|
Question : Cisco 1710 Router config
|
|
Can someone tell me why this config can't browse the web please? :)
version 12.3 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname router! boot-start-marker boot-end-marker ! enable secret 5 $1$WHbG$NTXKub1AJUZEEIC3hxFLv. enable password 7 104C1B1853131D05010126202D ! clock timezone eastern -5 clock summer-time EDT recurring no aaa new-model ip subnet-zero no ip source-route ! ! ip domain list domain.net ip domain name domain.net ip name-server 192.168.1.3 ! no ip bootp server ip cef ip inspect name firewall tcp ip inspect name firewall udp ip inspect name firewall smtp ip inspect name firewall tftp ip inspect name firewall ftp ip inspect name firewall http ip audit notify log ip audit po max-events 100 ip ssh break-string no ftp-server write-enable ! ! ! no crypto isakmp enable ! ! ! ! interface Ethernet0 description External Static DSL Interface ip address 66.207.xxx.xxx 255.255.255.0 ip access-group 101 in no ip proxy-arp ip nat outside half-duplex no cdp enable ! interface FastEthernet0 description Inside Static Interface to my LAN ip address 192.168.1.1 255.255.255.0 ip nat inside speed auto full-duplex no cdp enable ! ip nat inside source list 1 interface Ethernet0 overload ip nat inside source static tcp 192.168.1.3 25 66.207.xxx.xxx 25 extendable ip nat inside source static tcp 192.168.1.5 80 66.207.xxx.xxx 80 extendable ip nat inside source static tcp 192.168.1.3 5631 66.207.xxx.xxx 5631 extendable ip nat inside source static udp 192.168.1.3 5632 66.207.xxx.xxx 5632 extendable ip nat inside source static tcp 192.168.1.3 443 66.207.xxx.xxx 443 extendable ip nat inside source static tcp 192.168.1.3 53 66.207.xxx.xxx 53 extendable ip nat inside source static udp 192.168.1.3 53 66.207.xxx.xxx 53 extendable ip classless ip route 0.0.0.0 0.0.0.0 66.207.xxx.1 no ip http server no ip http secure-server ! ! access-list 101 deny ip 192.168.0.0 0.0.255.255 any log access-list 101 deny ip 172.16.0.0 0.15.255.255 any log access-list 101 deny ip 10.0.0.0 0.255.255.255 any log access-list 101 deny ip 127.0.0.0 0.255.255.255 any log access-list 101 deny ip 255.0.0.0 0.255.255.255 any log access-list 101 deny ip 224.0.0.0 7.255.255.255 any log access-list 101 deny ip host 0.0.0.0 any log access-list 101 deny ip 66.207.xxx.0 0.0.0.255 any log access-list 101 deny ip host 169.254.8.78 any log access-list 101 permit tcp any 66.207.xxx.0 0.0.0.255 gt 1023 established access-list 101 permit icmp any 66.207.xxx.0 0.0.0.255 net-unreachable access-list 101 permit icmp any 66.207.xxx.0 0.0.0.255 host-unreachable access-list 101 permit icmp any 66.207.xxx.0 0.0.0.255 port-unreachable access-list 101 permit icmp any 66.207.xxx.0 0.0.0.255 packet-too-big access-list 101 permit icmp any 66.207.xxx.0 0.0.0.255 administratively-prohibite d access-list 101 permit icmp any 66.207.xxx.0 0.0.0.255 source-quench access-list 101 permit icmp any 66.207.xxx.0 0.0.0.255 ttl-exceeded access-list 101 permit tcp any host 66.207.xxx.xxx eq www access-list 101 permit tcp any host 66.207.xxx.xxx eq smtp access-list 101 permit tcp any host 66.207.xxx.xxx eq domain log access-list 101 permit udp any host 66.207.xxx.xxx eq domain access-list 101 permit tcp any host 66.207.xxx.xxx eq 5631 access-list 101 permit udp any host 66.207.xxx.xxx eq 5632 access-list 101 deny ip any any log no cdp run ! banner login ^CPerimeter Router UNAUTHORIZED ACCESS PROHIBITED^C ! line con 0 exec-timeout 5 0 password 7 0459190759254340041C091C1B login line aux 0 exec-timeout 0 10 no exec line vty 0 4 exec-timeout 5 0 password 7 110B0B0441160402092F272F21 login ! ntp clock-period 17168977 ntp server 204.34.198.41 ntp server 192.5.41.209 prefer ! end
sfrouter#
|
Answer : Cisco 1710 Router config
|
|
You are right, I was just focusing on the access-list. Access-list 1 is required to tell the router which traffic to NAT. Without it, no traffic is being NAT'ed, hence the reason you weren't able to browse the Internet.
|
|
|