Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PC's on network cannot access internet through WAN

Hi Guys,

I appreciate any help on this. I have a Cisco 1941 Router that i just factory defaulted. I configured the GB Inter 0/0 to be the LAN 192.168.4.250 255.255.255.0 and the GB Inter 0/1 (Public IP) 255.255.255.248. I can ping the internet and internal network pc's from the WAN interface (GB Inter 0/1). as for the GB Inter 0/0 i can ping the wan interface but i cannot ping an external source by name or ip address. I do have DNS configured on the router and any pc being used on the internal network. DHCP is disabled because we have a DHCP server. My show running-config is below. Any help is appreciated very much. Let me know if any other info is needed to diagnose the issue. Also no access lists are applied either.

Current configuration : 5397 bytes

!

! Last configuration change at 15:44:02 UTC Wed Feb 12 2014 by michael

! NVRAM config last updated at 15:40:26 UTC Wed Feb 12 2014

! NVRAM config last updated at 15:40:26 UTC Wed Feb 12 2014

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname 107TestRouter

!

boot-start-marker

boot-end-marker

!

!

logging buffered 51200 warnings

!

no aaa new-model

!

!

no ipv6 cef

ip source-route

ip cef

!

!

!

!

!

ip domain name libertysport.com

ip name-server 75.75.75.75

ip name-server 75.75.76.76

!

multilink bundle-name authenticated

!

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-3136076189

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3136076189

revocation-check none

rsakeypair TP-self-signed-3136076189

!

!

crypto pki certificate chain TP-self-signed-3136076189

certificate self-signed 01

                  

Current configuration : 5397 bytes

!

! Last configuration change at 15:44:02 UTC Wed Feb 12 2014 by michael

! NVRAM config last updated at 15:40:26 UTC Wed Feb 12 2014

! NVRAM config last updated at 15:40:26 UTC Wed Feb 12 2014

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname 107TestRouter

!

boot-start-marker

boot-end-marker

!

!

logging buffered 51200 warnings

!

no aaa new-model

!

!

no ipv6 cef

ip source-route

ip cef

!

!

!

!

!

ip domain name libertysport.com

ip name-server 75.75.75.75

ip name-server 75.75.76.76

!

multilink bundle-name authenticated

!

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-3136076189

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3136076189

revocation-check none

rsakeypair TP-self-signed-3136076189

!

!

crypto pki certificate chain TP-self-signed-3136076189

certificate self-signed 01

Everyone's tags (1)
2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Blue

PC's on network cannot access internet through WAN

Your NAT config would be -

int gi0/0

ip nat inside

int gi0/1

ip nat outside

access-list 101 permit ip 192.168.4.0 0.0.0.255 any

ip nat inside source list 101 interface gi0/1 overload

Jon

Hall of Fame Super Blue

Re: PC's on network cannot access internet through WAN

If i understand your question correctly the acl used in the NAT statement is only used to tell the router which IPs to NAT. It is not applied to any interface as you would with an acl that was controlling traffic through that interface.

There are a lot of different uses for acls and for a lot of things the acl is not directly applied to the router's interfaces.

Jon

9 REPLIES
Hall of Fame Super Blue

PC's on network cannot access internet through WAN

You haven't posted the full configuration but have do you have NAT setup for the internal clients ?

Jon

New Member

PC's on network cannot access internet through WAN

Hi Jon, thank you for your response. No I haven't setup NATing yet. Shall I config it with 0/1 outside and 0/0 inside? I'll post  full config ASAP.

Hall of Fame Super Blue

PC's on network cannot access internet through WAN

Your NAT config would be -

int gi0/0

ip nat inside

int gi0/1

ip nat outside

access-list 101 permit ip 192.168.4.0 0.0.0.255 any

ip nat inside source list 101 interface gi0/1 overload

Jon

New Member

PC's on network cannot access internet through WAN

Jon, you fixed it! Im able to get out now. I can't believe it was that easy, must searches ive found lead me to the overload statement but wasnt sure enough to try it myself.

Hall of Fame Super Blue

PC's on network cannot access internet through WAN

No problem, glad to have helped.

Jon

New Member

PC's on network cannot access internet through WAN

When i do a show ip interface gbint0/1 how come i dont see that the ip nat inside source list 101 interface gi0/1 overload is shown under outgoing or inbound access list?

Hall of Fame Super Blue

Re: PC's on network cannot access internet through WAN

If i understand your question correctly the acl used in the NAT statement is only used to tell the router which IPs to NAT. It is not applied to any interface as you would with an acl that was controlling traffic through that interface.

There are a lot of different uses for acls and for a lot of things the acl is not directly applied to the router's interfaces.

Jon

New Member

PC's on network cannot access internet through WAN

Understood and thank you. Is there a command to verify or view that this statement is in effect? kinda like viewing the acl's tied to an interface?

Hall of Fame Super Blue

PC's on network cannot access internet through WAN

You can do -

1) a simple "sh run to see if it is configured

2)  "sh access-list 101" to see if there are hits on the acl

3) "sh ip nat translations" to see exactly what NAT translations are happening on your router.

Jon

179
Views
0
Helpful
9
Replies
CreatePlease to create content