MCHDMISDEPT
asked on
Basic traffice forwarding on 1710 router
int e0 set to 192.168.1.1 255.255.255.0
int fa0 set to 209.40.171.195 255.255.255.224 (ISP Supplied) Also, the ISP said my gateway is 209.40.171.193
I have created an access list:
access-list 100 permit tcp any any
I assigned this access-list to int e0
ip access-group 100 out
I still can not ping any "outside" web sites from the router....what is wrong? What am I supposed to do with the 209.40.171.193 address?
int fa0 set to 209.40.171.195 255.255.255.224 (ISP Supplied) Also, the ISP said my gateway is 209.40.171.193
I have created an access list:
access-list 100 permit tcp any any
I assigned this access-list to int e0
ip access-group 100 out
I still can not ping any "outside" web sites from the router....what is wrong? What am I supposed to do with the 209.40.171.193 address?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You need to use NAT when you are connecting to the Internet and using a private address space on the internal network.
You are using 192.168.1.0 which is a private subnet (not routable on the Internet).
209.40.171.195 is a public address (routable on the Internet). NAT allows you to connect privately addressed systems to the Internet using the public IP address from your ISP. Basically, NAT translates the 192.168.1.x address to 209.40.171.195.
You need to use NAT in your situation.
You are using 192.168.1.0 which is a private subnet (not routable on the Internet).
209.40.171.195 is a public address (routable on the Internet). NAT allows you to connect privately addressed systems to the Internet using the public IP address from your ISP. Basically, NAT translates the 192.168.1.x address to 209.40.171.195.
You need to use NAT in your situation.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Great! Finally someone answered my simple question. Thanks.
There is an implicit deny at the end of all ACLs and they process line-by-line in order.
Keep in mind, you may be permitting all the necessary traffic but if you don't have NAT properly configured, you will never be able to ping/access an Internet host from a system on your internal network.
Any progress? Are you still working on this? Do you need more information?
ASKER