Solved: cisco 1941 problem getting out to internet.PLEASE HELP!!!

diaspora21 · ‎10-15-2010

Dear sirs,

I have some problems getting out to internet from my vlan. the configuration is this:

I have 2 Vlan 192.168.1.0 and 172.16.1.0 .

The problem is that when I am on subnet 192 and i use default gateway 192.168.1.1 I can access internet .. when I am on 172 subnet with gateway 172.16.1.1 I can't acces internet. I can ping 172.16.1.1 but I can't go out .. Here is my configuration :

Building configuration...

Current configuration : 4188 bytes

!

! Last configuration change at 01:01:22 UTC Sat Oct 9 2010

!

version 15.0

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname xxxxxxxxxxxx

!

boot-start-marker

boot-end-marker

!

enable password xxxxxxxxx

!

no aaa new-model

!

no ipv6 cef

ip source-route

ip cef

!

ip dhcp excluded-address 192.168.1.1 192.168.1.100

!

ip dhcp pool internal

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 192.168.1.20

domain-name xxxxxxxx

lease 7

!

multilink bundle-name authenticated

!

\

!

interface GigabitEthernet0/0

no ip address

ip virtual-reassembly

duplex auto

speed auto

!

interface GigabitEthernet0/0.172

encapsulation dot1Q 172

ip address 172.16.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface GigabitEthernet0/0.192

encapsulation dot1Q 192

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface GigabitEthernet0/1

description outside

ip address xxxxxxxxxxxx 255.255.255.248

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

ip forward-protocol nd

!

ip http server

no ip http secure-server

!

ip nat inside source list 1 interface GigabitEthernet0/1 overload

ip nat inside source static tcp 192.168.1.20 xxxxxxxxxxxx 25 extendable

ip nat inside source static tcp 192.168.1.20 xxxxxxxxxxxx 53 extendable

ip nat inside source static tcp 192.168.1.20 xxxxxxxxxxxx 80 extendable

ip nat inside source static tcp 192.168.1.20 xxxxxxxxxxxx 110 extendable

ip nat inside source static tcp 192.168.1.20 xxxxxxxxxxxx 143 extendable

ip nat inside source static tcp 192.168.1.20 xxxxxxxxxxxx 443 extendable

ip nat inside source static udp 192.168.1.20 xxxxxxxxxxxx 500 extendable

ip nat inside source static tcp 192.168.1.20 xxxxxxxxxxxx 993 extendable

ip nat inside source static udp 192.168.1.20 xxxxxxxxxxxx 995 extendable

ip nat inside source static tcp 192.168.1.11 80 xxxxxxxxxxxx 80 extendable

ip nat inside source static tcp 192.168.1.12 53 xxxxxxxxxxxx 53 extendable

ip nat inside source static tcp 192.168.1.12 80 xxxxxxxxxxxx 80 extendable

ip nat inside source static tcp 192.168.1.12 110 xxxxxxxxxxxx 110 extendable

ip nat inside source static tcp 192.168.1.12 143 xxxxxxxxxxxx 143 extendable

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1

!

access-list 1 permit 192.168.1.0 0.0.0.255

dialer-list 1 protocol ip permit

!

control-plane

!

line con 0

password 7 xxxxxxxxxxxx

login

line aux 0

line vty 0 4

password 7 xxxxxxxxxxxx

login

!

scheduler allocate 20000 1000

end

Please help

andtoth · ‎10-15-2010

Hi,

Looks like you need to specify the 172.16.1.0 subnet in access-list 1 in the same way as 192.168.1.0 in order for the router to know that it needs to translate the source IP address of packets when they have a source from 172.16.1.0 range.

The access-list lines should look like this:

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 1 permit 172.16.1.0 0.0.0.255

Andras

View solution in original post

andtoth · ‎10-15-2010

Hi,

Looks like you need to specify the 172.16.1.0 subnet in access-list 1 in the same way as 192.168.1.0 in order for the router to know that it needs to translate the source IP address of packets when they have a source from 172.16.1.0 range.

The access-list lines should look like this:

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 1 permit 172.16.1.0 0.0.0.255

Andras

diaspora21 · ‎10-15-2010

Thank you very much Andras..!!