Solved: routing problem on cisco 887

Stas Balabanov · ‎07-18-2013

Hello everyone!

Please help

i have pings from router to outside (internet) and from router to inside (lan) but i have no ping from inside to outside ,

it seem like nat table is wrong or router just not doing routing...

please have a look at my configuration, may be you'll see something suspicious.

##############################

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Riwip-R

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$ijuH$FLQZC0k.e.Zq/ya41uYFa0

enable password *********

!

aaa new-model

!

aaa session-id common

memory-size iomem 10

crypto pki token default removal timeout 0

!

ip source-route

!

ip cef

ip domain name

*********

no ipv6 cef

!

license udi pid CISCO887VA-K9 sn FTX1715828L

!

username ***** privilege 15 secret 4 8R9Jpx2OkfxKJM2qBI.

d617QvuuNwdr@#EA7Yb.ebRE

!

controller VDSL 0

!

ip ssh version 2

!

!
interface Ethernet0
no ip address

pppoe-client dial-pool-number 1

!

interface ATM0

no ip address

shutdown

no atm ilmi-keepalive

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

shutdown

!

interface FastEthernet2

no ip address

shutdown

!

interface FastEthernet3

no ip address

!

interface Vlan1

ip address 10.0.0.130 255.0.0.0

ip nat inside

no ip virtual-reassembly in

!
interface Dialer0
mtu 1492

ip address negotiated

ip nat outside
ip virtual-reassembly in
encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1
dialer-group 1

ppp pap sent-username *****@****password 0 ************

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

ip nat inside source list NAT-ACL interface Dialer0 overload

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip access-list extended NAT-ACL

permit ip 10.0.0.0 0.255.255.255 any

!

dialer-list 1 protocol ip permit

!

line con 0

no modem enable

line aux 0

line vty 0 4

privilege level 15

password **********

transport input ssh

!

end

##############################

cadet alain · ‎07-18-2013

Hi,

Your config looks correct. Can you verify the default-gateway on the hosts is the vlan 1 IP address and that they are in the correct subnet.

Regards

Alain

Don't forget to rate helpful posts.

View solution in original post

cadet alain · ‎07-18-2013

Hi,

Your config looks correct. Can you verify the default-gateway on the hosts is the vlan 1 IP address and that they are in the correct subnet.

Regards

Alain

Don't forget to rate helpful posts.

Stas Balabanov · ‎07-18-2013

Thank you

That was the problem.

johnlloyd_13 · ‎07-18-2013

hi,

could you try with a standard ACL for your NAT?

no ip nat inside source list NAT-ACL interface Dialer0 overload

access-list 1 permit 10.0.0.0 0.255.255.255

ip nat inside soource list 1 interface dialer0 overload