Desperate
@optonline.net
|  [Config] Need help debugging a misconfiguration of NAT 850W Rout
Hello all,
First and foremost I want to thank you for taking the time to read this.
How I got to where I am now.
Decided to mess around with my configuration about 5 days ago and I think I messed something up and unfortunately I did not back up my config.
Here is what I've learned:
Keep frequent backups: Once my issue gets resolved I will definetely run a kron job to ftp over configurations on a daily basis.
Here is how it used to work:
Any traffic I requested from my inside interface in this case BVI1 as long as the acl in was configured to permit ip 10.10.10.0 0.0.0.255 any
anything I requested would be allowed to come back to me without problems
Here is how it's working now:
any traffic I request from the bvi1 interface with the same ACL as I had before gets denied by ACL 101 which is assigned to the public outside interface which basically allows bootpc traffic for it to receive DHCP info from the ISP and a deny ip all rule.
I can't just put an permit ip any any on the 101 ACL that's like not having a firewall. I have pasted my configuration here: »pastebin.be/12710
Once again, I thank you for your time, any help you provide here hope it comes back tenfold. |
|
joecool42069
@rr.com
| Re: [Config] Need help debugging a misconfiguration of NAT 850W
Doesn't sound like a nat issue, but sounds like you removed CBAC? CBAC will allow the return traffic through that it inspects leaving your router.
You don't need all of this, but I've found them usefull at one point or another... example:
Also, doesn't look like you need this line in there:
ip nat pool home 10.10.10.0 10.10.10.255 netmask 255.255.255.0 |
|
Desperate
@optonline.net | I thank you very much, I have made the changes and it is indeed working. I feel ashamed at the same time but it has been a good learning experience. |
|
joecool42069
@rr.com | You're welcome.. Glad to hear.. and don't beat yourself up too much, we're all here to learn something.  |
|
