ip 192.168.1.0 0.0.0.255 any" (error, the arrow goes to "ip" word)

it doesn't work

This is my last config:

 

Router#show run
Building configuration...

Current configuration : 6177 bytes
!
! Last configuration change at 09:49:12 UTC Tue Apr 27 2021
!
version 17.3
service config
service timestamps debug datetime msec
service timestamps log datetime msec
! Call-home is enabled by Smart-Licensing.
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
ip dhcp pool WEBUIPool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
!
!
!
login on-success log
!
!
subscriber templating
multilink bundle-name authenticated
no device-tracking logging theft
!
!
!
crypto pki trustpoint TP-self-signed-634987232
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-634987232
revocation-check none
rsakeypair TP-self-signed-634987232
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-634987232
certificate self-signed 01
-------
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
-------
quit
!
!
license udi pid ISR4221/K9 sn FGL2506L4YM
memory free low-watermark processor 69247
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username cisco privilege 15 secret 9 $9$Z0osySJK7XiqGU$3dOswvYh.calwl2Rcp4sx5HO35kPSRFECuIC7CDbXQE
!
redundancy
mode none
!
!
interface GigabitEthernet0/0/0
ip dhcp client client-id ascii FGL2506L4YM
ip address dhcp
negotiation auto
!
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
negotiation auto
!
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0/0/0
ip forward-protocol nd
ip nat inside source list 10 interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
transport input ssh
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
!
end

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to SimoneGasperini9549

ā€Ž04-27-2021 03:31 AM

I gave the wrong syntax :

 

here is correct one :

 

access-list 10 permit 192.168.1.0 0.0.0.255

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

SimoneGasperini9549
Level 1
Level 1
In response to balaji.bandi

ā€Ž04-27-2021 03:35 AM - edited ā€Ž04-27-2021 03:42 AM

Ok, I try it, now it is correct

But it doesn't work, I can't ping 8.8.8.8 from router

 

This is my last configuration:

 


Router#show run
Building configuration...

Current configuration : 6339 bytes
!
! Last configuration change at 10:37:06 UTC Tue Apr 27 2021
!
version 17.3
service config
service timestamps debug datetime msec
service timestamps log datetime msec
! Call-home is enabled by Smart-Licensing.
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
ip dhcp pool WEBUIPool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
!
!
!
login on-success log
!
!
subscriber templating
multilink bundle-name authenticated
no device-tracking logging theft
!
!
!
crypto pki trustpoint TP-self-signed-634987232
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-634987232
revocation-check none
rsakeypair TP-self-signed-634987232
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-634987232
certificate self-signed 01
----
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
-----
quit
!
!
license udi pid ISR4221/K9 sn FGL2506L4YM
memory free low-watermark processor 69247
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username cisco privilege 15 secret 9 $9$Z0osySJK7XiqGU$3dOswvYh.calwl2Rcp4sx5HO35kPSRFECuIC7CDbXQE
!
redundancy
mode none
!
!
interface GigabitEthernet0/0/0
ip dhcp client client-id ascii FGL2506L4YM
ip address dhcp
negotiation auto
spanning-tree portfast disable
!
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
negotiation auto
!
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0/0/0
ip forward-protocol nd
ip nat inside source list 10 interface GigabitEthernet0/0/0 overload
ip nat inside source list 197 interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
!
!
ip access-list standard 10
10 permit 192.168.1.0 0.0.0.255
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
transport input ssh
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
!
!
end

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card