?
Solved

Cisco 1841 local network can't access the Internet

Posted on 2008-06-19
2
Medium Priority
?
544 Views
Last Modified: 2013-12-14
Hi

I've just (tried to) configured a Cisco 1841 router. It's got two WIC1-ADSL cards but only one is connected currently (ATM0/1/0.1).

I can ping the outside world when at the CLI but can not ping or access the internet from a local machine connected to BVI1.
From the local network I can ping the router (10.100.1.1) and also the outside interface ATM0/1/0.1 (78.86.222.222).

Can anyone spot why this might be?

Many thanks in advance for any assistance.

Cheers
Mike
Building configuration...
 
Current configuration : 6467 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname spicy
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 XXXXXXXXXXXXXXXXXX
!
no aaa new-model
ip cef
!
!
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip dhcp use vrf connected
ip dhcp excluded-address 10.100.1.1 10.100.1.100
ip dhcp excluded-address 10.100.1.121 10.100.1.254
!
ip dhcp pool LocalNetwork
   import all
   network 10.100.1.0 255.255.255.0
   dns-server XXX.XXX.0.66 XXX.XXX.0.67 
   default-router 10.100.1.1 
!
!
ip name-server XXX.XXX.0.66
ip name-server XXX.XXX.0.67
!
!
crypto pki trustpoint TP-self-signed-3895563551
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3895563551
 revocation-check none
 rsakeypair TP-self-signed-3895563551
!
!
crypto pki certificate chain TP-self-signed-3895563551
 certificate self-signed 01
  3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 33383935 35363335 3531301E 170D3038 30363139 31373539 
  30365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D F7676449 65642D43 65727469 66696361 74652D33 38393535 
  36333535 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100ABBB 1CD5F6CB A0E0F9B6 E06B884B 65B32AAD C26B8A27 2AAEB696 9563C9DA 
  1E93E7BB 91AD8272 E7937225 C5147045 CFA38E29 9E08214B 2600216D A310E8C1 
  C0342CD2 6EB9A7C3 59ED012E 6D1E39E7 F7676449 D8EEB73B CC176FF0 68519C81 
  0AD1DEA8 83ABD260 3BC40D90 AD639FCA 0530D05B F7676449 96530977 BFC63F9C 
  D23B0203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603 
  551D1104 F7676449 06526F75 74657230 1F060355 1D230418 30168014 2E40D74C 
  286BA1BA ED47998E 0F10F13D 90E375A5 301D0603 551D0E04 1604142E 40D74C28 
  6BA1BAED 47998E0F 10F13D90 E375A530 0D06092A 864886F7 0D010104 05000381 
  81007BE5 40F2E0D9 F9D77010 D0798BAF DA8E4C42 69951BCE 02241D82 08B4D04E 
  CC263B56 8C8AE255 16A0AAF7 CBAD45EC D59E058A 81189644 1A58DBD5 B98DA4AE 
  1392F7A0 FA1372EC 9A0A415A 1764A314 B4B506AB CC3B5786 690DD6BE F49B9EC4 
  55A7214F 540F43F6 1BE9C7A5 FFD0203E D307E5B6 C0BAFCDE 9610184B 4C8D3E20 D6E8
  quit
!
!
! 
!
bridge irb
!
!
interface Loopback0
 no ip address
!
interface Null0
 no ip unreachables
!
interface FastEthernet0/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 bridge-group 1
!
interface FastEthernet0/1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
!
interface ATM0/0/0
 no ip address
 no ip redirects
 no ip proxy-arp
 ip route-cache policy
 ip route-cache flow
 logging event atm pvc state
 logging event subif-link-status
 no atm ilmi-keepalive
 dsl operating-mode auto 
 hold-queue 224 in
!
interface ATM0/0/0.1 point-to-point
 description BePro
 mtu 1500
 ip address 78.86.111.111 255.255.240.0
 ip verify unicast reverse-path
 no ip redirects
 no ip proxy-arp
 ip nbar protocol-discovery
 ip flow ingress
 ip flow egress
 ip nat outside
 ip virtual-reassembly
 ip route-cache same-interface
 ip tcp adjust-mss 1460
 snmp trap link-status
 atm route-bridged ip
 pvc BePro 0/101 
  oam-pvc manage
  encapsulation aal5snap
 !
!
interface ATM0/1/0
 no ip address
 no ip redirects
 no ip proxy-arp
 ip route-cache policy
 ip route-cache flow
 logging event atm pvc state
 logging event subif-link-status
 no atm ilmi-keepalive
 dsl operating-mode auto 
 hold-queue 224 in
!
interface ATM0/1/0.1 point-to-point
 description O2Business
 mtu 1500
 ip address 78.86.222.222 255.255.240.0
 ip access-group 101 in
 ip verify unicast reverse-path
 no ip redirects
 no ip proxy-arp
 ip nbar protocol-discovery
 ip inspect SDM_LOW out
 ip flow ingress
 ip flow egress
 ip nat outside
 ip virtual-reassembly
 ip route-cache same-interface
 snmp trap link-status
 atm route-bridged ip
 pvc O2Business 0/101 
  oam-pvc manage
  encapsulation aal5snap
 !
!
interface BVI1
 description $FW_INSIDE$
 ip address 10.100.1.1 255.255.255.0
 ip access-group 100 in
 no ip redirects
 ip nbar protocol-discovery
 ip flow ingress
 ip flow egress
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 78.86.333.333 permanent
!
ip http server
ip http secure-server
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit any
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip 78.86.333.0 0.0.15.255 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host XXX.XXX.0.67 eq domain host 78.86.222.222
access-list 101 permit udp host XXX.XXX.0.66 eq domain host 78.86.222.222
access-list 101 deny   ip 10.100.1.0 0.0.0.255 any
access-list 101 permit icmp any host 78.86.222.222 echo-reply
access-list 101 permit icmp any host 78.86.222.222 time-exceeded
access-list 101 permit icmp any host 78.86.222.222 unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any log
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
line aux 0
line vty 0 4
 login
!
scheduler allocate 20000 1000
end

Open in new window

0
Comment
Question by:m_carrington
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 7

Accepted Solution

by:
logic2 earned 500 total points
ID: 21826812
simple you need to configure NAT :)
you have the nat statements configured under the interfaces but the nat itself is not configured
try adding this config

ip nat inside source list 102 interface ATM0/1/0.1 overload
access-list 102 permit ip 10.100.1.0 0.0.0.255 any

try it and tell me the results
if it didnt work try removing ACL 100 and 101  from the interfaces
0
 

Author Closing Comment

by:m_carrington
ID: 31468960
Hey logic2 - nice one thanks.
Thought it was something along those lines but just couldn't get the exact sequence of commands right.
Cheers
Mike
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
Why do some people recommend buying business VoIP from an ISP? What are the benefits to my company? What are the costs?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question