Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can't Access Non-Pingable Resources On The Web Through C1700

                   Hello Everyone,

Was wondering if someone could help me out, I have a Cisco C1700 doing nat/pat.  since there is only one physical interface on it I have two subinterfaces setup, one thats the inside and one that is the outside and i have a 2950 that i have the main lan switch hooked up to and the cable modem hooked up to.  it works pretty well but for some reason i can't access resources such as web pages and remote desktops on non-pingable client servers and networks.  if i can ping the ip address i can access the resources for example, on two different domains (and ips of course) i have an exchange 2010 server setup.  one of the domains is pingable, the other is not, on the one that is pingable i can access owa without a problem from within my network, but on the one that isn't, i can't access owa, when i know it is accessible becuase i can access it from another network.  if i can provide anymore information let me know.  below are the configs, thank you in advance for any help that ya'll can offer

ROUTER -

Building configuration...

Current configuration : 1622 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname rt1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$7lQ/$5YK9785QnrUoczhF7EgQt1
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool trtpool
   network 192.168.176.0 255.255.255.0
   domain-name xxxxxxx
   dns-server X.X.X.X
   default-router 192.168.176.254
!
!
ip name-server X.X.X.X
ip name-server X.X.X.X
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username xxxxx secret 5 xxxxxxxxxxxxxxxxxxxxx
!
!
!
!
!
!
interface FastEthernet0
no ip address
speed auto
!
interface FastEthernet0.1
encapsulation dot1Q 2
ip address 192.168.176.254 255.255.255.0
ip nat inside
ip virtual-reassembly
no snmp trap link-status
!
interface FastEthernet0.2
encapsulation dot1Q 1 native
ip address X.X.X.X 255.255.255.252
ip nat outside
ip virtual-reassembly
no snmp trap link-status
!
interface Serial0
no ip address
shutdown
!
interface Serial1
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 X.X.X.X
!
!
no ip http server
no ip http secure-server
ip nat pool trt X.X.X.X X.X.X.X prefix-length 30
ip nat inside source list 7 pool trt overload
ip nat inside source static tcp 192.168.176.241 3389 X.X.X.X 3389 extendable
!
access-list 7 permit any
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
login local
line aux 0
line vty 0 4
login local
line vty 5 15
login local
!
end

SWITCH -

Building configuration...

Current configuration : 1432 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname sw3
!
enable secret 5 $1$0jRd$8H/1x37e29qCOLGhr7d6V1
!
username xxxxxxxxx secret 5 xxxxxxxxxxxxxxxxxxxxxx
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
switchport access vlan 2
!
interface FastEthernet0/2
switchport access vlan 2
!
interface FastEthernet0/3
switchport mode trunk
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
switchport mode trunk
spanning-tree vlan 1 cost 19
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan2
ip address 192.168.176.10 255.255.255.0
no ip route-cache
!
ip http server
!
line con 0
login local
line vty 0 4
login local
line vty 5 15
login local
!
!
end

2 REPLIES

Can't Access Non-Pingable Resources On The Web Through C1700

Keegan,

I'd tighten up the acl that's used for identifying what's being natted. Try this:

no access-list 7

access-list 7 permit 192.168.176.0 0.0.0.255

Unless you're trying to nat out as a certain address, you don't need to use a pool. You could try:

ip nat inside source list 7 interfa f0/0.2 overload

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

Can't Access Non-Pingable Resources On The Web Through C1700

Yea, I left it like that to eliminate the ACL as a variable.

So you're saying that because I'm using a pool is the reason that its not working?

169
Views
0
Helpful
2
Replies
CreatePlease login to create content