Basic traffice forwarding on 1710 router

int e0 set to

int fa0 set to  (ISP Supplied) Also, the ISP said my gateway is

I have created an access list:
     access-list 100 permit tcp any any

I assigned this access-list to int e0
     ip access-group 100 out

I still can not ping any "outside" web sites from the router....what is wrong?  What am I supposed to do with the address?
Who is Participating?
lrmooreConnect With a Mentor Commented:
   > access-list 100 permit tcp any any
>I assigned this access-list to int e0
     ip access-group 100 out

>I still can not ping any "outside" web sites from the router....what is wrong?
Because you did not permit ICMP or UDP (for DNS resolution), only TCP in your acl

Agree with JFrederick29, simply remove the access-group from the interface. you have it applied in the wrong direction anyway.. should be "in" instead of "out", but like JF said, it's not needed at all if you want to permit everything anyway..

JFrederick29Connect With a Mentor Commented:
I don't think you want only TCP traffic to be allowed out do you?  If you want to allow all traffic, the access-list should be "access-list 100 permit ip any any"  but if you are going to use that access-list, you might as well not even use one.  Get rid of the access-list all together.

The gateway needs to be used in your default route statement:

ip route

Do you have NAT setup on the router?

int e0
ip address
ip nat inside

int fa0
ip address
ip nat outside

ip nat inside source list 1 interface fa0 overload

access-list 1 permit
MCHDMISDEPTAuthor Commented:
question:  Do you have to use NAT any time you setup a router...i mean what happens if you dont use the NAT statement
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

You need to use NAT when you are connecting to the Internet and using a private address space on the internal network.

You are using which is a private subnet (not routable on the Internet). is a public address (routable on the Internet).  NAT allows you to connect privately addressed systems to the Internet using the public IP address from your ISP.  Basically, NAT translates the 192.168.1.x address to

You need to use NAT in your situation.
MCHDMISDEPTAuthor Commented:
Great!  Finally someone answered my simple question.  Thanks.
There is an implicit deny at the end of all ACLs and they process line-by-line in order.
Keep in mind, you may be permitting all the necessary traffic but if you don't have NAT properly configured, you will never be able to ping/access an Internet host from a system on your internal network.
Any progress? Are you still working on this? Do you need more information?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.