Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 428
  • Last Modified:

cisco 3925E can't access Ineternet from Gigabyte internal interface

Verizon setting up new Dedicated Ethernet line. I have HWIC two port card that I purchase to connect to WAN point to point.  They provided me with testing IP's and also with sample configuration that I have worked with.
Issue is that I am unable to access anything from secure interface GB0/0 to public FE0/0/0.
Router itself has no issues, I can ping, resolve remotely any address. This is done from console.

Here is the config.

ersion 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname sentinel
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
!
crypto pki trustpoint TP-self-signed-1597241955
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1597241955
 revocation-check none
 rsakeypair TP-self-signed-1597241955
!
!
crypto pki certificate chain TP-self-signed-1597241955
 certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
ip cef
!
!
!
ip dhcp excluded-address 192.100.100.254
!
ip dhcp pool ccp-pool
 import all
 network 192.100.100.0 255.255.255.0
 default-router 192.100.100.254
 lease 0 2
!
!
!
ip domain name yourdomain.com
ip name-server 198.6.100.125
ip name-server 198.6.1.60
ip inspect name KAY_INSPECT dns
ip inspect name KAY_INSPECT ftp
ip inspect name KAY_INSPECT h323
ip inspect name KAY_INSPECT https
ip inspect name KAY_INSPECT icmp
ip inspect name KAY_INSPECT imap
ip inspect name KAY_INSPECT pop3
ip inspect name KAY_INSPECT netshow
ip inspect name KAY_INSPECT rcmd
ip inspect name KAY_INSPECT realaudio
ip inspect name KAY_INSPECT rtsp
ip inspect name KAY_INSPECT sqlnet
ip inspect name KAY_INSPECT streamworks
ip inspect name KAY_INSPECT tftp
ip inspect name KAY_INSPECT tcp
ip inspect name KAY_INSPECT udp timeout 240
ip inspect name KAY_INSPECT vdolive
ip inspect name FTP ftp
ip ips deny-action ips-interface
ip ips notify SDEE
no ipv6 cef
!
multilink bundle-name authenticated
!
!
license udi pid C3900-SPE100/K9 sn FOC17380S37
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 65.222.147.85 255.255.255.252
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description INT_LAN
 ip address 192.100.100.254 255.255.255.0
 ip access-group 100 in
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/0/0
 description WAN
 no ip address
 ip access-group 101 in
 no ip redirects
 ip nat outside
 ip inspect FTP in
 ip inspect KAY_INSPECT out
 ip virtual-reassembly in
 duplex full
 speed 100
!
interface FastEthernet0/0/0.1
 encapsulation dot1Q 29
 ip address 152.179.172.194 255.255.255.252
!
interface FastEthernet0/0/1
 no ip address
 duplex auto
 speed auto
!
router rip
 version 2
 redistribute static
 redistribute odr
 network 192.100.100.0
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat pool POOL_NAT 65.222.147.85 65.222.147.85 netmask 255.255.255.252
ip nat inside source list 102 pool POOL_NAT overload
ip route 0.0.0.0 0.0.0.0 152.179.172.193
!
access-list 100 remark Inside-Out
access-list 100 deny   ip 152.179.172.192 0.0.0.3 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark Outside-In
access-list 101 permit tcp any host 152.179.172.194 eq telnet
access-list 101 permit udp any host 152.179.172.194 eq non500-isakmp
access-list 101 permit udp any host 152.179.172.194 eq isakmp
access-list 101 permit esp any host 152.179.172.194
access-list 101 permit ahp any host 152.179.172.194
access-list 101 deny   ip 192.100.100.0 0.0.0.255 any
access-list 101 permit icmp any host 152.179.172.194 echo-reply
access-list 101 permit icmp any host 152.179.172.194 time-exceeded
access-list 101 permit icmp any host 152.179.172.194 unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 102 deny   ip 192.100.100.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 102 permit ip 192.100.100.0 0.0.0.255 any
access-list 102 permit ip 192.168.0.0 0.0.255.255 any
!
!
!
control-plane
!
!
!
line con 0
 login local
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
0
dtech39
Asked:
dtech39
1 Solution
 
TimotiStDatacenter TechnicianCommented:
For starters, I'd say put the
ip nat outside

Open in new window

statement under interface FastEthernet0/0/0.1, not the physical interface.

Do you own the 192.100.100.0/24 network? If not, you'll want to consider moving to a subnet under 192.168.0.0/16. (Based on a simple lookup, 192.100.100 belongs to the US DoD, but I might be wrong.)

Tamas
0
 
dtech39Author Commented:
OMG you are master!!! I been working on this two days and thought the physical Interface is that you set this on . Thank you very much.

Well I do not own that subnet it is used within company as internal so that's why.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now