Avatar of Ryan_Kempt
Ryan_KemptFlag for Canada asked on

Cisco 2611XM can ping internet from router, but not from a PC on the lan.

Hello,

I have a Cisco 2611XM.  I've configured FE 0/0 as the port to connect to my cable modem.  FE 0/1 is my lan port, which connects to my Cisco 2950.

The cisco 2611XM is setup as a DHCP server, it gives out ip addresses fine, all computers on the lan can communicate and they get the correct default gateway (the ip of FE 0/1).  They can ping the ip of FE 0/0 as well, but they can not ping the gateway beyond that, nor can they ping any other external ip (obviously).

When logged into the router I can ping all ip's just fine and I can resolve dns (I can ping google.com).  

I'm obviously missing something simple, and I just can't figure it out.  This is an older router I've had for some time and I have no service contract so I can't call TAC for help.  

All ACLS are turned off for the sake of troubleshooting.  If you need any additional information I can provide it, but I'm hoping I overlooked something simple.

Thanks,
Ryan
BroadbandNetwork ArchitectureRouters

Avatar of undefined
Last Comment
Ryan_Kempt

8/22/2022 - Mon
Gothvf

Hello,

Does your router avae the correct default route ?

Post the running-conf output, will be much easier.

Regards,
ASKER
Ryan_Kempt

Lan ip addresses are exact and untouched, wan ip addresses have been modified slightly for internet posting :)

Let me know if you need any other info.

show running-config
Building configuration...

Current configuration : 3060 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 2611XM-1
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$4u62$56dA3Xu3222BVhC7bT2K0
enable password 7 0145123F53393951
!
no aaa new-model
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.251 10.10.10.254
ip dhcp excluded-address 10.10.10.1 10.10.10.9
!
ip dhcp pool main
   import all
   network 10.10.10.0 255.255.255.0
   dns-server 20.215.60.18
   default-router 10.10.10.1
!
!
ip name-server 20.215.60.18
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 description $FW_OUTSIDE$$ETH-LAN$
 ip address 20.215.41.115 255.255.255.0
 ip verify unicast reverse-path
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description $FW_INSIDE$$ETH-LAN$
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 speed auto
 half-duplex
 no mop enabled
!
ip default-gateway 20.215.41.1
ip route 0.0.0.0 0.0.0.0 20.215.41.1
!
!
ip http server
no ip http secure-server
!
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip 20.215.41.0 0.0.0.255 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 20.215.60.18 eq domain host 20.215.41.115
access-list 101 deny   ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any host 20.215.41.115 echo-reply
access-list 101 permit icmp any host 20.215.41.115 time-exceeded
access-list 101 permit icmp any host 20.215.41.115 unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any log
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 password 7 09561D19325D063A48
 login
!
!
end

ASKER CERTIFIED SOLUTION
tfowles

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
Ryan_Kempt

Thanks,

I knew it was something simple I was missing.

-Ryan
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy