Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Cisco 2611, can ping websites from router but cannot access internet from inside the network

Posted on 2004-08-19
2
Medium Priority
?
481 Views
Last Modified: 2010-03-18
I have the following setup at this time.

Static IP----2611-----static IP------Internal network.  

I can ping sites such as nhl.com or 24.217.0.3 from the router without a problem.  However I cannot ping or access any websites from the internal LAN, I have tried static and DHCP setups inside the LAN.  I think it is an ACL issue but not sure.  I have included my config below

Current configuration : 1553 bytes
!
version 12.2
no parser cache
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Wont-Run
!
logging rate-limit console 10 except errors
enable secret 5 xxxxxxxxxxxxx
enable password 7 xxxxxxxxxxxxxx
!
ip subnet-zero
no ip source-route
!
!
ip name-server 151.164.14.201
ip name-server 151.164.1.8
ip dhcp excluded-address 10.0.1.1 10.0.1.9
!
ip dhcp pool MGMT
   network 10.0.1.0 255.255.255.0
   dns-server 151.164.14.201 151.164.1.8
   default-router 69.148.10.bb 69.148.10.aa 10.0.1.1
   lease infinite
!
no ip bootp server
ip audit notify log
ip audit po max-events 100
no ip dhcp-client network-discovery
!
!
!
interface Ethernet0/0
 description inside
 ip address 10.0.1.1 255.255.255.0
 ip access-group 101 out
 no ip proxy-arp
 ip nat inside
 half-duplex
 no cdp enable
!
interface Serial0/0
 ip address 192.168.0.1 255.255.255.0
 no cdp enable
!
interface Ethernet0/1
 description outside
 ip address 69.148.10.bb 255.255.255.248
 no ip proxy-arp
 ip nat outside
 half-duplex
 no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/1 69.148.10.cc
no ip http server
!
access-list 101 permit tcp any any
access-list 102 permit ip any any
no cdp run
!
line con 0
 exec-timeout 5 0
 password 7 xxxxxxxx
 login
line aux 0
 no exec
 exec-timeout 0 10
line vty 0 4
 no exec
 exec-timeout 0 30
 password 7 xxxxxxxx
 login
 transport input none
line vty 5 15
 password 7 xxxxxxxx
 login
!
!
end

Any help would be greatly appreciated.
0
Comment
Question by:pjn308
2 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 2000 total points
ID: 11845009
Add the following to your configuration:

en
conf t
access-list 1 permit 10.0.0.0 0.0.0.255
ip nat inside source list 1 interface ethernet0/1 overload

Also, access-list 101 configured on ethernet0/0 is only allowing TCP traffic out.  You won't be able to resolve DNS lookups if you don't add UDP to your access-list "access-list 101 permit udp any any".

It would be better if you removed the access-list altogether and added a list inbound on Ethernet0/1.  Here is a basic list that works in most cases and will help protect you from the Internet.

access-list 101 permit udp any eq 53 any          <--- Allow return DNS replies
access-list 101 permit tcp any any established   <--- Allow established TCP sessions from the inside network
access-list 101 permit icmp any any echo-reply  <--- Allow icmp replies back into your network

Apply it inbound on Ethernet0/1:

interface ethernet0/1
ip access-group 101 in
0
 
LVL 9

Expert Comment

by:Pentrix2
ID: 11850702
Yupe, that should work.  :)
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Loops Section Overview

782 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question