cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
587
Views
0
Helpful
9
Replies

PC's on network cannot access internet through WAN

manuelcruz3288
Level 1
Level 1

Hi Guys,

I appreciate any help on this. I have a Cisco 1941 Router that i just factory defaulted. I configured the GB Inter 0/0 to be the LAN 192.168.4.250 255.255.255.0 and the GB Inter 0/1 (Public IP) 255.255.255.248. I can ping the internet and internal network pc's from the WAN interface (GB Inter 0/1). as for the GB Inter 0/0 i can ping the wan interface but i cannot ping an external source by name or ip address. I do have DNS configured on the router and any pc being used on the internal network. DHCP is disabled because we have a DHCP server. My show running-config is below. Any help is appreciated very much. Let me know if any other info is needed to diagnose the issue. Also no access lists are applied either.

Current configuration : 5397 bytes

!

! Last configuration change at 15:44:02 UTC Wed Feb 12 2014 by michael

! NVRAM config last updated at 15:40:26 UTC Wed Feb 12 2014

! NVRAM config last updated at 15:40:26 UTC Wed Feb 12 2014

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname 107TestRouter

!

boot-start-marker

boot-end-marker

!

!

logging buffered 51200 warnings

!

no aaa new-model

!

!

no ipv6 cef

ip source-route

ip cef

!

!

!

!

!

ip domain name libertysport.com

ip name-server 75.75.75.75

ip name-server 75.75.76.76

!

multilink bundle-name authenticated

!

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-3136076189

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3136076189

revocation-check none

rsakeypair TP-self-signed-3136076189

!

!

crypto pki certificate chain TP-self-signed-3136076189

certificate self-signed 01

                  

Current configuration : 5397 bytes

!

! Last configuration change at 15:44:02 UTC Wed Feb 12 2014 by michael

! NVRAM config last updated at 15:40:26 UTC Wed Feb 12 2014

! NVRAM config last updated at 15:40:26 UTC Wed Feb 12 2014

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname 107TestRouter

!

boot-start-marker

boot-end-marker

!

!

logging buffered 51200 warnings

!

no aaa new-model

!

!

no ipv6 cef

ip source-route

ip cef

!

!

!

!

!

ip domain name libertysport.com

ip name-server 75.75.75.75

ip name-server 75.75.76.76

!

multilink bundle-name authenticated

!

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-3136076189

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3136076189

revocation-check none

rsakeypair TP-self-signed-3136076189

!

!

crypto pki certificate chain TP-self-signed-3136076189

certificate self-signed 01

2 Accepted Solutions

Accepted Solutions

Your NAT config would be -

int gi0/0

ip nat inside

int gi0/1

ip nat outside

access-list 101 permit ip 192.168.4.0 0.0.0.255 any

ip nat inside source list 101 interface gi0/1 overload

Jon

View solution in original post

If i understand your question correctly the acl used in the NAT statement is only used to tell the router which IPs to NAT. It is not applied to any interface as you would with an acl that was controlling traffic through that interface.

There are a lot of different uses for acls and for a lot of things the acl is not directly applied to the router's interfaces.

Jon

View solution in original post

9 Replies 9

Jon Marshall
Hall of Fame
Hall of Fame

You haven't posted the full configuration but have do you have NAT setup for the internal clients ?

Jon

Hi Jon, thank you for your response. No I haven't setup NATing yet. Shall I config it with 0/1 outside and 0/0 inside? I'll post  full config ASAP.

Your NAT config would be -

int gi0/0

ip nat inside

int gi0/1

ip nat outside

access-list 101 permit ip 192.168.4.0 0.0.0.255 any

ip nat inside source list 101 interface gi0/1 overload

Jon

Jon, you fixed it! Im able to get out now. I can't believe it was that easy, must searches ive found lead me to the overload statement but wasnt sure enough to try it myself.

No problem, glad to have helped.

Jon

When i do a show ip interface gbint0/1 how come i dont see that the ip nat inside source list 101 interface gi0/1 overload is shown under outgoing or inbound access list?

If i understand your question correctly the acl used in the NAT statement is only used to tell the router which IPs to NAT. It is not applied to any interface as you would with an acl that was controlling traffic through that interface.

There are a lot of different uses for acls and for a lot of things the acl is not directly applied to the router's interfaces.

Jon

manuelcruz3288
Level 1
Level 1

Understood and thank you. Is there a command to verify or view that this statement is in effect? kinda like viewing the acl's tied to an interface?

You can do -

1) a simple "sh run to see if it is configured

2)  "sh access-list 101" to see if there are hits on the acl

3) "sh ip nat translations" to see exactly what NAT translations are happening on your router.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: