My name is Paul and I work as a Junior Network Engineer for a small company based in South London. I have been tasked with adding a NATed subnet to our internal LAN (for testing purposes) which I have managed to achieve but I have run into a roadblock when trying to establish communications to the internet. From the NATed subnet, I can ping out to our office LAN and the ping reaches our Firewall (default gateway), but I am unable to go past that. For instance I am unable to ping to the google dns server (220.127.116.11) and from the server based on the NATed LAN, I cannot reach the web via Internet Explorer. I can ping all units in our office LAN from the NATed subnet with no issues. Would it be neccessary to configure port forwarding for http and ICMP to communicate with anything on the internet? Apolgies if this question sounds very simplistic - I am a bit of a networking noob so any advice would be greatly appreciated. Ps The router I have added internally is a Cisco 877. I can also post the configuration applied to the 877 if necessary.
Thanks for your reply - sorry I have taken so long to respond, I was tasked with asnother project and have only just been able to return to this. the config of the 877 is as follows:
Router>en Router#show run Building configuration...
Current configuration : 3105 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! ! no aaa new-model ! crypto pki trustpoint TP-self-signed-2633516328 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-2633516328 revocation-check none rsakeypair TP-self-signed-2633516328 ! ! crypto pki certificate chain TP-self-signed-2633516328 certificate self-signed 01 3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 32363333 35313633 3238301E 170D3032 30333031 30363530 34395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 36333335 31363332 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 81008940 7EB4F252 2A2D0051 79EF5CAC 1BE0B269 2E9E6D98 EEFFF523 4B757AA5 08DC45FE B14D83E0 6F9EFE30 D233A93D 86C2490F DCFED0EB 7B8E0A6E 0DC8B1CB 01F2BE72 C11CAB28 1378E6DC 63BB2685 68334B17 0091108F 0C54D3F2 51F7C526 8DF829B7 D0AFCABD 0A446393 6FB7A536 158D0E65 BEF62F01 25BEBDA1 352B6687 8D190203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603 551D1104 0A300882 06526F75 74657230 1F060355 1D230418 30168014 D1A22543 81BBEE36 754E0914 1BC44D0B BB049C5C 301D0603 551D0E04 160414D1 A2254381 BBEE3675 4E09141B C44D0BBB 049C5C30 0D06092A 864886F7 0D010104 05000381 81007B59 03F96B8A 8A7EB5CB 36B4FB58 8131DE75 BCF08EC0 C40728F9 3BA29F64 BFAFEA4A 0EBF7189 88F06E27 8D2CCF6B A91C71D0 3224D80A 476F1949 E9590FA1 21E6A94B 306C4003 9AB78A2A 1E0B0BFF BAAFB516 51D7C394 20458AD7 5C438781 64EFC576 916D9F1D 79CE2FB6 5CDE4253 66D97E6A 9F7DBC98 6270BF2D DE3A4F59 58C0 quit dot11 syslog ip cef ! ! ! ! ! multilink bundle-name authenticated ! ! ! no spanning-tree vlan 1 username ******** password 0 ********* ! ! archive log config hidekeys ! ! ! ! ! interface ATM0 no ip address shutdown no atm ilmi-keepalive dsl operating-mode auto ! interface FastEthernet0 switchport access vlan 2 ! interface FastEthernet1 ! interface FastEthernet2 switchport access vlan 2 ! interface FastEthernet3 ! interface Vlan1 ip address 172.16.0.104 255.255.255.0 ip nat outside ip virtual-reassembly ! interface Vlan2 ip address 10.2.122.1 255.255.255.128 ip nat inside ip virtual-reassembly ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Vlan1 ! ! ip http server ip http secure-server ip nat inside source route-map ROUTE-MAP1 interface Vlan1 overload ! access-list 100 remark IPSec Tunnel Rule access-list 100 permit ip 10.2.122.0 0.0.0.127 172.16.0.0 0.0.0.255 access-list 100 permit ip 10.2.122.0 0.0.0.127 192.168.2.0 0.0.0.15 access-list 101 deny ip 10.2.122.0 0.0.0.127 192.168.2.0 0.0.0.15 access-list 101 permit ip 10.2.122.0 0.0.0.127 any ! ! ! route-map ROUTE-MAP1 permit 10 match ip address 101 ! ! control-plane ! ! line con 0 no modem enable line aux 0 line vty 0 4 login ! scheduler max-task-time 5000 end
Since my last post I have discovered that we are unable to ping outside through our firewall (this is the way that the Firewall has been configured) but we but am still unable to get internet access through a web browser.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...