11-15-2011 07:04 AM - edited 03-07-2019 03:24 AM
hello friends ,
this is my confguration on cisco 881 . but i am not ablle to access internet from lan. please help me
------------------------
!version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
memory-size iomem 10
ip source-route
!
!
!
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.101 192.168.1.254
!
ip dhcp pool ccp-pool1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
!
ip cef
ip name-server 202.56.230.5
ip name-server 202.56.240.5
no ipv6 cef
!
!
multilink bundle-name authenticated
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-2892003057
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2892003057
revocation-check none
!
!
crypto pki certificate chain TP-self-signed-2892003057
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32383932 30303330 3537301E 170D3131 31313135 31333239
31365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 38393230
30333035 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C491 EB2DF86E 8AAE77FE D1BF83CB EA27482E 063698AF 6447EA33 97165939
735DED52 C5A8399B 36C4EFB3 94A786CA 1EF0BEAD 2E1CA1A3 487F156C 00AD9FF6
B8937945 D89DD507 5162AA85 62659A0C 95448616 327EC734 D6784399 AB28DAA2
FDAE3CD0 EDDDE200 CEB80B08 FDD0A75D 71659E8F C75E38CB F7C4CB6B C2B4CE0A
1E350203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14697AB9 915AE51D 44CA72F5 A7839256 9AFA6E6F A2301D06
03551D0E 04160414 697AB991 5AE51D44 CA72F5A7 8392569A FA6E6FA2 300D0609
2A864886 F70D0101 04050003 81810065 2393B5D0 5936FC19 BDD48DDD 3E0586AA
3FC389E4 03FB11D1 0BB8EE0B 2BA27563 AB09DAD1 2B2F176F 46AC26AB 31E2103F
4233F064 A49A50CC 1E0E71A7 B84B339C DC1ACA28 5F45C9B4 7EE760C9 B4D12200
3457614C 7463FD12 FF5B8925 14CEDEC1 099CE6E7 39800256 36F57643 0347464F
DB9CCE85 956FC3F2 2F56BB20 99C97F
quit
license udi pid CISCO881-SEC-K9 sn FGL151621L4
!
!
username credila privilege 15 password 0 credila123
!
!
!
class-map type inspect match-any ccp-cls-insp-traffic
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-all sdm-nat--1
match access-group 102
class-map type inspect match-all sdm-nat--2
match access-group 103
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-protocol-http
match protocol http
!
!
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-nat--1
inspect
class type inspect sdm-nat--2
inspect
class class-default
drop
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class class-default
drop
policy-map type inspect ccp-permit
class class-default
drop
!
zone security out-zone
zone security in-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside-1
!
!
!
!
interface Loopback0
no ip address
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $FW_OUTSIDE$$ES_WAN$
ip address 125.18.105.88 255.255.255.252
ip nat outside
ip virtual-reassembly in
zone-member security out-zone
duplex full
speed 100
!
interface Vlan1
description $FW_INSIDE$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security in-zone
!
ip default-gateway 125.18.105.87
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
ip nat inside source list 101 interface FastEthernet4 overload
ip nat inside source static 192.168.1.2 125.18.105.65
!
logging esm config
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip 125.18.105.86 0.0.0.3 any
access-list 101 remark CCP_ACL Category=2
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 192.168.1.1
access-list 103 remark CCP_ACL Category=0
access-list 103 permit ip any host 192.168.1.0
!
!
!
!
!
control-plane
!
11-15-2011 09:24 AM
Hi,
delete this:
ip default-gateway 125.18.105.87
add this:
ip route 0.0.0.0 0.0.0.0 125.18.105.87
Regards.
Alain
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide