Thank you!

Now ping 8.8.8.8 source 192.168.1.1 works, but ping 8.8.8.8 from client fails.

debug ip nat - shows nothing.

What else could cause this problem?

Hello,

remove the two lines in bold from your config:

Current configuration : 1996 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$L/Qh$pAh6sCNUtAtG7tnANlFZy.
!
no aaa new-model
!
dot11 syslog
ip source-route
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool pooldhcp
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
lease 0 2
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
archive
log config
hidekeys
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer0
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp chap refuse
ppp ms-chap refuse
ppp ms-chap-v2 refuse
ppp pap sent-username <CUTTED> password 0 <CUTTED>
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.1.0 255.255.255.0 Dialer0
no ip http server
no ip http secure-server
!
!
ip nat pool pool1 192.168.1.1 192.168.1.254 netmask 255.255.255.0 add-route
ip nat inside source list 1 interface Dialer0 overload
!
ip access-list extended TerminalAccess
permit tcp host 192.168.1.2 any eq telnet log
permit tcp host 192.168.1.2 any eq 22 log
deny tcp any any log
!
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run

!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class TerminalAccess in
login
transport input ssh
!
scheduler max-task-time 5000
end

I removed, it didn't help. Ping from route works, from client doesn't.

Hello,

I made a few adjustments (in bold), I added an extended access list instead of a standard. If this doesn't work, we'll try a route map. Configure the below first...

Current configuration : 1996 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$L/Qh$pAh6sCNUtAtG7tnANlFZy.
!
no aaa new-model
!
dot11 syslog
ip source-route
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool pooldhcp
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
lease 0 2
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
archive
log config
hidekeys
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1420
!
interface Dialer0
ip address negotiated
ip mtu 1460
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ip tcp adjust-mss 1420
ppp authentication pap callin
ppp chap refuse
ppp ms-chap refuse
ppp ms-chap-v2 refuse
ppp pap sent-username <CUTTED> password 0 <CUTTED>
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
ip nat inside source list NAT interface Dialer0 overload
!
ip access-list extended TerminalAccess
permit tcp host 192.168.1.2 any eq telnet log
permit tcp host 192.168.1.2 any eq 22 log
deny tcp any any log
!
ip access-list extended NAT
 permit ip 192.168.1.0 0.0.0.255 any
!
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class TerminalAccess in
login
transport input ssh
!
scheduler max-task-time 5000
end

Hello,

if the previous doesn't work, configure the route map overload as below:

Current configuration : 1996 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$L/Qh$pAh6sCNUtAtG7tnANlFZy.
!
no aaa new-model
!
dot11 syslog
ip source-route
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool pooldhcp
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
lease 0 2
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
archive
log config
hidekeys
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1420
!
interface Dialer0
ip address negotiated
ip mtu 1460
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ip tcp adjust-mss 1420
ppp authentication pap callin
ppp chap refuse
ppp ms-chap refuse
ppp ms-chap-v2 refuse
ppp pap sent-username <CUTTED> password 0 <CUTTED>
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
ip nat inside source route-map NAT_OUT interface Dialer0 overload
!
route-map NAT_OUT permit 10
 match ip address NAT
!
ip access-list extended TerminalAccess
permit tcp host 192.168.1.2 any eq telnet log
permit tcp host 192.168.1.2 any eq 22 log
deny tcp any any log
!
ip access-list extended NAT
 permit ip 192.168.1.0 0.0.0.255 any
!
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class TerminalAccess in
login
transport input ssh
!
scheduler max-task-time 5000
end

Nope. Pings from client don't work.

Hello,

the problem might be related to the DHCP pool configuration. Try and remove the line 'import all', and add 'dns-server 8.8.8.8 8.8.8.4'

So:

ip dhcp pool pooldhcp
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
lease 0 2

should become:

ip dhcp pool pooldhcp
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.8.4
lease 0 2

Hello,

also remove the lines below from your configuration:

vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe

Again, nothing has changed.

