no outbound traffic allowed from the LAN c1710 12.4

Unanswered Question
Jul 10th, 2007

For some strange reason, I don't have any connectivity from my LAN to the internet . My setup is this:

Cable modem ---> c1710(12.4 3a) ----> testPC. A packet capture on the test PC shows outbound DNS request but not reply , so does ICMP traffic. The PC can connect to the gateway , from where i run SDM. I think the firewall is blocking the traffic somehow but I couldn?t figure which ACL is the culprit. Through syslog, i can see inbound traffic from random scans on the Wan interface being denied. The WAN interface is also getting an IP from my ISP without any problem and DNS works great, at least on that interface. Any request from the LAN is getting blocked however. Any help will be appreciated. Thanks.

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

interface Ethernet0

no ip access-group 101 in

!

interface FastEthernet0

no ip access-group 100 in

no ip access-group 2 out

This will see you working no doubt.

at first glance, the acl 101 applied inbound on the external interface doesn't allow much in.

You can then re-add each line one at a time to determin which ACL is having the impact.

I'd honestly not bind and acl inbound and outbound on the internal interface.

awilson101 Wed, 07/11/2007 - 06:52

Thanks for the suggestions,Tim. unfortunately, re-adding the line didn't work. I've included a screeshot from my packet capture and some output from the router's console,in addtion to my newest configuration. thanks.

from the router console

*************************

ping mail.yahoo.com

Translating "mail.yahoo.com"...domain server (68.13.16.25) [OK]

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 209.191.92.114, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 36/41/44 ms

******************************************

how ip nat statistics

Total active translations: 0 (0 static, 0 dynamic; 0 extended)

Outside interfaces:

Ethernet0

Inside interfaces:

FastEthernet0

Hits: 0 Misses: 0

CEF Translated packets: 0, CEF Punted packets: 0

Expired translations: 0

Dynamic mappings:

-- Inside Source

[Id: 1] access-list 1 interface Ethernet0 refcount 0

Queued Packets: 0

Attachment: 

Actions

This Discussion