Cisco 2620 router config question.

Unanswered Question
Aug 26th, 2002
User Badges:

Could anyone please help me figure out why this configuration will not allow any connections to (An inside static NAT route).

Using 2869 out of 29688 bytes


version 12.2

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

no service password-encryption


hostname DMetalGW


logging rate-limit console 10 except errors

no logging console

enable secret ***********************************

enable password *********************************


memory-size iomem 15

ip subnet-zero

ip cef



no ip finger

ip name-server


ip inspect max-incomplete high 1100

ip inspect one-minute high 1100

ip inspect name fastethernet_0_1 tcp

ip inspect name fastethernet_0_1 udp

ip inspect name fastethernet_0_1 cuseeme

ip inspect name fastethernet_0_1 ftp

ip inspect name fastethernet_0_1 h323

ip inspect name fastethernet_0_1 rcmd

ip inspect name fastethernet_0_1 realaudio

ip inspect name fastethernet_0_1 streamworks

ip inspect name fastethernet_0_1 vdolive

ip inspect name fastethernet_0_1 sqlnet

ip inspect name fastethernet_0_1 tftp

ip inspect name ethernet_0 tcp

ip inspect name ethernet_0 udp

ip inspect name ethernet_0 cuseeme

ip inspect name ethernet_0 ftp

ip inspect name ethernet_0 h323

ip inspect name ethernet_0 rcmd

ip inspect name ethernet_0 realaudio

ip inspect name ethernet_0 streamworks

ip inspect name ethernet_0 vdolive

ip inspect name ethernet_0 sqlnet

ip inspect name ethernet_0 tftp

ip inspect name fastethernet_0_0 smtp

ip inspect name fastethernet_0_0 tcp

ip audit notify log

ip audit po max-events 100

no ip dhcp-client network-discovery




interface FastEthernet0/0

ip address

ip access-group 101 in

ip nat outside

ip nbar protocol-discovery

ip inspect fastethernet_0_0 in

speed 100



interface FastEthernet0/1

ip address

ip access-group 102 in

ip nat inside

ip nbar protocol-discovery

ip inspect fastethernet_0_1 in

duplex auto

speed auto


interface Ethernet1/0

ip address

ip access-group 103 in

ip nat inside

ip nbar protocol-discovery

ip inspect ethernet_0 in

no keepalive



ip nat inside source list 1 interface FastEthernet0/0 overload

ip nat inside source static

ip classless

ip route

ip http server

ip http port 3645


access-list 1 permit

access-list 101 permit tcp any host eq smtp

access-list 101 permit tcp any host eq www

access-list 101 permit tcp any host eq domain

access-list 101 permit tcp any host eq pop3

access-list 101 permit udp any host eq domain

access-list 101 permit tcp any host eq 10000

access-list 101 permit tcp any any established

access-list 102 permit ip any any

access-list 103 permit ip any any


line con 0

exec-timeout 0 0

transport input none

line aux 0

line vty 0 4

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Gilles Dufour Mon, 08/26/2002 - 07:16
User Badges:
  • Cisco Employee,

duplicate question. We'll continue the other thread and stop this one.


This Discussion