Advertisement

06.21.2008 at 04:04PM PDT, ID: 23505127
[x]
Attachment Details

Basic Router Config / Cisco 800 Series / router can ping internet, lan computers can not browse web or ping internet

Asked by Crazy_Penguins in Enterprise Firewalls, Network Routers

Tags: Cisco, 800 Series Router, 871 Router

Basic Router Config / Cisco 800 Series
Router can ping internet, LAN computers can not browse web or ping internet

For example, from the CLI on the Cisco box, if I ping google, all is good - however if I try to ping from a LAN computer, nothing - also can't browse internet from LAN computers (aka not ICMP issues).

Really in a bit over my head with this router configuration - but trying to pan it out.  Could be a simple as NAT not being configured?

My current configuration below.Start Free Trial 
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:

Current configuration : 7213 bytes
!
! Last configuration change at 15:29:38 PCTime Sat Jun 21 2008 by valuelogic
! NVRAM config last updated at 15:29:54 PCTime Sat Jun 21 2008 by valuelogic
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname SpectrumCisco
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
 --More--         logging console critical
enable secret 5 $1$NGPp$GmViZ0RBkTrlJJLZhLkvC/
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -8
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
ip subnet-zero
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool sdm-pool1
   import all
   network 192.168.1.0 255.255.255.0
   dns-server 4.2.2.2 4.2.2.1 
   default-router 192.168.1.1 
!
 --More--         !
ip tcp synwait-time 10
no ip bootp server
ip domain name cisco.SpectrumMarketing.net
ip name-server 4.2.2.2
ip name-server 4.2.2.1
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
 --More--         ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
!
!
crypto pki trustpoint TP-self-signed-3431502892
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3431502892
 revocation-check none
 rsakeypair TP-self-signed-3431502892
!
!
crypto pki certificate chain TP-self-signed-3431502892
 certificate self-signed 01
  3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 33343331 35303238 3932301E 170D3032 30333031 30303037 
  31355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 34333135 
  30323839 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100BCED 38D2F9EE 4E394FB5 6CF78F5A AB09A7E1 D6377F88 3E3D2C0A 9F3D6332 
  CC9F1F30 81188AE1 0EB376CE 8F6B8715 3172A3AD 2FFE4BFB 4C011559 2663B095 
 --More--           FB654517 2F490697 3A21791D 4C94903D 5F91AB54 48BF1A39 FAC35DDB E68D1F85 
  05881BB8 0E9FE478 0E08341F F28F4B45 883ADB99 61C7D6C3 64EAEEDA C72764C8 
  79990203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603 
  551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D 
  301F0603 551D2304 18301680 14301FF9 84C5A8F8 F3BCF7D0 3FCB480F 58AE10FB 
  93301D06 03551D0E 04160414 301FF984 C5A8F8F3 BCF7D03F CB480F58 AE10FB93 
  300D0609 2A864886 F70D0101 04050003 81810043 F431E81C 40F87FE4 6DDC3390 
  FC30B840 70FF77E8 FD3DA633 808ACDF7 8575DA90 D180EA6B E7340CF1 31435038 
  E5EDA463 27C15C8B 843FE5E6 4B0346BF 7AC87152 34FB531F 0788E35A 67B2A8A1 
  50097D17 8643F8CC BC657B3C 0CCD3B62 7E057E60 18D60AA8 37A44B9B 87707E2D 
  ABC469F6 FAC7A854 460B95C9 6FA23C51 D31E84
  quit
username valuelogic privilege 15 secret 5 $1$SJpa$PaCLCHR3ab419jOZacZ3I0
!
! 
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
 --More--         interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 description $ES_WAN$$FW_OUTSIDE$
 ip address 207.158.24.230 255.255.255.0
 ip access-group 102 in
 ip access-group sdm_fastethernet4_out out
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip inspect SDM_LOW out
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 192.168.1.1 255.255.255.0
 --More--          ip access-group 100 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1452
!
ip classless
ip route 0.0.0.0 0.0.0.0 207.158.24.225
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
!
ip access-list extended sdm_fastethernet4_out
 remark SDM_ACL Category=1
 permit icmp any any
!
 --More--         logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip 207.158.24.0 0.0.0.255 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 4.2.2.1 eq domain host 207.158.24.230
access-list 101 permit udp host 4.2.2.2 eq domain host 207.158.24.230
access-list 101 deny   ip 192.168.1.0 0.0.0.255 any
access-list 101 permit icmp any host 207.158.24.230 echo-reply
access-list 101 permit icmp any host 207.158.24.230 time-exceeded
access-list 101 permit icmp any host 207.158.24.230 unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
 --More--         access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 permit udp host 4.2.2.1 eq domain host 207.158.24.230
access-list 102 permit udp host 4.2.2.2 eq domain host 207.158.24.230
access-list 102 deny   ip 192.168.1.0 0.0.0.255 any
access-list 102 permit icmp any host 207.158.24.230 echo-reply
access-list 102 permit icmp any host 207.158.24.230 time-exceeded
access-list 102 permit icmp any host 207.158.24.230 unreachable
access-list 102 deny   ip 10.0.0.0 0.255.255.255 any
access-list 102 deny   ip 172.16.0.0 0.15.255.255 any
access-list 102 deny   ip 192.168.0.0 0.0.255.255 any
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 deny   ip host 255.255.255.255 any
access-list 102 deny   ip host 0.0.0.0 any
access-list 102 deny   ip any any log
no cdp run
!
!
control-plane
 --More--         !
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 no modem enable
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
[+][-]06.21.2008 at 04:29PM PDT, ID: 21839204

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]06.21.2008 at 04:40PM PDT, ID: 21839208

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.21.2008 at 04:41PM PDT, ID: 21839210

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]06.21.2008 at 04:47PM PDT, ID: 21839219

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Enterprise Firewalls, Network Routers
Tags: Cisco, 800 Series Router, 871 Router
Sign Up Now!
Solution Provided By: rowansmith
Participating Experts: 2
Solution Grade: A
 
 
[+][-]06.21.2008 at 05:30PM PDT, ID: 21839278

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.21.2008 at 05:41PM PDT, ID: 21839311

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.21.2008 at 06:24PM PDT, ID: 21839385

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]06.21.2008 at 06:30PM PDT, ID: 21839400

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]06.21.2008 at 06:34PM PDT, ID: 21839403

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]06.21.2008 at 07:37PM PDT, ID: 21839502

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.21.2008 at 10:30PM PDT, ID: 21839794

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]06.21.2008 at 10:55PM PDT, ID: 21839813

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.22.2008 at 10:20AM PDT, ID: 21841441

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.22.2008 at 10:22AM PDT, ID: 21841447

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.22.2008 at 06:13PM PDT, ID: 21842935

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]06.22.2008 at 07:19PM PDT, ID: 21843149

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]06.22.2008 at 07:21PM PDT, ID: 21843155

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]06.22.2008 at 07:41PM PDT, ID: 21843215

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.22.2008 at 11:19PM PDT, ID: 21843881

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]06.22.2008 at 11:30PM PDT, ID: 21843917

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]06.22.2008 at 11:34PM PDT, ID: 21843925

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]06.23.2008 at 12:38AM PDT, ID: 21844174

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]06.23.2008 at 10:14AM PDT, ID: 21848223

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.23.2008 at 10:17AM PDT, ID: 21848237

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.23.2008 at 11:56AM PDT, ID: 21849120

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.23.2008 at 01:09PM PDT, ID: 21849832

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]06.23.2008 at 03:58PM PDT, ID: 21851116

Assisted solutions are selected by the member who asked the question as a comment that contributed to their question's solution.

Start your 7-day free trial to view this Assisted Solution or ask the Experts your question.

 
[+][-]07.09.2008 at 04:03PM PDT, ID: 21969139

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628