Solved: Configured router but unable to get internet access?

guitarplyr · ‎04-24-2013

Hi, I am new to configuring cisco routers and for some reason I am unable to get internet access. All the clients do get an ip address. My config is below, any ideas? Thanks!

Router1#show run
Building configuration...

Current configuration : 6078 bytes
!
version 15.0
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
no service password-encryption
!
hostname Router1
!
boot-start-marker
boot-end-marker
!
enable secret 5
enable password

no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
!
no ipv6 cef
ip source-route
no ip routing
no ip cef
!
!
ip dhcp excluded-address 192.168.1.18
ip dhcp excluded-address 192.168.1.1 192.168.1.124
ip dhcp excluded-address 192.168.1.175 192.168.1.254
!
ip dhcp pool myPool
   network 192.168.1.0 255.255.255.0
   dns-server 192.168.1.22
   default-router 192.168.1.18
   domain-name testdomain
   lease 7
!
!
ip domain name testdomain
ip name-server 192.168.1.22
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-2565028650
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2565028650
revocation-check none
rsakeypair TP-self-signed-2565028650
!
!

!
!
username admin privilege 15 password 0
!
!
!
!
!
!
interface GigabitEthernet0/0
description inside interface
ip address 192.168.1.18 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
description outside interface
ip address 72.54.100.111 255.255.255.252
ip nat outside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
ip http secure-server
!

ip nat outside source list 100 interface GigabitEthernet0/1
ip route 0.0.0.0 0.0.0.0 72.54.100.111
!
access-list 3 permit 192.168.1.0 0.0.0.255
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password
login
!
scheduler allocate 20000 1000
ntp update-calendar
ntp server 132.248.30.3 source GigabitEthernet0/1
ntp server 85.214.108.169 source GigabitEthernet0/1
ntp server 78.46.70.42 source GigabitEthernet0/1
ntp server 188.40.77.71 source GigabitEthernet0/1
end

Bilal Nawaz · ‎04-24-2013

Hello,

The no ip routing command disables the ability to route any traffic between subnets, or even within its own subnet.

The router then becomes just like a host.

Please enable 'ip routing' , so this will enable the router to perform routing tasks between your connected subnets and should enable you to 'ping' between subnets too.

Also your nat statement is not correct. Kindly amend this to reflect:

ip nat inside source list 3 interface GigabitEthernet0/1

Hope this helps

Sent from Cisco Technical Support iPhone App

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

View solution in original post

cadet alain · ‎04-24-2013

Hi,

no ip nat outside source list 100 interface GigabitEthernet0/1

and modify this:

ip route 0.0.0.0 0.0.0.0 72.54.100.111 as this must be the next-hop not your router IP

Are you sure about this IP on the outside interface because it is a broadcast address with a /30 not a host address ?

Regards

Alain

Don't forget to rate helpful posts.

View solution in original post

evergreenajay · ‎04-24-2013

why you have configure " No ip routing" ?

guitarplyr · ‎04-24-2013

I am not sure, I was going by an example. Is that my problem? What does no ip routing mean? Thanks!

Bilal Nawaz · ‎04-24-2013

Hello,

The no ip routing command disables the ability to route any traffic between subnets, or even within its own subnet.

The router then becomes just like a host.

Please enable 'ip routing' , so this will enable the router to perform routing tasks between your connected subnets and should enable you to 'ping' between subnets too.

Also your nat statement is not correct. Kindly amend this to reflect:

ip nat inside source list 3 interface GigabitEthernet0/1

Hope this helps

Sent from Cisco Technical Support iPhone App

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

guitarplyr · ‎04-24-2013

Thanks, below is my new config. I noticed now there is "Overload" next to the ip nat inside command?

Router1#show run
Building configuration...

Current configuration : 6085 bytes
!
! Last configuration change at 13:28:57 EDT Wed Apr 24 2013
!
version 15.0
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
no service password-encryption
!
hostname Router1
!
boot-start-marker
boot-end-marker
!
enable secret 5
enable password
!
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
!
no ipv6 cef
ip source-route
ip cef
!
!
ip dhcp excluded-address 192.168.1.18
ip dhcp excluded-address 192.168.1.1 192.168.1.124
ip dhcp excluded-address 192.168.1.175 192.168.1.254
!
ip dhcp pool myPool
   network 192.168.1.0 255.255.255.0
   dns-server 192.168.1.22
   default-router 192.168.1.18
   domain-name testdomain
   lease 7
!
!
ip domain name testdomain
ip name-server 192.168.1.22
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-2565028650
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2565028650
revocation-check none
rsakeypair TP-self-signed-2565028650
!
!
crypto pki certificate chain TP-self-signed-2565028650
certificate self-signed 01

license udi pid CISCO1921/K9 sn FTX144601AF
!
!
username admin privilege 15 password 0 #nter2TBNA
!
!
!
!
!
!
interface GigabitEthernet0/0
description inside interface
ip address 192.168.1.18 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
description outside interface
ip address 72.54.100.111 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
ip http secure-server
!
ip nat inside source list 3 interface GigabitEthernet0/1 overload
ip nat inside source static tcp 192.168.1.21 80 72.54.100.111 80 extendable
ip nat inside source static tcp 192.168.1.21 443 72.54.100.111 443 extendable
ip nat inside source static tcp 192.168.1.99 1180 72.54.100.111 1180 extendable
ip nat inside source static tcp 192.168.1.4 1433 72.54.100.111 1433 extendable
ip nat inside source static udp 192.168.1.4 1433 72.54.100.111 1433 extendable
ip nat inside source static tcp 192.168.1.4 1434 72.54.100.111 1434 extendable
ip nat inside source static udp 192.168.1.4 1434 72.54.100.111 1434 extendable
ip nat inside source static tcp 192.168.1.157 3388 72.54.100.111 3388 extendable
ip nat inside source static udp 192.168.1.157 3388 72.54.100.111 3388 extendable
ip nat inside source static tcp 192.168.1.4 3389 72.54.100.111 3389 extendable
ip nat inside source static tcp 192.168.1.130 3394 72.54.100.111 3394 extendable
ip nat inside source static udp 192.168.1.130 3394 72.54.100.111 3394 extendable
ip nat inside source static tcp 192.168.1.3 3395 72.54.100.111 3395 extendable
ip nat inside source static udp 192.168.1.3 3395 72.54.100.111 3395 extendable
ip nat inside source static tcp 192.168.1.20 5631 72.54.100.111 5631 extendable
ip nat inside source static udp 192.168.1.20 5631 72.54.100.111 5631 extendable
ip nat inside source static tcp 192.168.1.20 5632 72.54.100.111 5632 extendable
ip nat inside source static udp 192.168.1.20 5632 72.54.100.111 5632 extendable
ip nat inside source static tcp 192.168.1.20 5800 72.54.100.111 5800 extendable
ip nat inside source static tcp 192.168.1.20 5801 72.54.100.111 5801 extendable
ip nat inside source static tcp 192.168.1.20 5900 72.54.100.111 5901 extendable
ip nat inside source static tcp 192.168.1.21 8080 72.54.100.111 8080 extendable
ip nat inside source static udp 192.168.1.21 8080 72.54.100.111 8080 extendable
ip nat inside source static tcp 192.168.1.21 8383 72.54.100.111 8383 extendable
ip nat inside source static udp 192.168.1.21 8383 72.54.100.111 8383 extendable
ip nat inside source static tcp 192.168.1.21 8384 72.54.100.111 8384 extendable
ip nat inside source static udp 192.168.1.21 8384 72.54.100.111 8384 extendable
ip nat inside source static tcp 192.168.1.21 17350 72.54.100.111 17350 extendable
ip nat inside source static udp 192.168.1.21 17350 72.54.100.111 17350 extendable
ip nat inside source static tcp 192.168.1.136 28192 72.54.100.111 28192 extendable
ip nat inside source static udp 192.168.1.136 28192 72.54.100.111 28192 extendable
ip nat outside source list 100 interface GigabitEthernet0/1
ip route 0.0.0.0 0.0.0.0 72.54.100.111
!
access-list 3 permit 192.168.1.0 0.0.0.255
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password
login
!
scheduler allocate 20000 1000
ntp update-calendar
ntp server 132.248.30.3 source GigabitEthernet0/1
ntp server 85.214.108.169 source GigabitEthernet0/1
ntp server 78.46.70.42 source GigabitEthernet0/1
ntp server 188.40.77.71 source GigabitEthernet0/1
end

cadet alain · ‎04-24-2013

Hi,

no ip nat outside source list 100 interface GigabitEthernet0/1

and modify this:

ip route 0.0.0.0 0.0.0.0 72.54.100.111 as this must be the next-hop not your router IP

Are you sure about this IP on the outside interface because it is a broadcast address with a /30 not a host address ?

Regards

Alain

Don't forget to rate helpful posts.

guitarplyr · ‎04-24-2013

THanks! I was changing the IP addresses for security reasons so it couldnt get hacked.