Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
647
Views
0
Helpful
1
Replies

Cant access WAN from PC

dwammann10
Level 1
Level 1

‎12-03-2012 05:29 PM - edited ‎03-07-2019 10:22 AM

Hey guys, sorry I'm an Cisco newbie. I configured this router based on random articles I found on the internet. Not suprisingly it didnt work when I connected it, I was able to get CCP connected and I tried disabling the firewall functions (wasnt sure if it was the problem or not?) I can ping google from the CLI but cannot ping it from a PC. The PC pulls an ip from the pool, has a DNS server but wont ping external IP's or websites. Thanks for any help guys!

Using 5953 out of 262136 bytes

!

! Last configuration change at 05:51:31 Tehran Tue Dec 4 2012 by

dammann

! NVRAM config last updated at 05:51:58 Tehran Tue Dec 4 2012 by

dammann

!

version 15.0

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname Cisco881

!

boot-start-marker

boot-end-marker

!

security authentication failure rate 10 log

security passwords min-length 6

logging buffered 4096

logging console critical

enable secret 5 ###

enable password 7 ###

!

aaa new-model

!

!

aaa authentication login local_auth local

!

!

!

!

!

aaa session-id common

!

!

!

memory-size iomem 10

clock timezone Tehran 3 30

clock summer-time Tehran date Mar 22 2003 12:00 Sep 22 2003

12:00

!

crypto pki trustpoint TP-self-signed-1327196023

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1327196023

revocation-check none

rsakeypair TP-self-signed-1327196023

!

!

crypto pki certificate chain TP-self-signed-1327196023

certificate self-signed 02 nvram:IOS-Self-Sig#4.cer

no ip source-route

no ip gratuitous-arps

!

!

ip dhcp excluded-address 10.10.10.1

ip dhcp excluded-address 192.168.1.1 192.168.1.49

ip dhcp excluded-address 192.168.1.100 192.168.1.254

!

ip dhcp pool ccp-pool

   import all

   network 10.10.10.0 255.255.255.248

   default-router 10.10.10.1

   lease 0 2

!

ip dhcp pool default

   import all

   network 192.168.1.0 255.255.255.0

   default-router 192.168.1.1

   dns-server 8.8.8.8 8.8.4.4

   lease 0 12

!

!

ip cef

no ip bootp server

ip name-server 8.8.8.8

ip name-server 8.8.4.4

ip inspect audit-trail

ip inspect udp idle-time 1800

ip inspect dns-timeout 7

ip inspect tcp idle-time 14400

login block-for 3 attempts 3 within 120

no ipv6 cef

!

!

multilink bundle-name authenticated

license udi pid CISCO881-SEC-K9 sn FCZ162990VQ

!

!

archive

log config

  logging enable

username dammann privilege 15 secret 5 $1$CYiw

$FM4T13I3fx2nx6Aw1KmGV.

!

!

ip ssh time-out 60

ip ssh authentication-retries 2

!

class-map match-all http

match protocol http

class-map match-any p2p

match protocol bittorrent

match protocol edonkey

match protocol fasttrack

match protocol gnutella

match protocol kazaa2

class-map match-all skype

match protocol skype

!

!

policy-map shape

class http

    shape average 4000000 50000

class skype

    bandwidth percent 30

class p2p

   police rate 128000

     conform-action transmit

     exceed-action drop

     violate-action drop

!

!

!

!

!

!

!

!

interface FastEthernet0

!

service-policy output shape

!

interface FastEthernet1

spanning-tree portfast

!

!

interface FastEthernet2

!

!

interface FastEthernet3

!

!

interface FastEthernet4

description WAN Fe4$ETH-WAN$

ip address dhcp client-id FastEthernet4

no ip redirects

no ip unreachables

no ip proxy-arp

ip verify unicast source reachable-via rx allow-default 100

ip nat outside

ip virtual-reassembly

duplex half

speed auto

!

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$

ip address 192.168.1.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

!

ip forward-protocol nd

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

!

ip route 0.0.0.0 0.0.0.0 dhcp

!

!

logging trap debugging

logging facility local2

access-list 23 permit 10.10.10.0 0.0.0.7

access-list 23 permit 192.168.1.0 0.0.0.255

access-list 100 permit udp any any eq bootpc

dialer-list 1 protocol ip permit

no cdp run

!

!

!

!

!

control-plane

!

!

banner exec ^C

% Password expiration warning.

^C

banner login ^C

^C

banner motd ^C^C

!

line con 0

exec-timeout 5 0

login authentication local_auth

no modem enable

transport output telnet

line aux 0

exec-timeout 15 0

login authentication local_auth

transport output telnet

line vty 0 4

access-class 23 in

privilege level 15

password 7 045E0A151635435C0C14001A100E1E

login authentication local_auth

transport input telnet ssh

!

scheduler max-task-time 5000

end

Labels:
0 Helpful
1 Reply 1

mahmoodmkl
Level 7
Level 7

‎12-03-2012 05:33 PM

Hi

U are missing the ip nat inside source list 23 interface fast4 overload

Thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card