Unable to access Internet behind Cisco 2811 Router

Unanswered Question
Aug 18th, 2010

We had a power outage last night, and since then, we've been unable to access the Internet from within the internal network (behind the 2811 series ). I can remote in from outside, so that means my NAT statements are working for port 3389. I can also access internal webmail site from public side. However, no Internet on the inside. I've attached the running-config if someone could point me in the right direction. I'm very stuck.

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
gatlin007 Wed, 08/18/2010 - 11:57

It looks like you may need to change the route-map in the following nat statement:


ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/1 overload


SDM_RMAP_1 will only nat if destined to 192.168.1.0/24


Change it to this:


ip nat inside source route-map SDM_RMAP_2 interface FastEthernet0/1 overload


This route map matches an ACL that permits all destinations.



Chris

Atif Awan Wed, 08/18/2010 - 12:01

Your NAT overload statement refers to route-map SDM_RMAP_1 which is using an ACL that will result in NAT of traffic from 10.4.167.0 to 192.168.1.0. A quick suggestion will be to take a look at this overload statement and possibly tra SDM_RMAP_2 instead of SDM_RMAP_1.

Atif

kyukim Wed, 08/18/2010 - 12:07

Hi,

I reviewed your config and found a problem.

ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/1 overload

route-map SDM_RMAP_1 permit 1

match ip address 104

access-list 104 remark SDM_ACL Category=2

access-list 104 remark IPSec Rule

access-list 104 permit ip 10.4.167.0 0.0.0.255 192.168.1.0 0.0.0.255

So, currently, only traffic matching ACL 104 is NAT translated and Internet traffic is not being translated.

You need to chang route-map SDM_RMAP_1 to match different ACL.

route-map SDM_RMAP_1 permit 1

no match ip address 104

no match ip address 109

access-list 109 deny ip 10.4.167.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 109 permit ip 10.4.167.0 0.0.0.255 any

KK.

EPHRAIM MANI Wed, 08/18/2010 - 22:09

I understand the correct Route-Map would be

route-map SDM_RMAP_1 permit 1
match ip address 105

Actions

This Discussion