07-22-2013 09:54 AM - edited 03-04-2019 08:31 PM
hi everyone , i have the follow problems
i have access from my router to the internet but from my users ( vlan 61 and vlan 60) i can reach the internet .
can you help me what is the problema please
i show you the router
interface Multilink1
no ip address
ppp multilink
ppp multilink group 1
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
duplex auto
speed auto
!
interface GigabitEthernet0/0.62
encapsulation dot1Q 62
ip address 192.168.62.2 255.255.255.0
ip wccp 61 redirect in
h323-gateway voip interface
h323-gateway voip bind srcaddr 192.168.62.2
!
interface GigabitEthernet0/0.63
encapsulation dot1Q 63
ip address 192.168.63.2 255.255.255.0
ip wccp 61 redirect in
!
interface GigabitEthernet0/1
ip address 209.X.X.1 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0:23
no ip address
encapsulation hdlc
isdn switch-type primary-ni
isdn incoming-voice voice
no cdp enable
!
interface Serial0/0/1:0
ip address 172.X.X.X 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip wccp 62 redirect in
ip nbar protocol-discovery
ip flow ingress
ip flow egress
service-policy output WAN
!
!
router eigrp 100
network 172.X.X.X 0.0.0.3
network 192.168.62.0
network 192.168.63.0
network 192.168.120.0
redistribute static
ip nat inside source list ACL-NAT-SERVERS interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 209.X.X.6
ip route 192.168.17.0 255.255.255.0 192.168.1.14
ip route 192.168.24.0 255.255.255.0 192.168.63.11
!
ip access-list standard WR
!
ip access-list extended ACL-NAT-SERVERS
permit ip 192.168.60.0 0.0.0.255 any
permit ip 192.168.61.0 0.0.0.255 any
deny ip 192.168.60.0 0.0.0.255 192.168.0.0 0.0.255.255
deny ip 192.168.61.0 0.0.0.255 192.168.0.0 0.0.255.255
interface Vlan60
ip address 192.168.60.2 255.255.255.0
!
interface Vlan61
ip address 192.168.61.2 255.255.255.0
ip helper-address 192.168.60.10
!
interface Vlan63
ip address 192.168.63.11 255.255.255.0
!
!
router eigrp 100
eigrp stub connected summary
network 192.168.24.0
network 192.168.60.0
network 192.168.61.0
network 192.168.63.0
!
ip default-gateway 192.168.19.1
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.61.16
interface Multilink1
no ip address
ppp multilink
ppp multilink group 1
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip flow egress
duplex auto
speed auto
!
interface GigabitEthernet0/0.62
encapsulation dot1Q 62
ip address 192.168.62.2 255.255.255.0
ip wccp 61 redirect in
h323-gateway voip interface
h323-gateway voip bind srcaddr 192.168.62.2
!
interface GigabitEthernet0/0.63
encapsulation dot1Q 63
ip address 192.168.63.2 255.255.255.0
ip wccp 61 redirect in
!
interface GigabitEthernet0/1
ip address 209.X.X.1 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0:23
no ip address
encapsulation hdlc
isdn switch-type primary-ni
isdn incoming-voice voice
no cdp enable
!
interface Serial0/0/1:0
ip address 172.X X.X .255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip wccp 62 redirect in
ip nbar protocol-discovery
ip flow ingress
ip flow egress
service-policy output WAN
!
!
router eigrp 100
network 172.X.X.X 0.0.0.3
network 192.168.62.0
network 192.168.63.0
network 192.168.120.0
redistribute static
ip nat inside source list ACL-NAT-SERVERS interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 209.X.X.6
ip route 192.168.17.0 255.255.255.0 192.168.1.14
ip route 192.168.24.0 255.255.255.0 192.168.63.11
!
ip access-list standard WR
!
ip access-list extended ACL-NAT-SERVERS
permit ip 192.168.60.0 0.0.0.255 any
permit ip 192.168.61.0 0.0.0.255 any
deny ip 192.168.60.0 0.0.0.255 192.168.0.0 0.0.255.255
deny ip 192.168.61.0 0.0.0.255 192.168.0.0 0.0.255.255
and my switch
interface Vlan60
ip address 192.168.60.2 255.255.255.0
!
interface Vlan61
ip address 192.168.61.2 255.255.255.0
ip helper-address 192.168.60.10
!
interface Vlan63
ip address 192.168.63.11 255.255.255.0
!
!
router eigrp 100
eigrp stub connected summary
network 192.168.24.0
network 192.168.60.0
network 192.168.61.0
network 192.168.63.0
!
ip default-gateway 192.168.19.1
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.63.2
Solved! Go to Solution.
07-22-2013 12:00 PM
Are you saying that users on VLAN 60 and 61 do not have access to the Internet? If so then you will require a 'ip nat inside' configured on the VLAN interfaces. Your NAT ACL and nat statement look fine to me, you should not need to use a NAT pool as Edwin suggested but you could if you wanted to.
07-22-2013 10:08 AM
Hello Edwin,
I see you have a static NAT entry with an access list enabled on it which is good. However it looks like you didn't specify a pool to use with that static NAT entry. Try this:
ip nat pool EDWIN 209.x.x.1 209.x.x.1 prefix-length 30
ip nat inside source list ACL-NAT-SERVERS pool EDWIN overload
Let me know how it goes.
Regards,
Eddie
07-23-2013 08:02 AM
thank you for your help
07-22-2013 12:00 PM
Are you saying that users on VLAN 60 and 61 do not have access to the Internet? If so then you will require a 'ip nat inside' configured on the VLAN interfaces. Your NAT ACL and nat statement look fine to me, you should not need to use a NAT pool as Edwin suggested but you could if you wanted to.
07-23-2013 08:02 AM
awsome thank you .
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: