New DSL service - LAN can't get to Internet

iholdings · ‎11-18-2008

Cisco 871 - on static DSL

Router can ping gateway and Internet. LAN hosts can ping router LAN interface (gateway for LAN) and router WAN interface, but not DSL gateway or Internet. Router config attached

Giuseppe Larosa · ‎11-18-2008

Hello ILITCH,

in order to have NAT working I would add:

int vlan1

ip nat inside

int fas4

ip nat outside

to verify nat operation use:

sh ip nat translations

Hope to help

Giuseppe

iholdings · ‎11-18-2008

OK - did that. Still not working

interface FastEthernet4

description $ETH-WAN$

ip address x.x.x.x 255.255.255.248

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

!

interface Vlan1

description $FW_INSIDE$

ip address 192.168.17.1 255.255.255.0

ip access-group 103 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

zone-member security in-zone

ip route-cache flow

ip tcp adjust-mss 1412

Giuseppe Larosa · ‎11-18-2008

Hello,

you aren't usind Dialer0 anymore

remove the following

no ip nat inside source route-map Nonat interface Dialer0 overload

then to make ip inspect to work correctly you need

int fas4

zone-member security out-zone

this because the following is applied by you of by SDM in behalf of you:

zone-pair security sdm-zp-self-out source self destination out-zone

service-policy type inspect sdm-permit-icmpreply

zone-pair security sdm-zp-out-self source out-zone destination self

service-policy type inspect sdm-permit

zone-pair security sdm-zp-in-out source in-zone destination out-zone

service-policy type inspect sdm-inspect

zone-pair security OUT-to-IN source out-zone destination in-zone

service-policy type inspect VPN_TRAFFIC

!

Hope to help

Giuseppe