01-16-2010 08:49 AM - edited 03-06-2019 09:19 AM
Hello everyone i am new to Cisco and just started studying for my CCNA. I have a 1751v router and a 2924xl switch. I have the LAN setup correctly but for some reason the WAN on my router will not connect. I have it set up on DHCP from my ISP which it will get a IP address but for some reason i can not access the internet. I have been working on this for hours can someone help me out and point me in the right direction. Here is a copy of my start-running config. Username and password and ip domain name have been deleted for personal reasons.
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco1751v
!
boot-start-marker
boot-end-marker
!
enable password
!
username password 0
memory-size iomem 15
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
!
!
ip domain name
ip name-server 192.168.10.5
ip name-server 192.168.10.1
ip dhcp excluded-address 192.168.10.1 192.168.10.10
!
ip dhcp pool HOME
import all
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 68.87.64.150 68.87.75.198
!
ip cef
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0/0
description $FW_OUTSIDE$
ip address dhcp
ip access-group 102 in
ip nat outside
ip inspect SDM_LOW out
half-duplex
!
interface FastEthernet0/0
description $FW_INSIDE$
ip address 192.168.10.6 255.255.255.0
ip access-group 100 in
ip nat inside
speed auto
!
router rip
passive-interface Ethernet0/0
network 174.55.0.0
network 192.168.10.0
!
ip nat inside source list 101 interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
no ip http server
ip http secure-server
!
!
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 permit ip 192.168.10.0 0.0.0.255 any
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 deny ip 192.168.10.0 0.0.0.255 any
access-list 102 permit udp any eq bootps any eq bootpc
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any time-exceeded
access-list 102 permit icmp any any unreachable
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip any any log
!
!
line con 0
line aux 0
line vty 0 4
login local
transport input telnet ssh
line vty 5 15
login local
transport input telnet ssh
!
end
01-16-2010 02:18 PM
Hello,
I hope you are doing great,
I would like to confirm whit you the ACL 102
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 deny ip 192.168.10.0 0.0.0.255 any
access-list 102 permit udp any eq bootps any eq bootpc
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any time-exceeded
access-list 102 permit icmp any any unreachable
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip any any log
interface Ethernet0/0
description $FW_OUTSIDE$
ip address dhcp
ip access-group 102 in
ip nat outside
ip inspect SDM_LOW out
half-duplex
First of all, I would like to ask you if you can change the duplex speed, on your configuration in order to avoid problems.
after that in order to make a secure conection whit the internet, and to allow u connectivity you can change your accesslist to just permite sessions whit the "eq" enable at the end of the access list, and that will be only accept connections if they were created from your lan, like this
permit ip host 192.168.0.0 0.0.0.255 any eq
The problem is that the access list that you have for inbound traffic does not allow the IP packets to pass to your network, since the ACL have the implicit deny at the end.
If you have any other questions please let me know.
Thanks,
01-16-2010 09:05 PM
Hi Todd,
Seems to you need to change some configuration in your router as your nat source list is overloaded to inside inteface it should be binded with the outside interface.
ip nat inside source list 101 interface FastEthernet0/0 overload
ip nat inside source list 101 interface Ethernet0/0 overload
Hope that clear out your query !!
Regards
Ganesh.H
01-18-2010 01:04 AM
Hi
As already stated by Ganesh, you have to change the overload to be done on the outside interface Ethernet 0/0.
Also your dhcp pool have default-router 192.168.10.1. But the Fastethernet interface (inside) have 192.168.10.6.
This must be corrected to get it working, they must be the same.
/Mikael
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide