02-22-2011 08:16 AM - edited 03-06-2019 03:41 PM
Cisco 2911, IOS 15.0(1)M4
Can anyone see an error in my configuration? From the router NAT translation works fine. I'm able to ping from the internal interface (ge0/1) to the outside world without issue. However, hosts on the internal network are not able to reach the outside, they are able to ping as far as the outside global address. I've reconfigured the entire router, this time using CCP (just to make I wasn't screwing something up). Still no luck, any thoughts?
version 15.0 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname techno ! boot-start-marker boot-end-marker ! ! no aaa new-model ! ! ! ! no ipv6 cef no ip source-route no ip routing no ip cef ! ! ! ! ip name-server 8.8.8.8 ! multilink bundle-name authenticated ! ! password encryption aes ! redundancy ! ! ! ! crypto isakmp policy 10 authentication pre-share crypto isakmp key 6 asdf address a.b.c.d crypto isakmp invalid-spi-recovery ! ! crypto ipsec transform-set DC_VPN_SET esp-3des esp-md5-hmac ! crypto map DC_VPN_MAP 10 ipsec-isakmp set peer a.b.c.d set transform-set DC_VPN_SET match address 150 ! ! ! ! ! interface GigabitEthernet0/0 description EXTERNAL ip address 68.x.x.10 255.255.255.248 ip nat outside ip virtual-reassembly no ip route-cache duplex auto speed auto no mop enabled crypto map DC_VPN_MAP ! ! interface GigabitEthernet0/1 description INTERNAL ip address 10.10.10.1 255.255.255.192 ip nat inside ip virtual-reassembly no ip route-cache duplex auto speed auto ! ! interface GigabitEthernet0/2 no ip address no ip route-cache shutdown duplex auto speed auto ! ! ip default-gateway 68.x.x.9 ip forward-protocol nd ! ip http server ip http access-class 50 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ip nat inside source route-map SDM_RMAP_2 interface GigabitEthernet0/0 overload ip route 0.0.0.0 0.0.0.0 68.x.x.9 ! access-list 100 remark CCP_ACL Category=2 access-list 100 deny ip 10.10.10.0 0.0.0.63 192.168.0.0 0.0.3.255 access-list 100 permit ip 10.10.10.0 0.0.0.63 any access-list 150 permit ip 10.10.10.0 0.0.0.63 192.168.0.0 0.0.3.255 ! ! ! route-map SDM_RMAP_2 permit 1 match ip address 100 ! ! snmp-server community public RO snmp-server community private RW ! control-plane ! ! line con 0 login local line aux 0 line vty 0 4 access-class 50 in privilege level 15 logging synchronous login local transport input telnet ssh line vty 5 15 access-class 50 in privilege level 15 login local transport input ssh ! scheduler allocate 20000 1000 ntp update-calendar ntp server 91.189.94.4 prefer source GigabitEthernet0/0 end
Solved! Go to Solution.
02-22-2011 08:22 AM
you have "ip routing" disabled for some reason. Reenable "ip routing", and also enable cef "ip cef".
Otherwise your configuration looks correct.
02-22-2011 08:22 AM
you have "ip routing" disabled for some reason. Reenable "ip routing", and also enable cef "ip cef".
Otherwise your configuration looks correct.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: