I need your urgent advise, i have a cisco router which just moved to another site hence we changed the ISP IP only. I tested from router and everything is working fine. when connected the switch users in the LAN not able to access the Internet but able to access Intranet.
Router show below logs'
003068: *Nov 13 08:25:57 UTC: %FW-6-LOG_SUMMARY: 1 packet were dropped from (target:class)-(ZP_In_Out:Invalid_SRC)
ip nat inside ip nat outside ip nat inside ip nat inside source list internet_acl interface GigabitEthernet0/1 overload
ip access-list standard SNMP_INC ip access-list extended Anti-spoof_ACL ip access-list extended DMVPN_ACL ip access-list extended VTY_Sources ip access-list extended SSH_ICMP_ACL ip access-list extended Telnet/SSH ip access-list extended filter_in ip access-list extended filter_out ip access-list extended internet_acl +++++++++++++++++++++++++++++++++++++++
Policy Map type inspect Inspect_Policy Class Invalid_SRC Drop log Class Traffic_Insp Inspect Class HTTP_Inspect Inspect Class class-default Drop
Policy Map type inspect Permit_Policy Class GRE Pass Class SSH_ICMP Inspect Class Invalid_SRC Drop log Class DMVPN Pass Class class-default Drop
Policy Map type inspect Permit_ICMP_Reply Class ICMP_Access Inspect Class GRE Pass Class SSH_ICMP Inspect Class DMVPN Pass Class class-default Pass +++++++++++++++++++++++++++++++++++++++++++++++++++ Class Map type inspect match-any SSH_ICMP (id 2) Match class-map SSH_ICMP_ACL
Class Map type inspect match-any Class_Map_ICMP (id 3) Match protocol icmp
Class Map type inspect match-any SSH_ICMP_ACL (id 1) Match access-group name SSH_ICMP_ACL
Class Map type inspect match-all HTTP_Inspect (id 4) Match protocol http
Class Map type inspect match-any Class_Map_Traffic_Insp (id 5) Match protocol cuseeme Match protocol dns Match protocol ftp Match protocol h323 Match protocol https Match protocol icmp Match protocol imap Match protocol pop3 Match protocol netshow Match protocol shell Match protocol realmedia Match protocol rtsp Match protocol smtp extended Match protocol sql-net Match protocol streamworks Match protocol tftp Match protocol vdolive Match protocol tcp Match protocol udp
Class Map type inspect match-all Traffic_Insp (id 6) Match class-map Class_Map_Traffic_Insp
Class Map type inspect match-any DMVPN (id 8) Match class-map DMVPN_ACL
Class Map type inspect match-all Invalid_SRC (id 10) Match class-map Anti-spoof_ACL
Class Map type inspect match-any DMVPN_ACL (id 7) Match access-group name DMVPN_ACL
Class Map type inspect match-any GRE (id 11) Match class-map DMVPN_ACL
Class Map type inspect match-all Anti-spoof_ACL (id 9) Match access-group name Anti-spoof_ACL
Class Map type inspect match-all ICMP_Access (id 12) Match class-map Class_Map_ICMP
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...