Here is las configuration:

Current configuration : 1881 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$L/Qh$pAh6sCNUtAtG7tnANlFZy.
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool pooldhcp
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
lease 0 2
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1420
!
interface Dialer0
ip address negotiated
ip mtu 1460
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1420
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp chap refuse
ppp ms-chap refuse
ppp ms-chap-v2 refuse
ppp pap sent-username <CUTTED> password 0 <CUTTED>
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
!
ip nat inside source list NAT interface Dialer0 overload
!
ip access-list extended NAT
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended TerminalAccess
permit tcp host 192.168.1.2 any eq telnet log
permit tcp host 192.168.1.2 any eq 22 log
deny tcp any any log
!
dialer-list 1 protocol ip permit
no cdp run

!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class TerminalAccess in
login
transport input ssh
!
scheduler max-task-time 5000
end

Hello,

you are missing the DNS part of the DHCP pool. Also, can you post the output of ;show ip nat translations'...

Current configuration : 1881 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$L/Qh$pAh6sCNUtAtG7tnANlFZy.
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool pooldhcp
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1

dns-server 8.8.8.8 8.8.8.4
lease 0 2
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1420
!
interface Dialer0
ip address negotiated
ip mtu 1460
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1420
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp chap refuse
ppp ms-chap refuse
ppp ms-chap-v2 refuse
ppp pap sent-username <CUTTED> password 0 <CUTTED>
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
!
ip nat inside source list NAT interface Dialer0 overload
!
ip access-list extended NAT
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended TerminalAccess
permit tcp host 192.168.1.2 any eq telnet log
permit tcp host 192.168.1.2 any eq 22 log
deny tcp any any log
!
dialer-list 1 protocol ip permit
no cdp run

!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class TerminalAccess in
login
transport input ssh
!
scheduler max-task-time 5000
end

I added dns-server.

Router#show ip nat translations

Router#sh ip nat st
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Peak translations: 1, occurred 00:19:16 ago
Outside interfaces:
Dialer0, Virtual-Access1
Inside interfaces:
Vlan1
Hits: 10 Misses: 0
CEF Translated packets: 5, CEF Punted packets: 0
Expired translations: 1
Dynamic mappings:
-- Inside Source
[Id: 1] access-list NAT interface Dialer0 refcount 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0

Hello,

what is the IP configuration of your clients ? Can your clients ping the default router 192.168.1.1 ?

Clear the IP NAT translations (clear ip nat translation *), the try to ping 8.8.8.8 from a client, and check if there are eny entries in the NAT translation table.

Are these Windows clients ?

The client -Win7 gets 192.168.1.2

mask 255.255.255.0
default gate. . . . . . . . . : 192.168.1.1
DHCP-server. . . . . . . . . . . : 192.168.1.1
DNS-servers. . . . . . . . . . . : 8.8.8.8   8.8.4.4

I can ping 192.168.1.1 from client.

Here is client's route print output:

0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 276
192.168.1.2 255.255.255.255 On-link 192.168.1.2 276
192.168.1.255 255.255.255.255 On-link 192.168.1.2 276
192.168.145.0 255.255.255.0 On-link 192.168.145.1 276
192.168.145.1 255.255.255.255 On-link 192.168.145.1 276
192.168.145.255 255.255.255.255 On-link 192.168.145.1 276
192.168.152.0 255.255.255.0 On-link 192.168.152.1 276
192.168.152.1 255.255.255.255 On-link 192.168.152.1 276
192.168.152.255 255.255.255.255 On-link 192.168.152.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 278
224.0.0.0 240.0.0.0 On-link 192.168.152.1 276
224.0.0.0 240.0.0.0 On-link 192.168.145.1 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 276
255.255.255.255 255.255.255.255 On-link 192.168.152.1 276
255.255.255.255 255.255.255.255 On-link 192.168.145.1 276

clear ip nat translation * didn't help.

sh ip nat tr     is empty.