Jon Marshall Tue, 09/25/2007 - 08:34
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Tim

1) The following doesn't make sense. That access-list 100 is applied inbound from the internet. It says to allow icmp from any to any (probably not a good idea). More importantly it says to allow packets with a source address of to any IP address. From the internet the source addresses would not be these.


description WAN

ip address

ip access-group DEFAULT100 in

ip nat outside

ip virtual-reassembly

duplex auto

speed auto


access-list 100 permit ip any

access-list 100 permit icmp any any

2) ip route

Change this to

ip route


route-map SRV_OUT permit 10

match ip address 150


route-map NAT_OUT permit 10

match ip address 100

These don't seem to be used anywhere.

4) You have not setup nat properly. Do you just want to NAT all inside hosts to the public IP on the gi0/0 interface ?

If so you can use your access-list 100 here.

ip nat inside source list 100 interface gi0/0 overload



tim.knitz Tue, 09/25/2007 - 10:53
User Badges:

I think I made all the changes you suggested (I'm new to this). I've re-attached config, but still can't ping routers external address from the outside, nor can I ping to the Internet using router as default gateway. What am I missing?

Thank you for your help.



This Discussion