12-18-2017 11:28 PM - edited 03-05-2019 09:39 AM
Hi,
I was converted configuration from Cisco 1841 to 4331 and the 1841 having IP inspect after convert to 4331 user not able to access internet.
Any Idea ?
12-18-2017 11:36 PM
12-19-2017 01:30 AM
Hello,
at first glance, it looks like your inside interface is not part of any security zone:
interface GigabitEthernet0/0/1
description Interface Inside$Router LAN Segment$
ip address 172.29.154.207 255.255.255.0
no ip proxy-arp
ip nat inside
ip nbar protocol-discovery
ip access-group 103 in
zone-member security inside
negotiation auto
no cdp enable
ip virtual-reassembly
12-19-2017 06:00 PM
Hi
the command was added but still the same .
interface GigabitEthernet0/0/1
description Interface Inside$xxxxxx LAN Segment$
ip address 172.29.154.207 255.255.255.0
no ip proxy-arp
ip nat inside
ip nbar protocol-discovery
ip access-group 103 in
zone-member security inside
negotiation auto
no cdp enable
ip virtual-reassembly
!
i try to "no ip access-group 102 in"it able to internet but user said that the router is not secure enough.
interface GigabitEthernet0/0/0
description Interface Outside$FW_OUTSIDE$
ip address <Outside IP> 255.255.255.252
no ip redirects
no ip access-group 102 in
no ip unreachables
no ip proxy-arp
ip nat outside
ip verify unicast reverse-path
zone-member security outside
load-interval 30
negotiation auto
no cdp enable
crypto map SDM_CMAP_1
ip virtual-reassembly
12-19-2017 06:05 PM
Hi
the command was added but still the same .
interface GigabitEthernet0/0/1
description Interface Inside$xxxxxx LAN Segment$
ip address 172.29.154.207 255.255.255.0
no ip proxy-arp
ip nat inside
ip nbar protocol-discovery
ip access-group 103 in
zone-member security inside
negotiation auto
no cdp enable
ip virtual-reassembly
!
i try to "no ip access-group 102 in"it able to internet but user said that the router is not secure enough.
interface GigabitEthernet0/0/0
description Interface Outside$FW_OUTSIDE$
ip address <Outside IP> 255.255.255.252
no ip redirects
no ip access-group 102 in
no ip unreachables
no ip proxy-arp
ip nat outside
ip verify unicast reverse-path
zone-member security outside
load-interval 30
negotiation auto
no cdp enable
crypto map SDM_CMAP_1
ip virtual-reassembly
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide