07-10-2007 03:29 PM - edited 03-11-2019 03:43 AM
For some strange reason, I don't have any connectivity from my LAN to the internet . My setup is this:
Cable modem ---> c1710(12.4 3a) ----> testPC. A packet capture on the test PC shows outbound DNS request but not reply , so does ICMP traffic. The PC can connect to the gateway , from where i run SDM. I think the firewall is blocking the traffic somehow but I couldn?t figure which ACL is the culprit. Through syslog, i can see inbound traffic from random scans on the Wan interface being denied. The WAN interface is also getting an IP from my ISP without any problem and DNS works great, at least on that interface. Any request from the LAN is getting blocked however. Any help will be appreciated. Thanks.
07-10-2007 09:06 PM
interface Ethernet0
no ip access-group 101 in
!
interface FastEthernet0
no ip access-group 100 in
no ip access-group 2 out
This will see you working no doubt.
at first glance, the acl 101 applied inbound on the external interface doesn't allow much in.
You can then re-add each line one at a time to determin which ACL is having the impact.
I'd honestly not bind and acl inbound and outbound on the internal interface.
07-11-2007 06:52 AM
Thanks for the suggestions,Tim. unfortunately, re-adding the line didn't work. I've included a screeshot from my packet capture and some output from the router's console,in addtion to my newest configuration. thanks.
from the router console
*************************
ping mail.yahoo.com
Translating "mail.yahoo.com"...domain server (68.13.16.25) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.191.92.114, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/41/44 ms
******************************************
how ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces:
Ethernet0
Inside interfaces:
FastEthernet0
Hits: 0 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 interface Ethernet0 refcount 0
Queued Packets: 0
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: