Solved

Cisco 1841 local network can't access the Internet

Posted on 2008-06-19
2
535 Views
Last Modified: 2013-12-14
Hi

I've just (tried to) configured a Cisco 1841 router. It's got two WIC1-ADSL cards but only one is connected currently (ATM0/1/0.1).

I can ping the outside world when at the CLI but can not ping or access the internet from a local machine connected to BVI1.
From the local network I can ping the router (10.100.1.1) and also the outside interface ATM0/1/0.1 (78.86.222.222).

Can anyone spot why this might be?

Many thanks in advance for any assistance.

Cheers
Mike
Building configuration...
 

Current configuration : 6467 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname spicy

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable secret 5 XXXXXXXXXXXXXXXXXX

!

no aaa new-model

ip cef

!

!

ip inspect name SDM_LOW cuseeme

ip inspect name SDM_LOW dns

ip inspect name SDM_LOW ftp

ip inspect name SDM_LOW h323

ip inspect name SDM_LOW https

ip inspect name SDM_LOW icmp

ip inspect name SDM_LOW imap

ip inspect name SDM_LOW pop3

ip inspect name SDM_LOW netshow

ip inspect name SDM_LOW rcmd

ip inspect name SDM_LOW realaudio

ip inspect name SDM_LOW rtsp

ip inspect name SDM_LOW esmtp

ip inspect name SDM_LOW sqlnet

ip inspect name SDM_LOW streamworks

ip inspect name SDM_LOW tftp

ip inspect name SDM_LOW tcp

ip inspect name SDM_LOW udp

ip inspect name SDM_LOW vdolive

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

no ip dhcp use vrf connected

ip dhcp excluded-address 10.100.1.1 10.100.1.100

ip dhcp excluded-address 10.100.1.121 10.100.1.254

!

ip dhcp pool LocalNetwork

   import all

   network 10.100.1.0 255.255.255.0

   dns-server XXX.XXX.0.66 XXX.XXX.0.67 

   default-router 10.100.1.1 

!

!

ip name-server XXX.XXX.0.66

ip name-server XXX.XXX.0.67

!

!

crypto pki trustpoint TP-self-signed-3895563551

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-3895563551

 revocation-check none

 rsakeypair TP-self-signed-3895563551

!

!

crypto pki certificate chain TP-self-signed-3895563551

 certificate self-signed 01

  3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 

  69666963 6174652D 33383935 35363335 3531301E 170D3038 30363139 31373539 

  30365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 

  4F532D53 656C662D F7676449 65642D43 65727469 66696361 74652D33 38393535 

  36333535 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 

  8100ABBB 1CD5F6CB A0E0F9B6 E06B884B 65B32AAD C26B8A27 2AAEB696 9563C9DA 

  1E93E7BB 91AD8272 E7937225 C5147045 CFA38E29 9E08214B 2600216D A310E8C1 

  C0342CD2 6EB9A7C3 59ED012E 6D1E39E7 F7676449 D8EEB73B CC176FF0 68519C81 

  0AD1DEA8 83ABD260 3BC40D90 AD639FCA 0530D05B F7676449 96530977 BFC63F9C 

  D23B0203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603 

  551D1104 F7676449 06526F75 74657230 1F060355 1D230418 30168014 2E40D74C 

  286BA1BA ED47998E 0F10F13D 90E375A5 301D0603 551D0E04 1604142E 40D74C28 

  6BA1BAED 47998E0F 10F13D90 E375A530 0D06092A 864886F7 0D010104 05000381 

  81007BE5 40F2E0D9 F9D77010 D0798BAF DA8E4C42 69951BCE 02241D82 08B4D04E 

  CC263B56 8C8AE255 16A0AAF7 CBAD45EC D59E058A 81189644 1A58DBD5 B98DA4AE 

  1392F7A0 FA1372EC 9A0A415A 1764A314 B4B506AB CC3B5786 690DD6BE F49B9EC4 

  55A7214F 540F43F6 1BE9C7A5 FFD0203E D307E5B6 C0BAFCDE 9610184B 4C8D3E20 D6E8

  quit

!

!

! 

!

bridge irb

!

!

interface Loopback0

 no ip address

!

interface Null0

 no ip unreachables

!

interface FastEthernet0/0

 no ip address

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip virtual-reassembly

 ip route-cache flow

 duplex auto

 speed auto

 bridge-group 1

!

interface FastEthernet0/1

 no ip address

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip virtual-reassembly

 ip route-cache flow

 duplex auto

 speed auto

!

interface ATM0/0/0

 no ip address

 no ip redirects

 no ip proxy-arp

 ip route-cache policy

 ip route-cache flow

 logging event atm pvc state

 logging event subif-link-status

 no atm ilmi-keepalive

 dsl operating-mode auto 

 hold-queue 224 in

!

interface ATM0/0/0.1 point-to-point

 description BePro

 mtu 1500

 ip address 78.86.111.111 255.255.240.0

 ip verify unicast reverse-path

 no ip redirects

 no ip proxy-arp

 ip nbar protocol-discovery

 ip flow ingress

 ip flow egress

 ip nat outside

 ip virtual-reassembly

 ip route-cache same-interface

 ip tcp adjust-mss 1460

 snmp trap link-status

 atm route-bridged ip

 pvc BePro 0/101 

  oam-pvc manage

  encapsulation aal5snap

 !

!

interface ATM0/1/0

 no ip address

 no ip redirects

 no ip proxy-arp

 ip route-cache policy

 ip route-cache flow

 logging event atm pvc state

 logging event subif-link-status

 no atm ilmi-keepalive

 dsl operating-mode auto 

 hold-queue 224 in

!

interface ATM0/1/0.1 point-to-point

 description O2Business

 mtu 1500

 ip address 78.86.222.222 255.255.240.0

 ip access-group 101 in

 ip verify unicast reverse-path

 no ip redirects

 no ip proxy-arp

 ip nbar protocol-discovery

 ip inspect SDM_LOW out

 ip flow ingress

 ip flow egress

 ip nat outside

 ip virtual-reassembly

 ip route-cache same-interface

 snmp trap link-status

 atm route-bridged ip

 pvc O2Business 0/101 

  oam-pvc manage

  encapsulation aal5snap

 !

!

interface BVI1

 description $FW_INSIDE$

 ip address 10.100.1.1 255.255.255.0

 ip access-group 100 in

 no ip redirects

 ip nbar protocol-discovery

 ip flow ingress

 ip flow egress

 ip nat inside

 ip virtual-reassembly

 ip route-cache flow

!

no ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 78.86.333.333 permanent

!

ip http server

ip http secure-server

!

access-list 1 remark SDM_ACL Category=2

access-list 1 permit any

access-list 100 remark auto generated by SDM firewall configuration

access-list 100 remark SDM_ACL Category=1

access-list 100 deny   ip 78.86.333.0 0.0.15.255 any

access-list 100 deny   ip host 255.255.255.255 any

access-list 100 deny   ip 127.0.0.0 0.255.255.255 any

access-list 100 permit ip any any

access-list 101 remark auto generated by SDM firewall configuration

access-list 101 remark SDM_ACL Category=1

access-list 101 permit udp host XXX.XXX.0.67 eq domain host 78.86.222.222

access-list 101 permit udp host XXX.XXX.0.66 eq domain host 78.86.222.222

access-list 101 deny   ip 10.100.1.0 0.0.0.255 any

access-list 101 permit icmp any host 78.86.222.222 echo-reply

access-list 101 permit icmp any host 78.86.222.222 time-exceeded

access-list 101 permit icmp any host 78.86.222.222 unreachable

access-list 101 deny   ip 10.0.0.0 0.255.255.255 any

access-list 101 deny   ip 172.16.0.0 0.15.255.255 any

access-list 101 deny   ip 192.168.0.0 0.0.255.255 any

access-list 101 deny   ip 127.0.0.0 0.255.255.255 any

access-list 101 deny   ip host 255.255.255.255 any

access-list 101 deny   ip host 0.0.0.0 any

access-list 101 deny   ip any any log

!

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

!

line con 0

line aux 0

line vty 0 4

 login

!

scheduler allocate 20000 1000

end

Open in new window

0
Comment
Question by:m_carrington
2 Comments
 
LVL 7

Accepted Solution

by:
logic2 earned 125 total points
ID: 21826812
simple you need to configure NAT :)
you have the nat statements configured under the interfaces but the nat itself is not configured
try adding this config

ip nat inside source list 102 interface ATM0/1/0.1 overload
access-list 102 permit ip 10.100.1.0 0.0.0.255 any

try it and tell me the results
if it didnt work try removing ACL 100 and 101  from the interfaces
0
 

Author Closing Comment

by:m_carrington
ID: 31468960
Hey logic2 - nice one thanks.
Thought it was something along those lines but just couldn't get the exact sequence of commands right.
Cheers
Mike
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now