We help IT Professionals succeed at work.
Get Started

Cisco 1811 with 2 vlans, 1 vlan cannot access wan

williaj2
williaj2 asked
on
1,440 Views
Last Modified: 2012-06-22
Have Cisco 1811 router with 2 vlans
vlan10 yourcompanynamehere
vlan20 guest

Vlan10 works with no problems
vlan20 can ping the wan (f0) address but not the wan gateway.

any ideas? oh wise ones!!

since its so late I'm maxing the points. I here a bed calling ZZZZZZZZZZZZZZZZZZZ

version 12.3
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname MY1811
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical

clock timezone PCTime -8
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa session-id common
ip subnet-zero
no ip source-route
!
!
ip cef
ip dhcp excluded-address 192.168.0.11 192.168.0.254
ip dhcp excluded-address X.X.X.150 X.X.X.254
!
ip dhcp pool younamehere
   import all
   network X.X.X.0 255.255.255.0
   dns-server 4.2.2.1 4.2.2.2
   default-router X.X.X.253
!
ip dhcp pool Guest
   import all
   network 192.168.0.0 255.255.255.0
   dns-server 4.2.2.1 4.2.2.2
   default-router 192.168.0.254
   lease 0 4
!
!
ip tcp synwait-time 10
ip name-server 4.2.2.1
ip name-server 4.2.2.2
!
!
!
!
class-map match-any RESTRICTED
description Guest Vlan bandwidth control
 match access-group 101
!
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp xauth timeout 15

!
crypto isakmp client configuration group VPNClient
 key yea right, like i leave the real key here.
 dns 4.2.2.1 4.2.2.2
 pool SDM_POOL_1
 acl 100
 include-local-lan
 netmask 255.255.255.0
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
 set transform-set ESP-3DES-SHA
 reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list ciscocp_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list ciscocp_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
interface FastEthernet0
 description $ETH-LAN$
 ip address X.X.X.26 X.X.X.X
 ip mask-reply
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 ip route-cache flow
 speed 100
 full-duplex
 no cdp enable
 crypto map SDM_CMAP_1
!
interface FastEthernet3
 switchport access vlan 10
 no ip address
!
interface FastEthernet9
 switchport access vlan 20
 no ip address
 random-detect
 no cdp enable
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1452
 shutdown
!
interface Vlan10
 ip address X.X.X.253 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip flow egress
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1452
!
interface Vlan20
 description Guest
 ip address 192.168.0.254 255.255.255.0
 ip flow ingress
 ip flow egress
 ip nat inside
 ip virtual-reassembly
!
interface Async1
 no ip address
!
ip local pool SDM_POOL_1 192.168.15.1 192.168.15.15
ip classless
ip route 0.0.0.0 0.0.0.0 X.X.X25
ip route X.X.X.X 255.255.255.0 X.X.X.238
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source static tcp X.X.X.221 59002 interface FastEthernet0 59002
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0 overload
!
logging trap debugging
access-list 1 remark CCP_ACL Category=16
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 2 permit 192.0.0.0 0.255.255.255
access-list 100 remark CCP_ACL Category=4
access-list 100 permit ip 10.0.0.0 0.255.255.255 any
access-list 101 permit tcp any host X.X.X.221 eq 59002
access-list 101 permit ip any any
access-list 102 remark CCP_ACL Category=2
access-list 102 deny   ip 10.0.0.0 0.255.255.255 host 192.168.15.1
access-list 102 deny   ip 10.0.0.0 0.255.255.255 host 192.168.15.2
access-list 102 deny   ip 10.0.0.0 0.255.255.255 host 192.168.15.3
access-list 102 deny   ip 10.0.0.0 0.255.255.255 host 192.168.15.4
access-list 102 deny   ip 10.0.0.0 0.255.255.255 host 192.168.15.5
access-list 102 deny   ip 10.0.0.0 0.255.255.255 host 192.168.15.6
access-list 102 deny   ip 10.0.0.0 0.255.255.255 host 192.168.15.7
access-list 102 deny   ip 10.0.0.0 0.255.255.255 host 192.168.15.8
access-list 102 deny   ip 10.0.0.0 0.255.255.255 host 192.168.15.9
access-list 102 deny   ip 10.0.0.0 0.255.255.255 host 192.168.15.10
access-list 102 deny   ip 10.0.0.0 0.255.255.255 host 192.168.15.11
access-list 102 deny   ip 10.0.0.0 0.255.255.255 host 192.168.15.12
access-list 102 deny   ip 10.0.0.0 0.255.255.255 host 192.168.15.13
access-list 102 deny   ip 10.0.0.0 0.255.255.255 host 192.168.15.14
access-list 102 deny   ip 10.0.0.0 0.255.255.255 host 192.168.15.15
access-list 102 permit ip 10.0.0.0 0.255.255.255 any
!
route-map SDM_RMAP_1 permit 1
 match ip address 102
!
!
!
!
control-plane
!

Open in new window

Comment
Watch Question
Network and Security consultant
Commented:
This problem has been solved!
Unlock 1 Answer and 12 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE