06-24-2024 09:09 AM - edited 06-24-2024 10:38 AM
I have been trying to configure my router for several days but I have not been able to get it to log in or out of the internet. I would be very grateful if you could help me since my business depends on this router, this is my running-config:
Building configuration...
Current configuration : 2872 bytes
!
! Last configuration change at 10:15:52 UTC Tue Jun 25 2024
!
version 16.6
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform hardware throughput level 400000
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 xxxxxxxxxxxxx
enable password xxxxxxxx
!
no aaa new-model
!
!
subscriber templating
!
!
multilink bundle-name authenticated
passthru-domain-list jose
match lolyschicken.com
match 192.168.1.1
match cisco.com
match www.goolge.com
!
!
license udi pid ISR4351/K9 sn xxxxxxxxx
license accept end user agreement
license boot level appxk9
diagnostic bootup level minimal
spanning-tree extend system-id
service-template webauth-global-inactive
inactivity-timer 3600
service-template DEFAULT_LINKSEC_POLICY_MUST_SECURE
linksec policy must-secure
service-template DEFAULT_LINKSEC_POLICY_SHOULD_SECURE
linksec policy should-secure
service-template DEFAULT_CRITICAL_VOICE_TEMPLATE
voice vlan
!
!
!
username xxxxx privilege 15 secret 9 xxxxxxxx
!
redundancy
mode none
!
!
!
parameter-map type webauth global
login-auth-bypass ip-access-list 100 domain-name-list jose
!
!
interface GigabitEthernet0/0/0 (wan dhcp)
ip address dhcp hostname R1
ip nat outside
ip access-group 100 out
negotiation auto
spanning-tree portfast disable
!
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip access-group 100 in
negotiation auto
no mop enabled
spanning-tree portfast disable
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
ip nat pool 1 192.168.1.0 192.168.1.254 netmask 255.255.255.0
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip nat outside source list 100 pool 1
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http secure-trustpoint CISCO_IDEVID_SUDI
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
access-list 100 permit tcp any any eq www
!
!
route-map track-primary-if permit 1
match ip address 197
set interface GigabitEthernet0/0/0
!
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password xxxxxxxxx
login
length 0
!
end
06-25-2024 12:18 AM
Lets start with basic config - from router you able to ping 8.8.8.8 ?
no ip nat pool 1 192.168.1.0 192.168.1.254 netmask 255.255.255.0
no ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
no ip nat outside source list 100 pool 1
access-list 1 permit 192.168.1.0 0.0.0.255
interface GigabitEthernet0/0/0 (wan dhcp)
ip address dhcp hostname R1
ip nat outside
no ip access-group 100 out
negotiation auto
spanning-tree portfast disable
!
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
no ip access-group 100 in
negotiation auto
no mop enabled
spanning-tree portfast disable
then configured client with 192.168.1.X 255.255.255.0 and gateway 192.168.1.1
DNS 8.8.8.8 (or provider DNS and test and let us know)
06-25-2024 02:28 PM
hi, thanks so much for reply, i still without connection, i can't ping 8.8.8.8 or 1.1.1.1, i made modification you suggest but still same problem.
Building configuration...
Current configuration : 2280 bytes
!
! Last configuration change at 16:15:14 UTC Wed Jun 26 2024
!
version 16.6
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 xxxxxxxxx
enable password xxxxxxxxxxxxxxxx
!
no aaa new-model
!
ip name-server 8.8.8.8 1.1.1.1
!
ip dhcp pool 1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
!
subscriber templating
!
!
multilink bundle-name authenticated
!
!
license udi pid ISR4351/K9 sn xxxxxxxxxxx
diagnostic bootup level minimal
spanning-tree extend system-id
!
!
!
username xxxxxxxxx privilege 15 secret 9 xxxxxxxxxxxxx
!
redundancy
mode none
!
!
interface GigabitEthernet0/0/0
ip address dhcp hostname R1
ip nat outside
negotiation auto
spanning-tree portfast disable
!
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
negotiation auto
spanning-tree portfast disable
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
ip nat pool 1 192.168.1.0 192.168.1.254 netmask 255.255.255.0
ip nat outside source list 100 pool 1
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0/0/0
ip tftp source-interface GigabitEthernet0/0/0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
ip route 192.168.1.1 255.255.255.255 GigabitEthernet0/0/1
!
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit tcp any any
!
!
route-map track-primary-if permit 1
match ip address 197
set interface GigabitEthernet0/0/0
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password xxxxxxxxx
login
length 0
!
end
06-25-2024 02:34 PM
Remove below
ip nat pool 1 192.168.1.0 192.168.1.254 netmask 255.255.255.0
ip nat outside source list 100 pool 1
Add this
Ip nat inside list 1 interface g0/0/0 overload
That it
MHM
06-25-2024 03:26 PM
Hi, thanks for try help me but still same issue, i can't ping or connected outside
Building configuration...
Current configuration : 2268 bytes
!
! Last configuration change at 17:17:52 UTC Wed Jun 26 2024
!
version 16.6
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 xxxxxxxxxxx
enable password xxxxxxxxx
!
no aaa new-model
!
ip name-server 8.8.8.8 1.1.1.1
!
ip dhcp pool 1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
subscriber templating
!
!
multilink bundle-name authenticated
!
license udi pid ISR4351/K9 sn xxxxxxxxxx
diagnostic bootup level minimal
spanning-tree extend system-id
!
username xxxxxxxxxx privilege 15 secret 9 xxxxxxxxxxxx
!
redundancy
mode none
!
interface GigabitEthernet0/0/0
ip address dhcp hostname R1
ip nat outside
negotiation auto
spanning-tree portfast disable
!
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
negotiation auto
spanning-tree portfast disable
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0/0/0
ip tftp source-interface GigabitEthernet0/0/0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
ip route 192.168.1.1 255.255.255.255 GigabitEthernet0/0/1
!
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit tcp any any
!
!
route-map track-primary-if permit 1
match ip address 197
set interface GigabitEthernet0/0/0
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password xxxxxxxxx
login
length 0
!
end
06-25-2024 03:32 PM - edited 06-25-2024 03:36 PM
I suggest add below
Ip nat inside source list 1 interface g0/0/0 overload
You add different
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
??
Add what I suggest and remove not correct NAT
MHM
06-25-2024 03:35 PM
give me error when i try add
06-25-2024 04:22 PM
I remove old line and add suggestions line, still same, not ping 8.8.8.8, 1.1.1.1, 8.8.4.4
06-26-2024 03:43 PM
Hi friend
after you add
Ip nat inside source list 1 interface g0/0/0 overload <<- it mandatory
GigabitEthernet0/0/0 68.191.34.244 YES DHCP down down <<- how this Down Down ?? and the interface get IP via ISP DHCP ?
can you shut/ no shut and ping again form router to 8.8.8.8
MHM
06-26-2024 04:02 PM
Hi, yes is dhcp and not ping anyway
06-26-2024 04:09 PM
can you again do
no shut <<- under g0/0/0
and check ping again
MHM
06-26-2024 04:14 PM
I did no shut and try ping 8.8.8.8 but still same
06-26-2024 04:08 PM - edited 06-26-2024 04:15 PM
This is my brief
Gig0/0/0 68.191.34.244 yes dhcp up up
06-26-2024 04:19 PM
Now ping from router to 8.8.8.8 it must be success
then add
Ip nat inside source list 1 interface g0/0/0 overload <<- it mandatory
and try ping from client connect to g0/0/1
MHM
06-26-2024 04:30 PM
Ok, I add line, save conf, un shut into 0/0/0 but still not ping 8.8.8.8, also from client try ping g0/0/0 and 8.8.8.8 but doesn't work, only ping 192.168.1.1,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide