06-14-2012 11:08 AM - edited 03-07-2019 07:15 AM
Hey guys,
I've been racking my head about this a few days now, thought I'd see if anybody could tell me what is wrong. I have a c1721 with a 4 Port WIC. I can't seem to get anything out to the internet. I can hit the router itself, but it just wont pass any traffic.
The router can hit the internet, just anything behind the 192.168.33.0/29 network cannot. Below is my config.
Running C1700-ADVENTERPRISEK9-M), Version 12.4(8)
06-14-2012 11:08 AM
Building configuration...
Current configuration : 4976 bytes
!
! No configuration change since last restart
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname HOCC-remote10
!
boot-start-marker
boot system flash c1700-adventerprisek9-mz.124-8.bin
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
memory-size iomem 15
clock timezone CEST 2
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.33.1
!
ip dhcp pool CIBT-HOCC-remote1_pool
import all
network 192.168.33.0 255.255.255.248
default-router 192.168.33.1
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto isakmp policy 1
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key * address X.X.X.X
!
!
crypto ipsec transform-set Myset esp-3des esp-sha-hmac
!
crypto map mymap 10 ipsec-isakmp
set peer X.X.X.X
set transform-set Myset
match address 102
!
!
!
!
interface Ethernet5
shutdown
!
interface FastEthernet0
description WAN
ip address dhcp
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
no cdp enable
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4 <----------------PC-------------->
!
interface Vlan1
ip address 192.168.33.1 255.255.255.248
ip nat inside
ip virtual-reassembly
!
ip route 0.0.0.0 0.0.0.0 192.168.0.1 <----------------Upstream-------------->
!
!
ip http server
no ip http secure-server
!
access-list 101 deny ip 192.168.33.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 101 deny ip 192.168.33.0 0.0.0.255 10.2.0.0 0.0.255.255
access-list 101 deny ip 192.168.33.0 0.0.0.255 10.3.0.0 0.0.255.255
access-list 101 deny ip 192.168.33.0 0.0.0.255 10.4.0.0 0.0.255.255
access-list 101 deny ip 192.168.33.0 0.0.0.255 10.5.0.0 0.0.255.255
access-list 101 deny ip 192.168.33.0 0.0.0.255 10.6.0.0 0.0.255.255
access-list 101 deny ip 192.168.33.0 0.0.0.255 10.7.0.0 0.0.255.255
access-list 101 deny ip 192.168.33.0 0.0.0.255 10.8.0.0 0.0.255.255
access-list 101 deny ip 192.168.33.0 0.0.0.255 10.9.0.0 0.0.255.255
access-list 101 deny ip 192.168.33.0 0.0.0.255 10.10.0.0 0.0.255.255
access-list 101 deny ip 192.168.33.0 0.0.0.255 10.11.0.0 0.0.255.255
access-list 101 deny ip 192.168.33.0 0.0.0.255 10.12.0.0 0.0.255.255
access-list 101 deny ip 192.168.33.0 0.0.0.255 10.14.0.0 0.0.255.255
access-list 101 deny ip 192.168.33.0 0.0.0.255 10.15.0.0 0.0.255.255
access-list 101 deny ip 192.168.33.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 101 deny ip 192.168.33.0 0.0.0.255 192.168.91.0 0.0.0.255
access-list 101 deny ip 192.168.33.0 0.0.0.255 192.168.88.0 0.0.0.255
access-list 101 deny ip 192.168.33.0 0.0.0.255 192.168.89.0 0.0.0.255
access-list 101 deny ip 192.168.33.0 0.0.0.255 192.168.48.0 0.0.0.255
access-list 101 deny ip 192.168.33.0 0.0.0.255 192.168.168.0 0.0.0.255
access-list 101 deny ip 192.168.33.0 0.0.0.255 192.168.169.0 0.0.0.255
access-list 101 permit ip 192.168.33.0 0.0.0.255 any
access-list 102 permit ip 192.168.33.0 0.0.0.255 10.1.0.0 0.0.255.255
access-list 102 permit ip 192.168.33.0 0.0.0.255 10.2.0.0 0.0.255.255
access-list 102 permit ip 192.168.33.0 0.0.0.255 10.3.0.0 0.0.255.255
access-list 102 permit ip 192.168.33.0 0.0.0.255 10.4.0.0 0.0.255.255
access-list 102 permit ip 192.168.33.0 0.0.0.255 10.5.0.0 0.0.255.255
access-list 102 permit ip 192.168.33.0 0.0.0.255 10.6.0.0 0.0.255.255
access-list 102 permit ip 192.168.33.0 0.0.0.255 10.7.0.0 0.0.255.255
access-list 102 permit ip 192.168.33.0 0.0.0.255 10.8.0.0 0.0.255.255
access-list 102 permit ip 192.168.33.0 0.0.0.255 10.9.0.0 0.0.255.255
access-list 102 permit ip 192.168.33.0 0.0.0.255 10.10.0.0 0.0.255.255
access-list 102 permit ip 192.168.33.0 0.0.0.255 10.11.0.0 0.0.255.255
access-list 102 permit ip 192.168.33.0 0.0.0.255 10.12.0.0 0.0.255.255
access-list 102 permit ip 192.168.33.0 0.0.0.255 10.14.0.0 0.0.255.255
access-list 102 permit ip 192.168.33.0 0.0.0.255 10.15.0.0 0.0.255.255
access-list 102 permit ip 192.168.33.0 0.0.0.255 192.168.88.0 0.0.0.255
access-list 102 permit ip 192.168.33.0 0.0.0.255 192.168.89.0 0.0.0.255
access-list 102 permit ip 192.168.33.0 0.0.0.255 192.168.90.0 0.0.0.255
access-list 102 permit ip 192.168.33.0 0.0.0.255 192.168.91.0 0.0.0.255
access-list 102 permit ip 192.168.33.0 0.0.0.255 192.168.48.0 0.0.0.255
access-list 102 permit ip 192.168.33.0 0.0.0.255 192.168.168.0 0.0.0.255
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
login local
line aux 0
line vty 0 4
password 7 *
login local
!
ntp clock-period 17180039
ntp server Y.Y.Y.Y
end
06-14-2012 01:13 PM
I do not see any nat translation information you matching on. I see nat inside and outside but do not see where you tell it what to nat.
Sent from Cisco Technical Support iPad App
06-14-2012 01:16 PM
Here is am link sorry
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml
Sent from Cisco Technical Support iPad App
06-14-2012 01:54 PM
you could create something like this:
ip access-list standard NAT
10 permit 192.168.33.0 0.0.0.255
ip nat inside source list NAT interface outside overload
That should get you out. I also noticed you have crypto configured and dont see any NAT exempt configuration for tunnel routing. Do you need to configure that as well?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide