Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
224
Views
0
Helpful
3
Replies

Cisco 861 not able access internet via Clien system

admin
Level 1
Level 1

‎04-05-2017 03:13 AM - edited ‎03-08-2019 10:04 AM

I am able to ping the internet from the router but not able access in the client machine. Please someone tell what did I mess in the below configuration

___________________________________________________________________________________

Mafoi#sh running-config
Building configuration...

Current configuration : 1695 bytes
!
! Last configuration change at 21:45:30 UTC Tue Mar 2 1993
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Mafoi
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.50
!
ip dhcp pool Mafoi
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 180.151.151.151 180.151.151.152
domain-name Mafoi
lease 7
!
!
ip cef
ip name-server 180.151.151.151
ip name-server 180.151.151.152
!
!
license udi pid CISCO861-K9 sn FGL151027AC
!
!
username bagath privilege 15 secret 5 $1$R1uY$ZkSc9mv4O3TxZvFePXsav0
!
!
!
!
!
!
!
!
!
interface FastEthernet0
switchport access vlan 100
!
interface FastEthernet1
switchport access vlan 100
!
interface FastEthernet2
switchport access vlan 100
!
interface FastEthernet3
switchport access vlan 100
!
interface FastEthernet4
ip address xxx.xx.xxx.xx(wan Ip) 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan100
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
no ip http server
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 100 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 119.82.xxx.xx(Wan Gateway)
!
access-list 100 permit ip 192.168.1.1 0.0.0.100 any
!
control-plane
!
!
line con 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end

Labels:
0 Helpful
3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

‎04-05-2017 04:55 AM

I believe that the issue is the mask used in the access list used for NAT.

access-list 100 permit ip 192.168.1.1 0.0.0.100 any

If you use the mask to represent a /24 network then I believe that it should work. I wonder why you use an extended access list when a standard access list would work and I believe would be a better solution. You are not doing anything that uses the capabilities of an extended access list that can not also be accomplished in a standard access list.

HTH

Rick

HTH

Rick
0 Helpful

admin
Level 1
Level 1
In response to Richard Burts

‎04-05-2017 11:00 PM

Hi Richards,

Thanks for the reply!

I done that too but still I'm not able use internet or ping google in the client machines.

Current config

#sh ru
Building configuration...

Current configuration : 1643 bytes
!
! Last configuration change at 00:05:13 UTC Mon Mar 1 1993
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Mafoi
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.50
!
ip dhcp pool Mafoi
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 180.151.151.151 180.151.151.152
domain-name Mafoi
lease 7
!
!
ip cef
ip name-server 180.151.151.151
ip name-server 180.151.151.152
!
!
license udi pid CISCO861-K9 sn FGL151027AC
!
!
username bagath privilege 15 secret 5 $1$R1uY$ZkSc9mv4O3TxZvFePXsav0
!
!
!
!
!
!
!
!
!
interface FastEthernet0
switchport access vlan 100
!
interface FastEthernet1
switchport access vlan 100
!
interface FastEthernet2
switchport access vlan 100
!
interface FastEthernet3
switchport access vlan 100
!
interface FastEthernet4
ip address xxx.xx.xxx.xx(wan ip) 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan100
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
no ip http server
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 100 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 xxx.xx.xxx.xx(wan gateway)
!
!
control-plane
!
!
line con 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to admin

‎04-06-2017 06:20 AM

When I look in the new copy of show run I do not see access list 100 configured. That would prevent NAT from working.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card