cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
654
Views
0
Helpful
2
Replies

no outbound traffic allowed from the LAN c1710 12.4

awilson101
Level 1
Level 1

For some strange reason, I don't have any connectivity from my LAN to the internet . My setup is this:

Cable modem ---> c1710(12.4 3a) ----> testPC. A packet capture on the test PC shows outbound DNS request but not reply , so does ICMP traffic. The PC can connect to the gateway , from where i run SDM. I think the firewall is blocking the traffic somehow but I couldn?t figure which ACL is the culprit. Through syslog, i can see inbound traffic from random scans on the Wan interface being denied. The WAN interface is also getting an IP from my ISP without any problem and DNS works great, at least on that interface. Any request from the LAN is getting blocked however. Any help will be appreciated. Thanks.

2 Replies 2

timkaye
Level 1
Level 1

interface Ethernet0

no ip access-group 101 in

!

interface FastEthernet0

no ip access-group 100 in

no ip access-group 2 out

This will see you working no doubt.

at first glance, the acl 101 applied inbound on the external interface doesn't allow much in.

You can then re-add each line one at a time to determin which ACL is having the impact.

I'd honestly not bind and acl inbound and outbound on the internal interface.

Thanks for the suggestions,Tim. unfortunately, re-adding the line didn't work. I've included a screeshot from my packet capture and some output from the router's console,in addtion to my newest configuration. thanks.

from the router console

*************************

ping mail.yahoo.com

Translating "mail.yahoo.com"...domain server (68.13.16.25) [OK]

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 209.191.92.114, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 36/41/44 ms

******************************************

how ip nat statistics

Total active translations: 0 (0 static, 0 dynamic; 0 extended)

Outside interfaces:

Ethernet0

Inside interfaces:

FastEthernet0

Hits: 0 Misses: 0

CEF Translated packets: 0, CEF Punted packets: 0

Expired translations: 0

Dynamic mappings:

-- Inside Source

[Id: 1] access-list 1 interface Ethernet0 refcount 0

Queued Packets: 0

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: