NAT or routing problem...

Hi, I have some problems to exit from my LAN (VLAN1). I can ping my LAN gateway (, but no other external ip. The DMZ (VLAN10) works fine... Does anyone can help me ? thanks, Luca

My situation: Assigned subnet from ISP Subnet: xxx.yyy.zzz.248 Router IP: xxx.yyy.zzz.249 Available IPs: xxx.yyy.zzz.250 .. xxx.yyy.zzz.254 Broadcast: xxx.yyy.zzz.255 Netmask: dns 1: dns 2:

Subnet internal LAN Subnet: Gateway: Netmask:

My configuration: version 12.4 no parser cache no service pad service tcp-keepalives-in service timestamps debug datetime localtime service timestamps log datetime localtime service password-encryption service sequence-numbers ! hostname ! boot-start-marker boot-end-marker ! logging userinfo logging buffered 32000 informational logging console informational logging monitor informational enable secret 5 ! aaa new-model ! ! aaa authentication login default local aaa authentication login admin local ! ! aaa session-id common ! ! dot11 syslog no ip source-route no ip gratuitous-arps no ip cef ! ! no ip dhcp use vrf connected ip dhcp excluded-address ip dhcp excluded-address ! ip dhcp pool VLAN1 import all network default-router domain-name dns-server lease 0 2 ! ! no ip bootp server no ip domain lookup ip domain name ip name-server ip name-server ip inspect max-incomplete high 1100 ip inspect max-incomplete low 1100 ip inspect one-minute high 1100 ip inspect one-minute low 1100 ip inspect name DEFAULT100 udp ip inspect name DEFAULT100 tcp login block-for 60 attempts 3 within 30 login on-failure log login on-success log ! multilink bundle-name authenticated ! ! username privilege 15 secret 5 ! no crypto isakmp enable ! archive log config hidekeys ! ! ip tcp synwait-time 10 ip ssh time-out 60 ip ssh authentication-retries 1 ip ssh version 2 ! ! ! interface FastEthernet0 no cdp enable ! interface FastEthernet1 no cdp enable ! interface FastEthernet2 no cdp enable ! interface FastEthernet3 description DMZ port switchport access vlan 10 no cdp enable ! interface FastEthernet4 description WAN port no ip address duplex auto speed auto pppoe-client dial-pool-number 1 ! interface Vlan1 description Local Area Network ip address ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! interface Vlan10 description DMZ Network ip address xxx.yyy.zzz.249 no ip proxy-arp no ip mroute-cache ntp broadcast hold-queue 100 out ! interface Dialer0 ip unnumbered Vlan10 ip access-group 101 in ip access-group 102 out no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip inspect DEFAULT100 out ip virtual-reassembly encapsulation ppp dialer pool 1 dialer idle-timeout 0 dialer persistent dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname ppp chap password 7 ! ip forward-protocol nd ip route Dialer0 ! ! no ip http server no ip http secure-server ! ! access-list 101 permit ip any any access-list 102 permit ip any any dialer-list 1 protocol ip permit no cdp run ! ! ! ! control-plane ! banner motd ^CC This is machine name. Unauthorised access to this machine is strictly prohibited. Please disconnect now unless you have received prior authorisation for use. The systems administrator is your name on Your phone number. ^C ! line con 0 login authentication admin no modem enable stopbits 1 line aux 0 line vty 0 4 exec-timeout 5 0 login authentication admin transport input ssh ! scheduler max-task-time 5000 ntp logging ntp clock-period 17179869 ntp source Dialer0 ntp peer prefer end

Reply to
Loading thread data ...

Where is your IP nat outside? What is this natting to?

Reply to

Hi Trendkill, I have added the following lines, but doesn't work yet

ip nat inside source list 101 interface Dialer0 overload

access-list 101 remark *** ACL PER PAT *** access-list 101 permit ip any

Reply to
Luca Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.