04-05-2017 03:13 AM - edited 03-08-2019 10:04 AM
I am able to ping the internet from the router but not able access in the client machine. Please someone tell what did I mess in the below configuration
___________________________________________________________________________________
Mafoi#sh running-config
Building configuration...
Current configuration : 1695 bytes
!
! Last configuration change at 21:45:30 UTC Tue Mar 2 1993
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Mafoi
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.50
!
ip dhcp pool Mafoi
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 180.151.151.151 180.151.151.152
domain-name Mafoi
lease 7
!
!
ip cef
ip name-server 180.151.151.151
ip name-server 180.151.151.152
!
!
license udi pid CISCO861-K9 sn FGL151027AC
!
!
username bagath privilege 15 secret 5 $1$R1uY$ZkSc9mv4O3TxZvFePXsav0
!
!
!
!
!
!
!
!
!
interface FastEthernet0
switchport access vlan 100
!
interface FastEthernet1
switchport access vlan 100
!
interface FastEthernet2
switchport access vlan 100
!
interface FastEthernet3
switchport access vlan 100
!
interface FastEthernet4
ip address xxx.xx.xxx.xx(wan Ip) 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan100
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
no ip http server
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 100 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 119.82.xxx.xx(Wan Gateway)
!
access-list 100 permit ip 192.168.1.1 0.0.0.100 any
!
control-plane
!
!
line con 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
04-05-2017 04:55 AM
I believe that the issue is the mask used in the access list used for NAT.
access-list 100 permit ip 192.168.1.1 0.0.0.100 any
If you use the mask to represent a /24 network then I believe that it should work. I wonder why you use an extended access list when a standard access list would work and I believe would be a better solution. You are not doing anything that uses the capabilities of an extended access list that can not also be accomplished in a standard access list.
HTH
Rick
04-05-2017 11:00 PM
Hi Richards,
Thanks for the reply!
I done that too but still I'm not able use internet or ping google in the client machines.
Current config
#sh ru
Building configuration...
Current configuration : 1643 bytes
!
! Last configuration change at 00:05:13 UTC Mon Mar 1 1993
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Mafoi
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.50
!
ip dhcp pool Mafoi
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 180.151.151.151 180.151.151.152
domain-name Mafoi
lease 7
!
!
ip cef
ip name-server 180.151.151.151
ip name-server 180.151.151.152
!
!
license udi pid CISCO861-K9 sn FGL151027AC
!
!
username bagath privilege 15 secret 5 $1$R1uY$ZkSc9mv4O3TxZvFePXsav0
!
!
!
!
!
!
!
!
!
interface FastEthernet0
switchport access vlan 100
!
interface FastEthernet1
switchport access vlan 100
!
interface FastEthernet2
switchport access vlan 100
!
interface FastEthernet3
switchport access vlan 100
!
interface FastEthernet4
ip address xxx.xx.xxx.xx(wan ip) 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan100
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
no ip http server
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 100 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 xxx.xx.xxx.xx(wan gateway)
!
!
control-plane
!
!
line con 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
04-06-2017 06:20 AM
When I look in the new copy of show run I do not see access list 100 configured. That would prevent NAT from working.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide