Link to home
Start Free TrialLog in
Avatar of Ryan_Kempt
Ryan_KemptFlag for Canada

asked on

Cisco 2611XM can ping internet from router, but not from a PC on the lan.

Hello,

I have a Cisco 2611XM.  I've configured FE 0/0 as the port to connect to my cable modem.  FE 0/1 is my lan port, which connects to my Cisco 2950.

The cisco 2611XM is setup as a DHCP server, it gives out ip addresses fine, all computers on the lan can communicate and they get the correct default gateway (the ip of FE 0/1).  They can ping the ip of FE 0/0 as well, but they can not ping the gateway beyond that, nor can they ping any other external ip (obviously).

When logged into the router I can ping all ip's just fine and I can resolve dns (I can ping google.com).  

I'm obviously missing something simple, and I just can't figure it out.  This is an older router I've had for some time and I have no service contract so I can't call TAC for help.  

All ACLS are turned off for the sake of troubleshooting.  If you need any additional information I can provide it, but I'm hoping I overlooked something simple.

Thanks,
Ryan
Avatar of Gothvf
Gothvf

Hello,

Does your router avae the correct default route ?

Post the running-conf output, will be much easier.

Regards,
Avatar of Ryan_Kempt

ASKER

Lan ip addresses are exact and untouched, wan ip addresses have been modified slightly for internet posting :)

Let me know if you need any other info.

show running-config
Building configuration...

Current configuration : 3060 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 2611XM-1
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$4u62$56dA3Xu3222BVhC7bT2K0
enable password 7 0145123F53393951
!
no aaa new-model
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.251 10.10.10.254
ip dhcp excluded-address 10.10.10.1 10.10.10.9
!
ip dhcp pool main
   import all
   network 10.10.10.0 255.255.255.0
   dns-server 20.215.60.18
   default-router 10.10.10.1
!
!
ip name-server 20.215.60.18
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 description $FW_OUTSIDE$$ETH-LAN$
 ip address 20.215.41.115 255.255.255.0
 ip verify unicast reverse-path
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description $FW_INSIDE$$ETH-LAN$
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 speed auto
 half-duplex
 no mop enabled
!
ip default-gateway 20.215.41.1
ip route 0.0.0.0 0.0.0.0 20.215.41.1
!
!
ip http server
no ip http secure-server
!
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip 20.215.41.0 0.0.0.255 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 20.215.60.18 eq domain host 20.215.41.115
access-list 101 deny   ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any host 20.215.41.115 echo-reply
access-list 101 permit icmp any host 20.215.41.115 time-exceeded
access-list 101 permit icmp any host 20.215.41.115 unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any log
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 password 7 09561D19325D063A48
 login
!
!
end

ASKER CERTIFIED SOLUTION
Avatar of tfowles
tfowles
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Thanks,

I knew it was something simple I was missing.

-Ryan