Solved: You will be able to find more

jeffrey01111111 · ‎01-26-2016

I am a cisco newbie, I have configured VLANS, dhcp, can get an IP address on my local machine. I can't seem to get out to the internet from said machine. Am I missing something in my NAT setup?

Current configuration : 2220 bytes
    !
    ! Last configuration change at 00:46:14 UTC Wed Jan 27 2016
    !
    version 15.1
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname Router
    !
    boot-start-marker
    boot-end-marker
    !
    !
    !
    no aaa new-model
    !
    !
    no ipv6 cef
    ip source-route
    ip cef
    !
    !
    !
    ip dhcp excluded-address 10.0.10.1
    !
    ip dhcp pool LAN1
    !
    ip dhcp pool LAN10
       network 10.0.10.0 255.255.255.0
       default-router 10.0.10.1
       dns-server 8.8.8.8
    !
    ip dhcp pool vlan20
       network 10.0.20.0 255.255.255.0
       default-router 10.0.20.1
       dns-server 8.8.8.8
    !
    !
    !
    multilink bundle-name authenticated
    !
    crypto pki token default removal timeout 0
    !
    !
    license udi pid CISCO1921/K9 sn FTX151200G2
    !
    !
    !
    redundancy
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    interface GigabitEthernet0/0
     ip address dhcp
     ip nat outside
     ip virtual-reassembly in
     duplex auto
     speed auto
    !
    interface GigabitEthernet0/1
     no ip address
     shutdown
     duplex auto
     speed auto
    !
    interface GigabitEthernet0/1/0
     switchport access vlan 10
     spanning-tree portfast
    !
    interface GigabitEthernet0/1/1
     switchport access vlan 10
     spanning-tree portfast
    !
    interface GigabitEthernet0/1/2
     switchport access vlan 10
     spanning-tree portfast
    !
    interface GigabitEthernet0/1/3
     switchport access vlan 10
     spanning-tree portfast
    !
    interface GigabitEthernet0/1/4
     switchport access vlan 20
     spanning-tree portfast
    !
    interface GigabitEthernet0/1/5
     switchport access vlan 20
     spanning-tree portfast
    !
    interface GigabitEthernet0/1/6
     switchport access vlan 20
     spanning-tree portfast
    !
    interface GigabitEthernet0/1/7
     switchport access vlan 20
     spanning-tree portfast
    !
    interface Vlan1
     no ip address
    !
    interface Vlan10
     ip address 10.0.10.1 255.255.255.0
     ip nat inside
     ip virtual-reassembly in
    !
    interface Vlan20
     ip address 10.0.20.1 255.255.255.0
     ip nat inside
     ip virtual-reassembly in
    !
    ip forward-protocol nd
    !
    no ip http server
    no ip http secure-server
    !
    ip nat source list 10 interface GigabitEthernet0/0 overload
    !
    access-list 10 permit 10.0.10.0 0.0.0.255
    access-list 10 deny   any
    access-list 10 permit 10.0.20.0 0.0.0.255
    !
    !
    !
    !
    !
    !
    control-plane
    !
    !
    !
    line con 0
    line aux 0
    line vty 0 4
     login
     transport input all
    !
    scheduler allocate 20000 1000
    end

Jon Marshall · ‎01-26-2016

Your NAT statement should include the "inside" keyword ie.

"ip nat inside source list ..."

and your acl needs modifying, you just need permit lines for the subnets you have configured.

Also do a "sh ip route" and make sure you are receiving a default route from the ISP.

Jon

View solution in original post

veerappan · ‎01-26-2016

You will be able to find more information on NAT at http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/15-mt/nat-15-mt-book/iadnat-addr-consv.html

Jon Marshall · ‎01-26-2016

Your NAT statement should include the "inside" keyword ie.

"ip nat inside source list ..."

and your acl needs modifying, you just need permit lines for the subnets you have configured.

Also do a "sh ip route" and make sure you are receiving a default route from the ISP.

Jon

NAT (PAT) Assistance