04-07-2011 04:43 PM - edited 03-11-2019 01:18 PM
HI
I have configured a Cisco router. I am able to ping google from rotuer. I can ping my local IP from router and router local IP to my machine. But I can not access internet on machine. I can not ping google and any other IP out of network.
Please help..
Thanks
04-07-2011 05:05 PM
Hi Amardeep,
There can be 2 causes of this issue:
1. There is no NAT configured on the router.
A basic guide is given here:: http://www.cisco.com/en/US/docs/routers/access/1800/1801/software/configuration/guide/pppoenat.html#wp1165866
2. There is no DNS server configure on your test PC, and hence it is unable to resolve google.com.
Give a DNS ip of 4.2.2.2 and that should fix the issue.
Hope this helps.
In case you still have issues, please provide a simple topology and/or the config on the router.
-Shrikant
P.S.: Please mark the question resolved, if it has been answered. Do rate helpful posts. Thanks.
04-07-2011 05:54 PM
HI
Please check it
Router#sh run
Building configuration...
Current configuration : 3133 bytes
!
! Last configuration change at 06:17:04 PCTime Fri Apr 8 2011 by
! NVRAM config last updated at 05:59:14 PCTime Fri Apr 8 2011 by
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$V5d/$TBkvtWf.kBMDYNF.A4OfZ/
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 5 30
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
!
!
no ip bootp server
ip domain name test.com
ip name-server DNS1
ip name-server DNS2
!
!
!
!
interface FastEthernet0/0
description
ip address 192.168.14.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
ip address External IP 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool MyPool 192.168.14.0 192.168.15.0 netmask 0.0.0.255
ip nat inside source list acl1 pool Mypool
!
logging trap debugging
access-list 1 permit 192.168.14.0 0.0.0.255
no cdp run
!
control-plane
!
banner exec ^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 4000 1000
end
Router#
Thanks
Amardeep
04-07-2011 07:21 PM
ip nat pool MyPool 192.168.14.0 192.168.15.0 netmask 0.0.0.255
ip nat inside source list acl1 pool Mypool
!
logging trap debugging
access-list 1 permit 192.168.14.0 0.0.0.255
no cdp run
*********************
Your IP Nat statement is referencing a named ACL and you have a numbered ACL configured. So there is nothing that will match the statement to NAT as there is no ACL.
You can add the named ACL:
ip access-list extended acl1
permit ip 192.168.14.0 0.0.0.255 any
or you can change the IP NAT statement to :
ip nat inside source list 1 pool Mypool
04-08-2011 02:13 AM
HI
No Help yet, I think I am missing something..
What is that ?
Please help
Thanks
Amar
04-08-2011 02:18 AM
Please check it
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 5 30
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
!
!
no ip bootp server
ip domain name test.com
ip name-server DNS2
ip name-server DNS2
!
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$
ip address 192.168.14.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
ip address externalIP 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 gatewayy
!
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool Mypool 192.168.14.0 192.168.15.0 netmask 0.0.0.255
ip nat inside source list 1 pool Mypool
ip nat inside source list acl1 pool Mypool
!
ip access-list extended acl1
permit ip 0.0.0.0 255.255.255.0 any
!
logging trap debugging
no cdp run
!
control-plane
!
!
scheduler allocate 4000 1000
end
04-08-2011 03:26 AM
A couple of things Amardeep:
ip route 0.0.0.0 0.0.0.0 gatewayy (i hope you have the ip address here)
Remove the earlier nat you configured:
no ip nat inside source list 1 pool Mypool
Hope this helps.
-Shrikant
P.S.: Please mark the question answered, if it has been resolved. Do rate helpful posts.
04-08-2011 03:36 AM
HI
ip route 0.0.0.0 0.0.0.0 gateway External IP ( There is IP)
I have this now ... But net is not running..
ip nat pool Mypool 192.168.14.0 192.168.15.0 netmask 0.0.0.255
ip nat inside source list acl1 pool Mypool
!
ip access-list extended acl1
permit ip 0.0.0.0 255.255.255.0 any
!
logging trap debugging
no cdp run
Thanks
Amar
04-08-2011 03:51 AM
Hi Amar,
The access-list is actually incorrect:
ip access-list extended acl1
permit ip 0.0.0.0 255.255.255.0 any
It should be either:
permit ip any any
OR permit ip 192.168.1.0 0.0.0.255 any
(if 192.168.1.0/24 is your internal network).
Please let me know if that helps.
-Shrikant
P.S.: Please mark the question resolved, if it has been answered. Do rate helpful posts. Thanks.
04-08-2011 04:07 AM
HI
Same issue. No internet is running on local machine.
Here is it
ip nat pool Mypool 192.168.14.0 192.168.15.0 netmask 0.0.0.255
ip nat inside source list acl1 pool Mypool
!
ip access-list extended acl1
permit ip 192.168.14.0 0.0.0.255 any
------
Is there any thing I need to define
Do i need these command on router ?
nat (inside) 0 access-list ?
nat (inside) 1 192.168.14.0 255.255.255.0
nat (inside) 1 0.0.0.0 0.0.0.0
Thanks
Amardeep
04-08-2011 04:13 AM
Hi Amar,
Please enter the following commands:
no ip nat pool Mypool 192.168.14.0 192.168.15.0 netmask 0.0.0.255
no ip nat inside source list acl1 pool Mypool
!
ip nat inside source list acl1 interface fastethernet 0/1 overload
You were basically sending the traffic to the internet with public ip addresses in the pool. Thus no replies were coming back.
Doing an interface PAT would resolve the issue.
The commands you mentioned in your post are ASA commands and not for routers.
Hope this helps.
-Shrikant
P.S.: Please mark the question resolved, if it has been answered. Do rate helpful posts. Thanks.
04-08-2011 04:35 AM
HI ShriKant,
Thank You Very Much..
Thanks
Amardeep Rana
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide