Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

1921 No Internet from LAN

Hi Everyone,

I'm a first time poster so I'll apologies in advance for any mistakes I might make!

We recently purchased a 1921 to replace our 871 because the bandwidth on our leased line has been upgraded beyond its capabilities.

I thought I could get away with copying the config (with a few edits obviously). While I can ping Internet IPs from the console I can't from the LAN. I suspected an ACL problem and found replecated entries in NAT, INSIDE and VPN, but removing them has had no effect. The 871 was running V12.4, the 1921 has  V15.2 so I'm guessing that a command has changed or been introduced that I don't know about.  I can also get telnet access from outside and inside.

I've attached the config, and to preempt the obvious comment I'm aware that we shouldn't be using the LAN range that we are, it's something I inherited and has been deemed "more trouble than it's worth" to change. Also the config is quite old and while I understand the basics I'm sure there will be stuff that could be improved. Any pointers would be most gratefully received.

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions

1921 No Internet from LAN

There are a couple of things to correct-

Your NAT's are on the wrong interface-

ip nat inside source list NAT interface GigabitEthernet0/1 overload

ip nat inside source static tcp 192.192.192.3 25 interface GigabitEthernet0/1 25

ip nat inside source static tcp 192.192.192.3 110 interface GigabitEthernet0/1 110

ip nat inside source static tcp 192.192.192.3 2525 interface GigabitEthernet0/1 2525

ip nat inside source static tcp 192.192.192.3 80 interface GigabitEthernet0/1 80

ip nat inside source static tcp 192.192.192.3 443 interface GigabitEthernet0/1 443

ip nat inside source static tcp 192.192.192.16 5900 interface GigabitEthernet0/1 5900

ip nat inside source static udp 192.192.192.16 5900 interface GigabitEthernet0/1 5900

ip nat inside source static tcp 192.192.192.3 3389 interface GigabitEthernet0/1 4000

They should be-

ip nat inside source list NAT interface GigabitEthernet0/0 overload

ip nat inside source static tcp 192.192.192.3 25 interface GigabitEthernet0/0 25

ip nat inside source static tcp 192.192.192.3 110 interface GigabitEthernet0/0 110

ip nat inside source static tcp 192.192.192.3 2525 interface GigabitEthernet0/0 2525

ip nat inside source static tcp 192.192.192.3 80 interface GigabitEthernet0/0 80

ip nat inside source static tcp 192.192.192.3 443 interface GigabitEthernet0/0 443

ip nat inside source static tcp 192.192.192.16 5900 interface GigabitEthernet0/0 5900

ip nat inside source static udp 192.192.192.16 5900 interface GigabitEthernet0/0 5900

ip nat inside source static tcp 192.192.192.3 3389 interface GigabitEthernet0/0 4000

You also need to apply CBAC to the outside interface-

int gi0/0

ip inspect DEF-INSPECT out

3 REPLIES

1921 No Internet from LAN

Hi Andy,

Please apply these lines on your router, it should fix your problem.

ip inspect name FW tcp

ip inspect name FW udp

interface GigabitEthernet0/0

ip inspect FW in

ip inspect FW out

Please let me know, if this fix your problem.

thanks

Rizwan Rafeek.

1921 No Internet from LAN

There are a couple of things to correct-

Your NAT's are on the wrong interface-

ip nat inside source list NAT interface GigabitEthernet0/1 overload

ip nat inside source static tcp 192.192.192.3 25 interface GigabitEthernet0/1 25

ip nat inside source static tcp 192.192.192.3 110 interface GigabitEthernet0/1 110

ip nat inside source static tcp 192.192.192.3 2525 interface GigabitEthernet0/1 2525

ip nat inside source static tcp 192.192.192.3 80 interface GigabitEthernet0/1 80

ip nat inside source static tcp 192.192.192.3 443 interface GigabitEthernet0/1 443

ip nat inside source static tcp 192.192.192.16 5900 interface GigabitEthernet0/1 5900

ip nat inside source static udp 192.192.192.16 5900 interface GigabitEthernet0/1 5900

ip nat inside source static tcp 192.192.192.3 3389 interface GigabitEthernet0/1 4000

They should be-

ip nat inside source list NAT interface GigabitEthernet0/0 overload

ip nat inside source static tcp 192.192.192.3 25 interface GigabitEthernet0/0 25

ip nat inside source static tcp 192.192.192.3 110 interface GigabitEthernet0/0 110

ip nat inside source static tcp 192.192.192.3 2525 interface GigabitEthernet0/0 2525

ip nat inside source static tcp 192.192.192.3 80 interface GigabitEthernet0/0 80

ip nat inside source static tcp 192.192.192.3 443 interface GigabitEthernet0/0 443

ip nat inside source static tcp 192.192.192.16 5900 interface GigabitEthernet0/0 5900

ip nat inside source static udp 192.192.192.16 5900 interface GigabitEthernet0/0 5900

ip nat inside source static tcp 192.192.192.3 3389 interface GigabitEthernet0/0 4000

You also need to apply CBAC to the outside interface-

int gi0/0

ip inspect DEF-INSPECT out

New Member

1921 No Internet from LAN

Thanks Collin, you're correct that I got my interfaces mixed up! Changing them has sorted the problem. It's late here so I'll have a look at the other suggestions in the morning. Cheers!!

359
Views
0
Helpful
3
Replies