Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
507
Views
0
Helpful
4
Replies

Cisco 1841 convert configuration to ISR4331

alfred0327
Level 1
Level 1

‎12-18-2017 11:28 PM - edited ‎03-05-2019 09:39 AM

Hi,

 

I was converted configuration from Cisco 1841 to 4331 and the 1841 having IP inspect after convert to 4331 user not able to access internet.

 

Any Idea ?

Labels:
Preview file
27 KB
0 Helpful
4 Replies 4

alfred0327
Level 1
Level 1

‎12-18-2017 11:36 PM

Attach ISR 4331 config.

Preview file
24 KB
0 Helpful

Georg Pauwen
VIP
VIP
In response to alfred0327

‎12-19-2017 01:30 AM

Hello,

 

at first glance, it looks like your inside interface is not part of any security zone:

 

interface GigabitEthernet0/0/1
description Interface Inside$Router LAN Segment$
ip address 172.29.154.207 255.255.255.0
no ip proxy-arp
ip nat inside
ip nbar protocol-discovery
ip access-group 103 in
zone-member security inside
negotiation auto
no cdp enable
ip virtual-reassembly

0 Helpful

alfred0327
Level 1
Level 1
In response to Georg Pauwen

‎12-19-2017 06:00 PM

Hi

the command was added but still the same .

 

interface GigabitEthernet0/0/1
description Interface Inside$xxxxxx LAN Segment$
ip address 172.29.154.207 255.255.255.0
no ip proxy-arp
ip nat inside
ip nbar protocol-discovery
ip access-group 103 in
zone-member security inside
negotiation auto
no cdp enable
ip virtual-reassembly
!

 

i try to "no ip access-group 102 in"it able to internet but user said that the router is not secure enough.  


interface GigabitEthernet0/0/0
description Interface Outside$FW_OUTSIDE$
ip address <Outside IP> 255.255.255.252
no ip redirects

no ip access-group 102 in
no ip unreachables
no ip proxy-arp
ip nat outside
ip verify unicast reverse-path
zone-member security outside
load-interval 30
negotiation auto
no cdp enable
crypto map SDM_CMAP_1
ip virtual-reassembly

0 Helpful

alfred0327
Level 1
Level 1
In response to Georg Pauwen

‎12-19-2017 06:05 PM

Hi

the command was added but still the same .

 

interface GigabitEthernet0/0/1
description Interface Inside$xxxxxx LAN Segment$
ip address 172.29.154.207 255.255.255.0
no ip proxy-arp
ip nat inside
ip nbar protocol-discovery
ip access-group 103 in
zone-member security inside
negotiation auto
no cdp enable
ip virtual-reassembly
!

 

i try to "no ip access-group 102 in"it able to internet but user said that the router is not secure enough.


interface GigabitEthernet0/0/0
description Interface Outside$FW_OUTSIDE$
ip address <Outside IP> 255.255.255.252
no ip redirects

no ip access-group 102 in
no ip unreachables
no ip proxy-arp
ip nat outside
ip verify unicast reverse-path
zone-member security outside
load-interval 30
negotiation auto
no cdp enable
crypto map SDM_CMAP_1
ip virtual-reassembly

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card