Hi, I have some problems to exit from my LAN (VLAN1). I can ping my LAN gateway (10.10.1.1), but no other external ip. The DMZ (VLAN10) works fine... Does anyone can help me ? thanks, Luca
My situation: Assigned subnet from ISP Subnet: xxx.yyy.zzz.248 Router IP: xxx.yyy.zzz.249 Available IPs: xxx.yyy.zzz.250 .. xxx.yyy.zzz.254 Broadcast: xxx.yyy.zzz.255 Netmask: 255.255.255.248 dns 1: 212.90.199.2 dns 2: 212.90.192.190
Subnet internal LAN Subnet: 10.10.1.0 Gateway: 10.10.1.1 Netmask: 255.255.255.0
My configuration: version 12.4 no parser cache no service pad service tcp-keepalives-in service timestamps debug datetime localtime service timestamps log datetime localtime service password-encryption service sequence-numbers ! hostname ! boot-start-marker boot-end-marker ! logging userinfo logging buffered 32000 informational logging console informational logging monitor informational enable secret 5 ! aaa new-model ! ! aaa authentication login default local aaa authentication login admin local ! ! aaa session-id common ! ! dot11 syslog no ip source-route no ip gratuitous-arps no ip cef ! ! no ip dhcp use vrf connected ip dhcp excluded-address 10.10.1.1 10.10.1.59 ip dhcp excluded-address 10.10.1.100 10.10.1.254 ! ip dhcp pool VLAN1 import all network 10.10.1.0 255.255.255.0 default-router 10.10.1.1 domain-name dns-server 212.90.199.2 212.90.192.190 lease 0 2 ! ! no ip bootp server no ip domain lookup ip domain name ip name-server 212.90.199.2 ip name-server 212.90.192.190 ip inspect max-incomplete high 1100 ip inspect max-incomplete low 1100 ip inspect one-minute high 1100 ip inspect one-minute low 1100 ip inspect name DEFAULT100 udp ip inspect name DEFAULT100 tcp login block-for 60 attempts 3 within 30 login on-failure log login on-success log ! multilink bundle-name authenticated ! ! username privilege 15 secret 5 ! no crypto isakmp enable ! archive log config hidekeys ! ! ip tcp synwait-time 10 ip ssh time-out 60 ip ssh authentication-retries 1 ip ssh version 2 ! ! ! interface FastEthernet0 no cdp enable ! interface FastEthernet1 no cdp enable ! interface FastEthernet2 no cdp enable ! interface FastEthernet3 description DMZ port switchport access vlan 10 no cdp enable ! interface FastEthernet4 description WAN port no ip address duplex auto speed auto pppoe-client dial-pool-number 1 ! interface Vlan1 description Local Area Network ip address 10.10.1.1 255.255.255.0 ip nat inside ip virtual-reassembly ip tcp adjust-mss 1452 ! interface Vlan10 description DMZ Network ip address xxx.yyy.zzz.249 255.255.255.248 no ip proxy-arp no ip mroute-cache ntp broadcast hold-queue 100 out ! interface Dialer0 ip unnumbered Vlan10 ip access-group 101 in ip access-group 102 out no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip inspect DEFAULT100 out ip virtual-reassembly encapsulation ppp dialer pool 1 dialer idle-timeout 0 dialer persistent dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname ppp chap password 7 ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Dialer0 ! ! no ip http server no ip http secure-server ! ! access-list 101 permit ip any any access-list 102 permit ip any any dialer-list 1 protocol ip permit no cdp run ! ! ! ! control-plane ! banner motd ^CC This is machine name. Unauthorised access to this machine is strictly prohibited. Please disconnect now unless you have received prior authorisation for use. The systems administrator is your name on Your phone number. ^C ! line con 0 login authentication admin no modem enable stopbits 1 line aux 0 line vty 0 4 exec-timeout 5 0 login authentication admin transport input ssh ! scheduler max-task-time 5000 ntp logging ntp clock-period 17179869 ntp source Dialer0 ntp peer 212.90.197.226 prefer end