Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

no outbound traffic allowed from the LAN c1710 12.4

For some strange reason, I don't have any connectivity from my LAN to the internet . My setup is this:

Cable modem ---> c1710(12.4 3a) ----> testPC. A packet capture on the test PC shows outbound DNS request but not reply , so does ICMP traffic. The PC can connect to the gateway , from where i run SDM. I think the firewall is blocking the traffic somehow but I couldn?t figure which ACL is the culprit. Through syslog, i can see inbound traffic from random scans on the Wan interface being denied. The WAN interface is also getting an IP from my ISP without any problem and DNS works great, at least on that interface. Any request from the LAN is getting blocked however. Any help will be appreciated. Thanks.

2 REPLIES
New Member

Re: no outbound traffic allowed from the LAN c1710 12.4

interface Ethernet0

no ip access-group 101 in

!

interface FastEthernet0

no ip access-group 100 in

no ip access-group 2 out

This will see you working no doubt.

at first glance, the acl 101 applied inbound on the external interface doesn't allow much in.

You can then re-add each line one at a time to determin which ACL is having the impact.

I'd honestly not bind and acl inbound and outbound on the internal interface.

New Member

Re: no outbound traffic allowed from the LAN c1710 12.4

Thanks for the suggestions,Tim. unfortunately, re-adding the line didn't work. I've included a screeshot from my packet capture and some output from the router's console,in addtion to my newest configuration. thanks.

from the router console

*************************

ping mail.yahoo.com

Translating "mail.yahoo.com"...domain server (68.13.16.25) [OK]

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 209.191.92.114, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 36/41/44 ms

******************************************

how ip nat statistics

Total active translations: 0 (0 static, 0 dynamic; 0 extended)

Outside interfaces:

Ethernet0

Inside interfaces:

FastEthernet0

Hits: 0 Misses: 0

CEF Translated packets: 0, CEF Punted packets: 0

Expired translations: 0

Dynamic mappings:

-- Inside Source

[Id: 1] access-list 1 interface Ethernet0 refcount 0

Queued Packets: 0

437
Views
0
Helpful
2
Replies