Unable to access Internet behind Cisco 2811 Router

Unanswered Question
Aug 18th, 2010
User Badges:

We had a power outage last night, and since then, we've been unable to access the Internet from within the internal network (behind the 2811 series ). I can remote in from outside, so that means my NAT statements are working for port 3389. I can also access internal webmail site from public side. However, no Internet on the inside. I've attached the running-config if someone could point me in the right direction. I'm very stuck.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
gatlin007 Wed, 08/18/2010 - 11:57
User Badges:
  • Silver, 250 points or more

It looks like you may need to change the route-map in the following nat statement:

ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/1 overload

SDM_RMAP_1 will only nat if destined to

Change it to this:

ip nat inside source route-map SDM_RMAP_2 interface FastEthernet0/1 overload

This route map matches an ACL that permits all destinations.


Atif Awan Wed, 08/18/2010 - 12:01
User Badges:
  • Cisco Employee,

Your NAT overload statement refers to route-map SDM_RMAP_1 which is using an ACL that will result in NAT of traffic from to A quick suggestion will be to take a look at this overload statement and possibly tra SDM_RMAP_2 instead of SDM_RMAP_1.


kyukim Wed, 08/18/2010 - 12:07
User Badges:
  • Cisco Employee,


I reviewed your config and found a problem.

ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/1 overload

route-map SDM_RMAP_1 permit 1

match ip address 104

access-list 104 remark SDM_ACL Category=2

access-list 104 remark IPSec Rule

access-list 104 permit ip

So, currently, only traffic matching ACL 104 is NAT translated and Internet traffic is not being translated.

You need to chang route-map SDM_RMAP_1 to match different ACL.

route-map SDM_RMAP_1 permit 1

no match ip address 104

no match ip address 109

access-list 109 deny ip

access-list 109 permit ip any


EPHRAIM MANI Wed, 08/18/2010 - 22:09
User Badges:
  • Bronze, 100 points or more

I understand the correct Route-Map would be

route-map SDM_RMAP_1 permit 1
match ip address 105


This Discussion