Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Unable to access Internet behind Cisco 2811 Router

We had a power outage last night, and since then, we've been unable to access the Internet from within the internal network (behind the 2811 series ). I can remote in from outside, so that means my NAT statements are working for port 3389. I can also access internal webmail site from public side. However, no Internet on the inside. I've attached the running-config if someone could point me in the right direction. I'm very stuck.

Thanks

4 REPLIES
Silver

Re: Unable to access Internet behind Cisco 2811 Router

It looks like you may need to change the route-map in the following nat statement:


ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/1 overload


SDM_RMAP_1 will only nat if destined to 192.168.1.0/24


Change it to this:


ip nat inside source route-map SDM_RMAP_2 interface FastEthernet0/1 overload


This route map matches an ACL that permits all destinations.



Chris

Cisco Employee

Re: Unable to access Internet behind Cisco 2811 Router

Your NAT overload statement refers to route-map SDM_RMAP_1 which is using an ACL that will result in NAT of traffic from 10.4.167.0 to 192.168.1.0. A quick suggestion will be to take a look at this overload statement and possibly tra SDM_RMAP_2 instead of SDM_RMAP_1.

Atif

Cisco Employee

Re: Unable to access Internet behind Cisco 2811 Router

Hi,

I reviewed your config and found a problem.

ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/1 overload

route-map SDM_RMAP_1 permit 1

match ip address 104

access-list 104 remark SDM_ACL Category=2

access-list 104 remark IPSec Rule

access-list 104 permit ip 10.4.167.0 0.0.0.255 192.168.1.0 0.0.0.255

So, currently, only traffic matching ACL 104 is NAT translated and Internet traffic is not being translated.

You need to chang route-map SDM_RMAP_1 to match different ACL.

route-map SDM_RMAP_1 permit 1

no match ip address 104

no match ip address 109

access-list 109 deny ip 10.4.167.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 109 permit ip 10.4.167.0 0.0.0.255 any

KK.

Re: Unable to access Internet behind Cisco 2811 Router

I understand the correct Route-Map would be

route-map SDM_RMAP_1 permit 1
match ip address 105

1047
Views
5
Helpful
4
Replies