I have configure the main GigabitEthernet 0/0/0 interface to successfully connect to my ISP and from the router CLI I can ping the outside world.
On my private network side (192.168.3.0) i have configured a VLAN (192.168.3.1)and added one of my L2 interfaces GigabitEthernet 0/1/3 to the VLAN. I have also configure NAT inside.
For some reason, from my PC using 192.168.3.3 is not able to ping the outside world. I can successfully ping both internal and external interfaces on the router but cannot get further.
If anyone is able to help review my config I would be most grateful.
============== config===================
#show running-config
Building configuration...
Current configuration : 6792 bytes
!
! Last configuration change at 14:33:31 UTC Sat Apr 15 2023
! NVRAM config last updated at 14:30:19 UTC Sat Apr 15 2023 by admin
!
version 16.10
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname router
!
boot-start-marker
boot-end-marker
!
logging console emergencies
enable secret 9 XXXX
enable password XXXX
!
no aaa new-model
clock timezone UTC 10 0
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
!
ip dhcp excluded-address 192.168.3.1 192.168.3.50
!
ip dhcp pool lan-pool
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server 8.8.8.8
!
login on-success log
!
subscriber templating
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-xxxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-xxxx
revocation-check none
rsakeypair TP-self-signed-xxxx
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
crypto pki certificate chain TP-self-signed-1698198237
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
quit
!
crypto pki certificate pool
cabundle nvram:ios_core.p7b
!
license udi pid C1111-4P sn xxxx
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username admin privilege 15 password 0 cisco
!
redundancy
mode none
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/0/0
ip address dhcp
ip nat outside
negotiation auto
spanning-tree portfast disable
!
interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
switchport mode access
!
interface Vlan1
ip address 192.168.3.1 255.255.255.0
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip dns server
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 xxx.xxx.4.1
ip route 0.0.0.0 0.0.0.0 xxx.xxx.4.1
!
access-list 1 permit 192.168.3.0 0.0.0.255
!
route-map track-primary-if permit 1
match ip address 197
set interface GigabitEthernet0/0/0
!
control-plane
!
line con 0
transport input none
stopbits 1
line vty 0 4
password xxxx
login
length 0
!
end
