Newbie having issues connecting to Internet

Unanswered Question
Jan 16th, 2010

Hello everyone i am new to Cisco and just started studying for my CCNA. I have a 1751v router and a 2924xl switch. I have the LAN setup correctly but for some reason the WAN on my router will not connect. I have it set up on DHCP from my ISP which it will get a IP address but for some reason i can not access the internet. I have been working on this for hours can someone help me out and point me in the right direction. Here is a copy of my start-running config. Username and password and ip domain name have been deleted for personal reasons.

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Cisco1751v

!

boot-start-marker

boot-end-marker

!

enable password

!

username   password 0

memory-size iomem 15

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

!

!

ip domain name

ip name-server 192.168.10.5

ip name-server 192.168.10.1

ip dhcp excluded-address 192.168.10.1 192.168.10.10

!

ip dhcp pool HOME

import all

network 192.168.10.0 255.255.255.0

default-router 192.168.10.1

dns-server 68.87.64.150 68.87.75.198

!

ip cef

ip inspect name SDM_LOW cuseeme

ip inspect name SDM_LOW ftp

ip inspect name SDM_LOW h323

ip inspect name SDM_LOW icmp

ip inspect name SDM_LOW netshow

ip inspect name SDM_LOW rcmd

ip inspect name SDM_LOW realaudio

ip inspect name SDM_LOW rtsp

ip inspect name SDM_LOW sqlnet

ip inspect name SDM_LOW streamworks

ip inspect name SDM_LOW tftp

ip inspect name SDM_LOW tcp

ip inspect name SDM_LOW udp

ip inspect name SDM_LOW vdolive

ip audit po max-events 100

no ftp-server write-enable

!

!

!

!

!

!

!

interface Ethernet0/0

description $FW_OUTSIDE$

ip address dhcp

ip access-group 102 in

ip nat outside

ip inspect SDM_LOW out

half-duplex

!

interface FastEthernet0/0

description $FW_INSIDE$

ip address 192.168.10.6 255.255.255.0

ip access-group 100 in

ip nat inside

speed auto

!

router rip

passive-interface Ethernet0/0

network 174.55.0.0

network 192.168.10.0

!

ip nat inside source list 101 interface FastEthernet0/0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Ethernet0/0

no ip http server

ip http secure-server

!

!

access-list 100 remark auto generated by SDM firewall configuration

access-list 100 remark SDM_ACL Category=1

access-list 100 deny ip host 255.255.255.255 any

access-list 100 deny ip 127.0.0.0 0.255.255.255 any

access-list 100 permit ip any any

access-list 101 permit ip 192.168.10.0 0.0.0.255 any

access-list 102 remark auto generated by SDM firewall configuration

access-list 102 remark SDM_ACL Category=1

access-list 102 deny ip 192.168.10.0 0.0.0.255 any

access-list 102 permit udp any eq bootps any eq bootpc

access-list 102 permit icmp any any echo-reply

access-list 102 permit icmp any any time-exceeded

access-list 102 permit icmp any any unreachable

access-list 102 deny ip 10.0.0.0 0.255.255.255 any

access-list 102 deny ip 172.16.0.0 0.15.255.255 any

access-list 102 deny ip 192.168.0.0 0.0.255.255 any

access-list 102 deny ip 127.0.0.0 0.255.255.255 any

access-list 102 deny ip host 255.255.255.255 any

access-list 102 deny ip any any log

!

!

line con 0

line aux 0

line vty 0 4

login local

transport input telnet ssh

line vty 5 15

login local

transport input telnet ssh

!

end

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
lusandi Sat, 01/16/2010 - 14:18

Hello,

I hope you are doing great,

I would like to confirm whit you the ACL 102

access-list 102 remark auto generated by SDM firewall configuration

access-list 102 remark SDM_ACL Category=1

access-list 102 deny ip 192.168.10.0 0.0.0.255 any

access-list 102 permit udp any eq bootps any eq bootpc

access-list 102 permit icmp any any echo-reply

access-list 102 permit icmp any any time-exceeded

access-list 102 permit icmp any any unreachable

access-list 102 deny ip 10.0.0.0 0.255.255.255 any

access-list 102 deny ip 172.16.0.0 0.15.255.255 any

access-list 102 deny ip 192.168.0.0 0.0.255.255 any

access-list 102 deny ip 127.0.0.0 0.255.255.255 any

access-list 102 deny ip host 255.255.255.255 any

access-list 102 deny ip any any log

interface Ethernet0/0

description $FW_OUTSIDE$

ip address dhcp

ip access-group 102 in

ip nat outside

ip inspect SDM_LOW out

half-duplex

First of all, I would like to ask you if you can change the duplex speed, on your configuration in order to avoid problems.

after that in order to make a secure conection whit the internet, and to allow u connectivity you can change your accesslist to just permite sessions whit the "eq" enable at the end of the access list, and that will be only accept connections if they were created from your lan, like this

permit ip host 192.168.0.0 0.0.0.255 any eq 

The problem is that the access list that you have for inbound traffic does not allow the IP packets to pass to your network, since the ACL have the implicit deny at the end.

If you have any other questions please let me know.

Thanks,

Ganesh Hariharan Sat, 01/16/2010 - 21:05

Hi Todd,

Seems to you need to change some configuration in your router as your nat source list is overloaded to inside inteface it should be binded with the outside interface.

ip nat inside source list 101 interface FastEthernet0/0 overload

ip nat inside source list 101 interface Ethernet0/0 overload

Hope that clear out your query !!

Regards

Ganesh.H

mlund Mon, 01/18/2010 - 01:04

Hi

As already stated by Ganesh, you have to change the overload to be done on the outside interface Ethernet 0/0.

Also your dhcp pool have default-router 192.168.10.1. But the Fastethernet interface (inside) have 192.168.10.6.

This must be corrected to get it working, they must be the same.

/Mikael

Actions

This Discussion

Related Content