Solved

Cisco 2611, can ping websites from router but cannot access internet from inside the network

Posted on 2004-08-19
2
475 Views
Last Modified: 2010-03-18
I have the following setup at this time.

Static IP----2611-----static IP------Internal network.  

I can ping sites such as nhl.com or 24.217.0.3 from the router without a problem.  However I cannot ping or access any websites from the internal LAN, I have tried static and DHCP setups inside the LAN.  I think it is an ACL issue but not sure.  I have included my config below

Current configuration : 1553 bytes
!
version 12.2
no parser cache
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Wont-Run
!
logging rate-limit console 10 except errors
enable secret 5 xxxxxxxxxxxxx
enable password 7 xxxxxxxxxxxxxx
!
ip subnet-zero
no ip source-route
!
!
ip name-server 151.164.14.201
ip name-server 151.164.1.8
ip dhcp excluded-address 10.0.1.1 10.0.1.9
!
ip dhcp pool MGMT
   network 10.0.1.0 255.255.255.0
   dns-server 151.164.14.201 151.164.1.8
   default-router 69.148.10.bb 69.148.10.aa 10.0.1.1
   lease infinite
!
no ip bootp server
ip audit notify log
ip audit po max-events 100
no ip dhcp-client network-discovery
!
!
!
interface Ethernet0/0
 description inside
 ip address 10.0.1.1 255.255.255.0
 ip access-group 101 out
 no ip proxy-arp
 ip nat inside
 half-duplex
 no cdp enable
!
interface Serial0/0
 ip address 192.168.0.1 255.255.255.0
 no cdp enable
!
interface Ethernet0/1
 description outside
 ip address 69.148.10.bb 255.255.255.248
 no ip proxy-arp
 ip nat outside
 half-duplex
 no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/1 69.148.10.cc
no ip http server
!
access-list 101 permit tcp any any
access-list 102 permit ip any any
no cdp run
!
line con 0
 exec-timeout 5 0
 password 7 xxxxxxxx
 login
line aux 0
 no exec
 exec-timeout 0 10
line vty 0 4
 no exec
 exec-timeout 0 30
 password 7 xxxxxxxx
 login
 transport input none
line vty 5 15
 password 7 xxxxxxxx
 login
!
!
end

Any help would be greatly appreciated.
0
Comment
Question by:pjn308
2 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 11845009
Add the following to your configuration:

en
conf t
access-list 1 permit 10.0.0.0 0.0.0.255
ip nat inside source list 1 interface ethernet0/1 overload

Also, access-list 101 configured on ethernet0/0 is only allowing TCP traffic out.  You won't be able to resolve DNS lookups if you don't add UDP to your access-list "access-list 101 permit udp any any".

It would be better if you removed the access-list altogether and added a list inbound on Ethernet0/1.  Here is a basic list that works in most cases and will help protect you from the Internet.

access-list 101 permit udp any eq 53 any          <--- Allow return DNS replies
access-list 101 permit tcp any any established   <--- Allow established TCP sessions from the inside network
access-list 101 permit icmp any any echo-reply  <--- Allow icmp replies back into your network

Apply it inbound on Ethernet0/1:

interface ethernet0/1
ip access-group 101 in
0
 
LVL 9

Expert Comment

by:Pentrix2
ID: 11850702
Yupe, that should work.  :)
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question