Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

cisco 881 cant access internet

hello friends ,

this is my confguration on cisco 881 . but i am not ablle to access internet from lan. please help me

------------------------

!version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

!

no aaa new-model

!

memory-size iomem 10

ip source-route

!

!

!

ip dhcp excluded-address 192.168.1.1

ip dhcp excluded-address 192.168.1.101 192.168.1.254

!

ip dhcp pool ccp-pool1

   network 192.168.1.0 255.255.255.0

   default-router 192.168.1.1

!

!

ip cef

ip name-server 202.56.230.5

ip name-server 202.56.240.5

no ipv6 cef

!

!

multilink bundle-name authenticated

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-2892003057

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2892003057

revocation-check none

!

!

crypto pki certificate chain TP-self-signed-2892003057

certificate self-signed 01

  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 32383932 30303330 3537301E 170D3131 31313135 31333239

  31365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 38393230

  30333035 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100C491 EB2DF86E 8AAE77FE D1BF83CB EA27482E 063698AF 6447EA33 97165939

  735DED52 C5A8399B 36C4EFB3 94A786CA 1EF0BEAD 2E1CA1A3 487F156C 00AD9FF6

  B8937945 D89DD507 5162AA85 62659A0C 95448616 327EC734 D6784399 AB28DAA2

  FDAE3CD0 EDDDE200 CEB80B08 FDD0A75D 71659E8F C75E38CB F7C4CB6B C2B4CE0A

  1E350203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

  551D2304 18301680 14697AB9 915AE51D 44CA72F5 A7839256 9AFA6E6F A2301D06

  03551D0E 04160414 697AB991 5AE51D44 CA72F5A7 8392569A FA6E6FA2 300D0609

  2A864886 F70D0101 04050003 81810065 2393B5D0 5936FC19 BDD48DDD 3E0586AA

  3FC389E4 03FB11D1 0BB8EE0B 2BA27563 AB09DAD1 2B2F176F 46AC26AB 31E2103F

  4233F064 A49A50CC 1E0E71A7 B84B339C DC1ACA28 5F45C9B4 7EE760C9 B4D12200

  3457614C 7463FD12 FF5B8925 14CEDEC1 099CE6E7 39800256 36F57643 0347464F

  DB9CCE85 956FC3F2 2F56BB20 99C97F

   quit

license udi pid CISCO881-SEC-K9 sn FGL151621L4

!

!

username credila privilege 15 password 0 credila123

!

!

!

class-map type inspect match-any ccp-cls-insp-traffic

match protocol dns

match protocol ftp

match protocol h323

match protocol https

match protocol icmp

match protocol imap

match protocol pop3

match protocol netshow

match protocol shell

match protocol realmedia

match protocol rtsp

match protocol smtp

match protocol sql-net

match protocol streamworks

match protocol tftp

match protocol vdolive

match protocol tcp

match protocol udp

class-map type inspect match-all ccp-insp-traffic

match class-map ccp-cls-insp-traffic

class-map type inspect match-all sdm-nat--1

match access-group 102

class-map type inspect match-all sdm-nat--2

match access-group 103

class-map type inspect match-any ccp-cls-icmp-access

match protocol icmp

match protocol tcp

match protocol udp

class-map type inspect match-all ccp-invalid-src

match access-group 100

class-map type inspect match-all ccp-icmp-access

match class-map ccp-cls-icmp-access

class-map type inspect match-all ccp-protocol-http

match protocol http

!

!

policy-map type inspect ccp-permit-icmpreply

class type inspect ccp-icmp-access

  inspect

class class-default

  pass

policy-map type inspect sdm-pol-NATOutsideToInside-1

class type inspect sdm-nat--1

  inspect

class type inspect sdm-nat--2

  inspect

class class-default

  drop

policy-map type inspect ccp-inspect

class type inspect ccp-invalid-src

  drop log

class type inspect ccp-protocol-http

  inspect

class type inspect ccp-insp-traffic

  inspect

class class-default

  drop

policy-map type inspect ccp-permit

class class-default

  drop

!

zone security out-zone

zone security in-zone

zone-pair security ccp-zp-self-out source self destination out-zone

service-policy type inspect ccp-permit-icmpreply

zone-pair security ccp-zp-in-out source in-zone destination out-zone

service-policy type inspect ccp-inspect

zone-pair security ccp-zp-out-self source out-zone destination self

service-policy type inspect ccp-permit

zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone

service-policy type inspect sdm-pol-NATOutsideToInside-1

!

!

!

!

interface Loopback0

no ip address

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

description $FW_OUTSIDE$$ES_WAN$

ip address 125.18.105.88 255.255.255.252

ip nat outside

ip virtual-reassembly in

zone-member security out-zone

duplex full

speed 100

!

interface Vlan1

description $FW_INSIDE$

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

zone-member security in-zone

!

ip default-gateway 125.18.105.87

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

!

!

ip nat inside source list 101 interface FastEthernet4 overload

ip nat inside source static 192.168.1.2 125.18.105.65

!

logging esm config

access-list 100 remark CCP_ACL Category=128

access-list 100 permit ip host 255.255.255.255 any

access-list 100 permit ip 127.0.0.0 0.255.255.255 any

access-list 100 permit ip 125.18.105.86 0.0.0.3 any

access-list 101 remark CCP_ACL Category=2

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 102 remark CCP_ACL Category=0

access-list 102 permit ip any host 192.168.1.1

access-list 103 remark CCP_ACL Category=0

access-list 103 permit ip any host 192.168.1.0

!

!

!

!

!

control-plane

!

1 REPLY
Purple

cisco 881 cant access internet

Hi,

delete this:

ip default-gateway 125.18.105.87

add this:

ip route 0.0.0.0 0.0.0.0 125.18.105.87

Regards.

Alain

Don't forget to rate helpful posts.
884
Views
0
Helpful
1
Replies
CreatePlease to create content