cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
585
Views
0
Helpful
4
Replies

internal devices are unable to communicate with outside network

jameharmon
Level 1
Level 1

I hope someone here can help me. I have setup a cisco router 2911 to study for canna, and I am unable in any for or fashion to get anything to communicate out. 

 

Can someone please give me some advice?

 

Current configuration : 4174 bytes

!

! Last configuration change at 21:47:24 UTC Mon Jan 22 2018 by semi

!

version 15.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname cishome

!

boot-start-marker

boot system flash c2900-universalk9-mz.SPA.154-2.T1.bin

boot-end-marker

!

!

enable secret 5 __________.

enable password_________

!

aaa new-model

!

!

aaa authentication login default local

!

!

!

!

!

aaa session-id common

!

no ip routing

!

!

!

!

!

ip dhcp excluded-address 10.0.100.1 10.0.100.30

!

ip dhcp pool MAIN

 network 10.0.100.0 255.255.255.0

 default-router 10.0.100.1 

 dns-server 84.200.------ 84.200.--------

 domain-name ----------------

 lease 7

!

!         

!

no ip cef

no ipv6 cef

multilink bundle-name authenticated

!

!

!

crypto pki trustpoint TP-

!

!

crypto pki certificate chain TP-A800CC D450AB15 593D495E

  quit

license udi pid CISCO2911/K9 sn FTX1503AL35

!

!

username semi privilege 15 secret 5 $1$IKdz$c1GdjEOAUV6ZupnSyjulG/

!

redundancy

!

!

ip ssh version 2

!         

!

!

!

interface Embedded-Service-Engine0/0

 no ip address

 no ip route-cache

 shutdown

!

interface GigabitEthernet0/0

 ip address dhcp

 ip nat outside

 ip virtual-reassembly in

 no ip route-cache

 duplex auto

 speed auto

!

interface GigabitEthernet0/1

 ip address 10.0.100.1 255.255.255.0

 ip nat inside

 ip virtual-reassembly in

 no ip route-cache

 duplex auto

 speed auto

 no mop enabled

!

interface GigabitEthernet0/2

 no ip address

 no ip route-cache

 shutdown

 duplex auto

 speed auto

!

ip forward-protocol nd

!

ip http server

ip http authentication local

ip http secure-server

!

ip nat inside source list 10 interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 10.0.1.1

!

ip access-list extended allowedservices

 permit tcp any any eq www

 permit tcp any any eq 443

 permit tcp any any eq 445

 permit tcp any any eq 143

 permit tcp any any eq pop3

 permit tcp any any eq 997

 permit tcp any any eq 995

 permit tcp any any eq smtp

 permit tcp any any eq telnet

 permit tcp any any eq 22

 permit tcp any any eq domain

 permit udp any any eq domain

 permit icmp any any echo-reply

 permit tcp any any eq 3389

 permit tcp any any eq 69

!

!

!

snmp-server community public RO

!

!

!

control-plane

!

!

!

line con 0

line aux 0

line 2

 no activation-character

 no exec

 transport preferred none

 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

 stopbits 1

line vty 0

 exec-timeout 40 0

 password Blackbox47$

 transport input ssh

line vty 1 4

 exec-timeout 5 0

 password Blackbox47$

 transport input ssh

!

scheduler allocate 20000 1000

!

end

 

cishome#

 

2 Accepted Solutions

Accepted Solutions

Hi, You've got the following defined "ip nat inside source list 10 interface GigabitEthernet0/0 overload", where "10" would be the standard ACL listing all of the internal subnets, but I don't see the output of this in the config you supplied. Do you have that ACL defined? If not, that could be the issue.

 

I assume this router behind another ISP router? which is why the default route next hop is 10.0.1.1 and not a public IP address.

 

HTH

View solution in original post

You haven't got that ACL applied anywhere (not that I can see), so it won't be doing anything yet. You'd want to apply it to the Gi0/1 interface.

 

interface GigabitEthernet0/1

 ip access-group allowedservices in

 

\\ To confirm the ACL is working, make sure there are hits

show ip access-list

View solution in original post

4 Replies 4

Hi, You've got the following defined "ip nat inside source list 10 interface GigabitEthernet0/0 overload", where "10" would be the standard ACL listing all of the internal subnets, but I don't see the output of this in the config you supplied. Do you have that ACL defined? If not, that could be the issue.

 

I assume this router behind another ISP router? which is why the default route next hop is 10.0.1.1 and not a public IP address.

 

HTH

Thanks for the help only other issue im having now is that I can view ever webpage, just some I assume its because of my extended access-list

 

You haven't got that ACL applied anywhere (not that I can see), so it won't be doing anything yet. You'd want to apply it to the Gi0/1 interface.

 

interface GigabitEthernet0/1

 ip access-group allowedservices in

 

\\ To confirm the ACL is working, make sure there are hits

show ip access-list

thanks I appreciate the help, and yes I wasn't going to move away from the router until I knew it worked. Thanks a bunch, that was dumb on my part.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: