can't get to Internet through 2811

tim.knitz · ‎09-25-2007

Can't get to Internet. Attached is the config. Please help.

Jon Marshall · ‎09-25-2007

Hi Tim

1) The following doesn't make sense. That access-list 100 is applied inbound from the internet. It says to allow icmp from any to any (probably not a good idea). More importantly it says to allow packets with a source address of 10.1.0.0 0.0.255.255 to any IP address. From the internet the source addresses would not be these.

GigabitEthernet0/0

description WAN

ip address 70.62.43.147 255.255.255.248

ip access-group DEFAULT100 in

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

access-list 100 permit ip 10.1.0.0 0.0.255.255 any

access-list 100 permit icmp any any

2) ip route 70.0.0.0 255.0.0.0 70.62.43.144

Change this to

ip route 0.0.0.0 0.0.0.0 70.62.43.144

3)

route-map SRV_OUT permit 10

match ip address 150

!

route-map NAT_OUT permit 10

match ip address 100

These don't seem to be used anywhere.

4) You have not setup nat properly. Do you just want to NAT all inside hosts to the public IP on the gi0/0 interface ?

If so you can use your access-list 100 here.

ip nat inside source list 100 interface gi0/0 overload

HTH

Jon

tim.knitz · ‎09-25-2007

I think I made all the changes you suggested (I'm new to this). I've re-attached config, but still can't ping routers external address from the outside, nor can I ping to the Internet using router as default gateway. What am I missing?

Thank you for your help.