cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1431
Views
5
Helpful
4
Replies

Unable to access Internet behind Cisco 2811 Router

westernmotor
Level 1
Level 1

We had a power outage last night, and since then, we've been unable to access the Internet from within the internal network (behind the 2811 series ). I can remote in from outside, so that means my NAT statements are working for port 3389. I can also access internal webmail site from public side. However, no Internet on the inside. I've attached the running-config if someone could point me in the right direction. I'm very stuck.

Thanks

4 Replies 4

gatlin007
Level 4
Level 4

It looks like you may need to change the route-map in the following nat statement:


ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/1 overload


SDM_RMAP_1 will only nat if destined to 192.168.1.0/24


Change it to this:


ip nat inside source route-map SDM_RMAP_2 interface FastEthernet0/1 overload


This route map matches an ACL that permits all destinations.



Chris

Atif Awan
Cisco Employee
Cisco Employee

Your NAT overload statement refers to route-map SDM_RMAP_1 which is using an ACL that will result in NAT of traffic from 10.4.167.0 to 192.168.1.0. A quick suggestion will be to take a look at this overload statement and possibly tra SDM_RMAP_2 instead of SDM_RMAP_1.

Atif

kyukim
Cisco Employee
Cisco Employee

Hi,

I reviewed your config and found a problem.

ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/1 overload

route-map SDM_RMAP_1 permit 1

match ip address 104

access-list 104 remark SDM_ACL Category=2

access-list 104 remark IPSec Rule

access-list 104 permit ip 10.4.167.0 0.0.0.255 192.168.1.0 0.0.0.255

So, currently, only traffic matching ACL 104 is NAT translated and Internet traffic is not being translated.

You need to chang route-map SDM_RMAP_1 to match different ACL.

route-map SDM_RMAP_1 permit 1

no match ip address 104

no match ip address 109

access-list 109 deny ip 10.4.167.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 109 permit ip 10.4.167.0 0.0.0.255 any

KK.

I understand the correct Route-Map would be

route-map SDM_RMAP_1 permit 1
match ip address 105

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: