*lets see if posting the original message that was apparently 'spam' works now*

Hello, 

I've been tasked with setting up our new router in one of the computer labs of my college campus. It is an 892FSP. I've been struggling with this for a few weeks now, scouring forums, Cisco documentation, and Youtube videos for help. The vast majority of my networking knowledge has resulted from Google searches while trying to get it working. Now with that said, this router has a fairly simple job. It only needs to act as a DHCP server for 20 or so computers and give us our own local network separate from the rest of the University, and it needs to allow internet access. I've gotten it to assign IP addresses correctly, and in the correct network 192.168.1.x, but I can't get internet access. I believe the problem has something to do with NAT, I've tried all the commands that seem relevant but still no luck. We have a consumer grade router acting as a backup, and I was able to configure it to do exactly what I wanted in less than 5 minutes and it works perfectly, so I know there aren't any administrative restrictions on the network preventing a new router from popping up. 

I've attached the notepad document with the current running config, if anyone could take a look at it and tell me what I'm missing it would be very much appreciated!

Remove these lines:

ip nat pool AtlasLab 192.168.1.1 255.255.255.0 prefix-length 1
ip nat inside source list 10 interface GigabitEthernet8 overload
access-list 10 permit any

...and use these instead:

access-list 100 permit ip 192.168.1.0 255.255.255.0 any
ip nat inside source list 100 interface gi8 overload

Thanks for replying! I will go in today and try that this afternoon. I've been sitting at what I thought should be a working configuration for a week or two now, and that 'ip nat pool' line was a very recent addition. 

Disregarding that line, could you explain what the difference is between what I had and what you suggested? My understanding was that you can number the access-list with whatever you want, but some are just standard ones. 

One other thing we'd like it to do is some port-forwarding. There's a few devices that ideally should be accessible anywhere on campus, and not just from within our local network. As far as I know you pick a port and append that to the router's public ip in a browser and it sends all that traffic to a specific local ip. Would you be able to give me a sample set of commands to get that working as well? 

I think the "ip nat pool" was your primary issue.

We usually use an extended ACL (numbered 100 or greater) with NAT as we need to specify both the source and destination addresses (even when the destination is "any"). This is required when you want to do port forwarding as you also mentioned. 

Ah I see, was that a valid command at any point in time? Perhaps only for different models or something, because it seems like I got the destination being "any" from a tutorial. 

Also, I edited my other comment as you replied I think. About the portforwarding? 

So say there's a server with a static local ip of 192.168.1.10, and I want to be able to access it from anywhere within the campus network, would the commands be: 

ip nat inside source static tcp 192.168.1.10 5000 interface Gi8 5000

Well, still no luck. I made the changes you suggested, and it has the exact same problem. It will assign IP address to all the computers connected to it in the 192.168.1.x network, but none of those computers can access the internet. I also can't ping the internet (8.8.8.8) from either the router console or terminal on the computers. 

In your suggestion you said do the command 

'access-list 100 permit ip 192.168.1.0 255.255.255.0 any' 

however when I run that command it shows up in the running-config as 

'access-list 100 permit ip 0.0.0.0 255.255.255.0 any' 

is this a problem? 

I've attached the current running config below. Any other ideas? 

The fact that you cannot ping 8.8.8.8 even from the router console is troubling. That would have nothing to do with your NAT rules.

Please share the output of the following from the router:

show ip int br

show ip route

traceroute 8.8.8.8

Below is the output of those commands. One other potential problem: I contacted the IT department of the university and they said that all new routers must be whitelisted by MAC address. This router has no sticker on the bottom with a MAC address, I believe I gave them the MAC address from GigabitEthernet8 which is the WAN port I have the internet line going into. Is this the right MAC address to use? If not how can I find it? The confusing this about this is that we have an Apple router as a backup which took about 5 minutes to configure to do the exact same thing as this Cisco router needs to do and it works perfectly, no network whitelisting required. 

atls221-148-dhcp#show ip int br
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0 unassigned YES unset down down
GigabitEthernet1 unassigned YES unset down down
GigabitEthernet2 unassigned YES unset down down
GigabitEthernet3 unassigned YES unset down down
GigabitEthernet4 unassigned YES unset down down
GigabitEthernet5 unassigned YES unset down down
GigabitEthernet6 unassigned YES unset down down
GigabitEthernet7 unassigned YES unset up up
GigabitEthernet8 128.138.221.148 YES DHCP up up
GigabitEthernet9 unassigned YES NVRAM administratively down down
NVI0 unassigned YES unset administratively down down
Vlan1 192.168.1.1 YES NVRAM up up
atls221-148-dhcp#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S* 0.0.0.0/0 is directly connected, GigabitEthernet8
128.138.0.0/16 is variably subnetted, 3 subnets, 2 masks
S 128.138.129.173/32 [254/0] via 128.138.221.1, GigabitEthernet8
C 128.138.221.0/24 is directly connected, GigabitEthernet8
L 128.138.221.148/32 is directly connected, GigabitEthernet8
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Vlan1
L 192.168.1.1/32 is directly connected, Vlan1
atls221-148-dhcp#traceroute 8.8.8.8
Type escape sequence to abort.
Tracing the route to 8.8.8.8
VRF info: (vrf in name/id, vrf out name/id)
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

Odd. Can you even ping the upstream gateway (128.138.221.1) from the router?

If you can, maybe you can try a static route (though you should not have to):

ip route 0.0.0.0 0.0.0.0 128.138.221.1

I can ping 128.138.221.1 successfully, 

I tried adding the static route as you suggested but still no internet access.