Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1451
Views
5
Helpful
4
Replies

Unable to access Internet behind Cisco 2811 Router

westernmotor
Level 1
Level 1

‎08-18-2010 11:48 AM - edited ‎03-04-2019 09:28 AM

We had a power outage last night, and since then, we've been unable to access the Internet from within the internal network (behind the 2811 series ). I can remote in from outside, so that means my NAT statements are working for port 3389. I can also access internal webmail site from public side. However, no Internet on the inside. I've attached the running-config if someone could point me in the right direction. I'm very stuck.

Thanks

Labels:
70714-running-config.txt.zip
0 Helpful
4 Replies 4

gatlin007
Level 4
Level 4

‎08-18-2010 11:57 AM

It looks like you may need to change the route-map in the following nat statement:


ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/1 overload


SDM_RMAP_1 will only nat if destined to 192.168.1.0/24


Change it to this:


ip nat inside source route-map SDM_RMAP_2 interface FastEthernet0/1 overload


This route map matches an ACL that permits all destinations.



Chris

0 Helpful

Atif Awan
Cisco Employee
Cisco Employee

‎08-18-2010 12:01 PM

Your NAT overload statement refers to route-map SDM_RMAP_1 which is using an ACL that will result in NAT of traffic from 10.4.167.0 to 192.168.1.0. A quick suggestion will be to take a look at this overload statement and possibly tra SDM_RMAP_2 instead of SDM_RMAP_1.

Atif

0 Helpful

kyukim
Cisco Employee
Cisco Employee

‎08-18-2010 12:07 PM

Hi,

I reviewed your config and found a problem.

ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/1 overload

route-map SDM_RMAP_1 permit 1

match ip address 104

access-list 104 remark SDM_ACL Category=2

access-list 104 remark IPSec Rule

access-list 104 permit ip 10.4.167.0 0.0.0.255 192.168.1.0 0.0.0.255

So, currently, only traffic matching ACL 104 is NAT translated and Internet traffic is not being translated.

You need to chang route-map SDM_RMAP_1 to match different ACL.

route-map SDM_RMAP_1 permit 1

no match ip address 104

no match ip address 109

access-list 109 deny ip 10.4.167.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 109 permit ip 10.4.167.0 0.0.0.255 any

KK.

0 Helpful

EPHRAIM MANI
Level 3
Level 3
In response to kyukim

‎08-18-2010 10:09 PM

I understand the correct Route-Map would be

route-map SDM_RMAP_1 permit 1
match ip address 105

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card