Jon Marshall Tue, 09/25/2007 - 08:34
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Tim



1) The following doesn't make sense. That access-list 100 is applied inbound from the internet. It says to allow icmp from any to any (probably not a good idea). More importantly it says to allow packets with a source address of 10.1.0.0 0.0.255.255 to any IP address. From the internet the source addresses would not be these.


GigabitEthernet0/0

description WAN

ip address 70.62.43.147 255.255.255.248

ip access-group DEFAULT100 in

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!


access-list 100 permit ip 10.1.0.0 0.0.255.255 any

access-list 100 permit icmp any any


2) ip route 70.0.0.0 255.0.0.0 70.62.43.144


Change this to


ip route 0.0.0.0 0.0.0.0 70.62.43.144


3)


route-map SRV_OUT permit 10

match ip address 150

!

route-map NAT_OUT permit 10

match ip address 100


These don't seem to be used anywhere.


4) You have not setup nat properly. Do you just want to NAT all inside hosts to the public IP on the gi0/0 interface ?


If so you can use your access-list 100 here.


ip nat inside source list 100 interface gi0/0 overload


HTH


Jon

tim.knitz Tue, 09/25/2007 - 10:53
User Badges:

I think I made all the changes you suggested (I'm new to this). I've re-attached config, but still can't ping routers external address from the outside, nor can I ping to the Internet using router as default gateway. What am I missing?


Thank you for your help.



Attachment: 

Actions

This Discussion