Solved

Basic traffice forwarding on 1710 router

Posted on 2004-10-20
8
220 Views
Last Modified: 2013-11-30
int e0 set to 192.168.1.1 255.255.255.0

int fa0 set to 209.40.171.195 255.255.255.224  (ISP Supplied) Also, the ISP said my gateway is 209.40.171.193

I have created an access list:
     access-list 100 permit tcp any any

I assigned this access-list to int e0
     ip access-group 100 out

I still can not ping any "outside" web sites from the router....what is wrong?  What am I supposed to do with the 209.40.171.193 address?
0
Comment
Question by:MCHDMISDEPT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 43

Assisted Solution

by:JFrederick29
JFrederick29 earned 250 total points
ID: 12360415
I don't think you want only TCP traffic to be allowed out do you?  If you want to allow all traffic, the access-list should be "access-list 100 permit ip any any"  but if you are going to use that access-list, you might as well not even use one.  Get rid of the access-list all together.

The gateway needs to be used in your default route statement:

ip route 0.0.0.0 0.0.0.0 209.40.171.193

Do you have NAT setup on the router?

int e0
ip address 192.168.1.1 255.255.255.0
ip nat inside

int fa0
ip address 209.40.171.195 255.255.255.224
ip nat outside

ip nat inside source list 1 interface fa0 overload

access-list 1 permit 192.168.1.0 0.0.0.255
0
 

Author Comment

by:MCHDMISDEPT
ID: 12360455
question:  Do you have to use NAT any time you setup a router...i mean what happens if you dont use the NAT statement
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 12360485
You need to use NAT when you are connecting to the Internet and using a private address space on the internal network.

You are using 192.168.1.0 which is a private subnet (not routable on the Internet).

209.40.171.195 is a public address (routable on the Internet).  NAT allows you to connect privately addressed systems to the Internet using the public IP address from your ISP.  Basically, NAT translates the 192.168.1.x address to 209.40.171.195.

You need to use NAT in your situation.
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 12360493
   > access-list 100 permit tcp any any
>I assigned this access-list to int e0
     ip access-group 100 out

>I still can not ping any "outside" web sites from the router....what is wrong?
Because you did not permit ICMP or UDP (for DNS resolution), only TCP in your acl

Agree with JFrederick29, simply remove the access-group from the interface. you have it applied in the wrong direction anyway.. should be "in" instead of "out", but like JF said, it's not needed at all if you want to permit everything anyway..


0
 

Author Comment

by:MCHDMISDEPT
ID: 12360505
Great!  Finally someone answered my simple question.  Thanks.
0
 
LVL 5

Expert Comment

by:AutoSponge
ID: 12360585
There is an implicit deny at the end of all ACLs and they process line-by-line in order.
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 12360593
Keep in mind, you may be permitting all the necessary traffic but if you don't have NAT properly configured, you will never be able to ping/access an Internet host from a system on your internal network.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12403465
Any progress? Are you still working on this? Do you need more information?
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
RHEL6 + dockers - No route to host 7 104
VOIP gateways - feedback 23 123
Network Tunnels 2 48
internal SLA's for IT provision 6 37
Let’s list some of the technologies that enable smooth teleworking. 
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question