Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2174
Views
0
Helpful
1
Replies

How to configure CISCO Router as Internet gateway

dudz
Level 1
Level 1

‎08-31-2015 06:36 PM - edited ‎03-08-2019 01:35 AM

Hi,

 

I have problem with my configuration on my router my ISP provider just gave me the Public IP and i already configured it to my router and I can ping both outside (websites) and internal IP (local IP) but the problem is if I deployed it on my network  my client PC wont get thru to the internet.

Network:   10.21.93.27.36/29  

Netmask:   255.255.255.248 = 29 

Wildcard:  0.0.0.7     

Gateway:   10.21.93.27.37

IP range : 10.21.93.27.38   -  10.21.93.27.42

 

and below is my router config

 

interface FastEthernet0/0
 description INTERNET
 ip address 10.21.93.38 255.255.255.248
 ip access-group 100 out
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description LAN
 ip address 192.168.1.2 255.255.255.192
 ip access-group 100 in
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
ip default-gateway 10.21.93.37
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
ip route 192.168.1.0 255.255.255.0 FastEthernet0/1
ip route 192.168.2.0 255.255.255.0 FastEthernet0/1
!
!
no ip http server
no ip http secure-server
ip nat pool mypool 10.21.93.38  10.21.93.38  prefix-length 29
ip nat inside source list 100 interface FastEthernet0/0 overload
!
access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq www
access-list 100 permit tcp 192.168.2.0 0.0.0.255 any eq www
access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq telnet
access-list 100 permit icmp 192.168.1.0 0.0.0.255 any echo
snmp-server community public RO
!

thanks

dudz

 

Labels:
0 Helpful
1 Reply 1

Seb Rupik
VIP Alumni
VIP Alumni

‎09-01-2015 01:16 AM

Hi Dudz,

Looks like your access-group on fa0/0 will be dropping all your traffic. The packet path on IOS is:

*The inbound ACL of the input interface is applied
*The NAT inbound is applied
*The NAT outbound is applied
*The outbound ACL of the output interface is applied
*Advanced firewall inspection processing occurs
*The IP packet goes through the output interface  

 

If you want an ACL to be applied for outgoing NAT'd traffic then you'll need a new ACL which has a source address of the Inside-Global address (10.21.93.38).

To confirm this, add the following ACL entry:

!

ip access-list std 100

deny ip any any log

!

...check your logging to confirm is your internal network traffic is being dropped on fa0/0 .

 

cheers,

Seb.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card