Question

Locked

Cisco 861w Firewall up cannot access Internet or Ping

By andy_yerger ·
I'm a newbie at Cisco I recently purchased an 861w I was able to get Cisco CP Express installed and get the basic config and Nat up and running, I can browse the internet with the firewall down but I cannot ping or surf the Internet with the Firewall up. Could someone please help get me going in the right direction with getting my 861w working and my firewall stealthed. Here is my config and thank you for any usefull info or assitance.

pixy#term len 0
pixy#show run
Building configuration...

Current configuration : 7479 bytes
!
! Last configuration change at 11:19:18 PCTime Wed Oct 29 2008 by ayerger
! NVRAM config last updated at 11:08:58 PCTime Wed Oct 29 2008 by ayerger
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname pixy
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200
logging console critical
enable secret 5 $1$z75c$qfVWpmqwUZu7hDor4u.im1
!
no aaa new-model
clock timezone PCTime -8
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-387923354
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-387923354
revocation-check none
rsakeypair TP-self-signed-387923354
!
!
crypto pki certificate chain TP-self-signed-387923354
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33383739 32333335 34301E17 0D303831 30323931 36303034
325A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3338 37393233
33353430 819F300D 06092A86 4886F70D 01010105 000381 00308189 02818100
9B83660F 4E888EE6 CAC31779 FDFCC0D4 55699843 9F6D28CA 5A1F0442 673F98CD
0916BA43 7708AEB9 64B3B732 B90866EA 5DDFE8D6 8E5C4986 E5C4B6CD E3D21298
2A176615 8693AC80 1602F021 0D5876A4 136A9E03 BF50C6AB CC314305 0209C4DC
DDA2B9BD E9DF6736 0326FC8C C0163C05 D41E823A B8DC92BC BA188575 EE503F83
02030100 01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D
11041B30 19821779 6F75726E 616D652E 796F7572 646F6D61 696E2E63 6F6D301F
0603551D 23041830 168014 7FD11ED3 A55546AE 377A0178 7D19ED36 A0E13A30
1D060355 1D0E0416 04148D7F D11ED3A5 5546AE37 7A01787D 19ED36A0 E13A300D
06092A86 4886F70D 01010405 00038181 001F6022 A8288153 DCAA9B62 B1A5BD2F
70A11AC8 FFC0BB32 0A709741 7A8F44C9 C8F7DB4E 8A8D6270 BE6D6047 F48FE4F0
2F25B756 2D200B4A B88B2742 8A6DA618 39C3DB74 F2AB7491 F90754C0 C49AE816
5DEDEDDB A861EAED F4184CA0 C1C7568F AAD04D0C 3BD69615 69F28F52 1556837F
3692F882 87257BB1 509F4ADD 080B7824 13
quit
no ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.9
!
ip dhcp pool sdm-pool1
import all
network 10.10.10.0 255.255.255.0
dns-server 208.67.220.220 208.67.222.222
default-router 10.10.10.1
!
!
ip cef
no ip bootp server
ip domain name yourdomain.com
ip name-server 208.67.220.220
ip name-server 208.67.222.222
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
username ayerger privilege 15 secret 5 $1$z5E0$/7X35uwKMPfeqYtSsdjax/
!
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh authentication-retries 2
!
class-map type inspect match-any sdm-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-insp-traffic
match class-map sdm-cls-insp-traffic
class-map type inspect match-any sdm-cls-icmp-access
match protocol icmp
class-map type inspect match-all sdm-invalid-src
match access-group 100
class-map type inspect match-all sdm-icmp-access
match class-map sdm-cls-icmp-access
class-map type inspect match-all sdm-protocol-http
match protocol http
!
!
policy-map type inspect sdm-permit-icmpreply
class type inspect sdm-icmp-access
inspect
class class-default
pass
policy-map type inspect sdm-inspect
class type inspect sdm-invalid-src
drop log
class type inspect sdm-insp-traffic
inspect
class type inspect sdm-protocol-http
inspect
class class-default
policy-map type inspect sdm-permit
class class-default
!
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-self-out source self destination out-zone
service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-out-self source out-zone destination self
service-policy type inspect sdm-permit
zone-pair security sdm-zp-in-out source in-zone destination out-zone
service-policy type inspect sdm-inspect
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $FW_OUTSIDE$$ES_WAN$
ip address dhcp client-id FastEthernet4
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
zone-member security out-zone
duplex auto
speed auto
!
interface wlan-ap0
description Service module interface to manage the embedded AP
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
shutdown
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
zone-member security in-zone
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
no cdp run

!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Back to Networks Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums