Solved

Cisco 2611, can ping websites from router but cannot access internet from inside the network

Posted on 2004-08-19
2
472 Views
Last Modified: 2010-03-18
I have the following setup at this time.

Static IP----2611-----static IP------Internal network.  

I can ping sites such as nhl.com or 24.217.0.3 from the router without a problem.  However I cannot ping or access any websites from the internal LAN, I have tried static and DHCP setups inside the LAN.  I think it is an ACL issue but not sure.  I have included my config below

Current configuration : 1553 bytes
!
version 12.2
no parser cache
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Wont-Run
!
logging rate-limit console 10 except errors
enable secret 5 xxxxxxxxxxxxx
enable password 7 xxxxxxxxxxxxxx
!
ip subnet-zero
no ip source-route
!
!
ip name-server 151.164.14.201
ip name-server 151.164.1.8
ip dhcp excluded-address 10.0.1.1 10.0.1.9
!
ip dhcp pool MGMT
   network 10.0.1.0 255.255.255.0
   dns-server 151.164.14.201 151.164.1.8
   default-router 69.148.10.bb 69.148.10.aa 10.0.1.1
   lease infinite
!
no ip bootp server
ip audit notify log
ip audit po max-events 100
no ip dhcp-client network-discovery
!
!
!
interface Ethernet0/0
 description inside
 ip address 10.0.1.1 255.255.255.0
 ip access-group 101 out
 no ip proxy-arp
 ip nat inside
 half-duplex
 no cdp enable
!
interface Serial0/0
 ip address 192.168.0.1 255.255.255.0
 no cdp enable
!
interface Ethernet0/1
 description outside
 ip address 69.148.10.bb 255.255.255.248
 no ip proxy-arp
 ip nat outside
 half-duplex
 no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/1 69.148.10.cc
no ip http server
!
access-list 101 permit tcp any any
access-list 102 permit ip any any
no cdp run
!
line con 0
 exec-timeout 5 0
 password 7 xxxxxxxx
 login
line aux 0
 no exec
 exec-timeout 0 10
line vty 0 4
 no exec
 exec-timeout 0 30
 password 7 xxxxxxxx
 login
 transport input none
line vty 5 15
 password 7 xxxxxxxx
 login
!
!
end

Any help would be greatly appreciated.
0
Comment
Question by:pjn308
2 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 11845009
Add the following to your configuration:

en
conf t
access-list 1 permit 10.0.0.0 0.0.0.255
ip nat inside source list 1 interface ethernet0/1 overload

Also, access-list 101 configured on ethernet0/0 is only allowing TCP traffic out.  You won't be able to resolve DNS lookups if you don't add UDP to your access-list "access-list 101 permit udp any any".

It would be better if you removed the access-list altogether and added a list inbound on Ethernet0/1.  Here is a basic list that works in most cases and will help protect you from the Internet.

access-list 101 permit udp any eq 53 any          <--- Allow return DNS replies
access-list 101 permit tcp any any established   <--- Allow established TCP sessions from the inside network
access-list 101 permit icmp any any echo-reply  <--- Allow icmp replies back into your network

Apply it inbound on Ethernet0/1:

interface ethernet0/1
ip access-group 101 in
0
 
LVL 9

Expert Comment

by:Pentrix2
ID: 11850702
Yupe, that should work.  :)
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now