cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
705
Views
0
Helpful
3
Replies
Patrick Evans
Beginner

Newbie here. Configuring a 2600 router.

Hi Guys,

First time on here for me.  I am currently studying for me CCNA and I am having difficulty setting my Router up to see the outside.  Basically here is the setup.

Client machine gets its address via dhcp from the router. 

Client=192.168.100.1/24 Default gateway=192.168.100.254

Router=192.168.100.254 inside. Outside gets its address from my home router via dhcp=192.168.0.17

Home router address is 192.168.0.1

I can ping everything as far as the .1 router but nothing after.  I have my running config below.  Can anyone give me some pointers? Thanks

Building configuration...

Current configuration : 3492 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ICND1-RTR

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

enable secret 5 $1$tDMS$/3RxpKQppejGS25bpZdmp/

enable password 7 071C2042030F0B0419

!

no aaa new-model

no network-clock-participate slot 1

no network-clock-participate wic 0

ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.100.251 192.168.100.254

!

ip dhcp pool Internal-pool

   import all

   network 192.168.100.0 255.255.255.0

   default-router 192.168.100.254

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

crypto pki trustpoint TP-self-signed-3267155148

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3267155148

revocation-check none

rsakeypair TP-self-signed-3267155148

!

!

crypto pki certificate chain TP-self-signed-3267155148

certificate self-signed 01

  30820241 308201AA A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 33323637 31353531 3438301E 170D3032 30333031 30303031

  30365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 32363731

  35353134 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100C5DF 4F7A6B3C 73BC4110 92F6E94D 95D4EA04 97A2F27E D28CD1AE B7176CA5

  ADEE62FE 8B41D077 DB4EFA2B 657F6708 83D69549 337691D7 D98C8AA4 940B4A0D

  7F6ACCD3 79F27686 5B1A4475 7EC86992 BF3A1C07 A34BCE38 CA469B2E 70A70AB8

  F28D6AF2 68187061 CB087EA0 A884DBDF 105202BC B571378B 4F4291E9 03C19961

  60030203 010001A3 69306730 0F060355 1D130101 FF040530 030101FF 30140603

  551D1104 0D300B82 0949434E 44312D52 5452301F 0603551D 23041830 168014F4

  8508576E 643CB798 B9A71D31 1B5BEB40 7C59B930 1D060355 1D0E0416 0414F485

  08576E64 3CB798B9 A71D311B 5BEB407C 59B9300D 06092A86 4886F70D 01010405

  00038181 008153B7 2975001E 628EDA72 7A756560 B96B8662 E4A9F42A 94585160

  E209FE7C 4005F3DC 382EC88B C9183586 7631A523 A93DB4AB D9CDC9F9 37B77BA1

  17BAC1D4 698A5D62 C586A810 D0E3C36D 28EAF2EB E353B5BE 2FEB5316 4741E10A

  465CA67F C546D9C3 A0EC44AD D4C4DED3 96508A58 D96DBBED CA293C67 B7AB8233

  94F65E66 9A

  quit

username admin privilege 15 secret 5 $1$W/sb$zTa94X4bkVTejmraD.Wg2.

!

!

!

!

!

!

interface FastEthernet0/0

description $ETH-WAN$

ip address dhcp client-id FastEthernet0/0

ip nat outside

ip virtual-reassembly

speed auto

half-duplex

no mop enabled

!

interface Serial0/0

no ip address

!

interface FastEthernet0/1

description Internal Small Network (ICND1_$ETH-LAN$

ip address 192.168.100.254 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

ip default-gateway 192.168.0.1

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

!

!

no ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 600 life 86400 requests 10000

ip nat pool Nat-Pool 192.168.100.200 192.168.100.215 netmask 255.255.255.0

ip nat inside source list 1 pool Nat-Pool

!

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.100.0 0.0.0.255

snmp-server community t RO

!

!

!

control-plane

!

!

!

!

!

!

!

!

!

banner motd ^C

My Router, Keep out.

^C

!

line con 0

password 7 050809013243420C

logging synchronous

line aux 0

line vty 0 4

privilege level 15

password 7 03165E06091B24

login

line vty 5 15

privilege level 15

password 7 03165E06091B24

login

!

!

end

1 ACCEPTED SOLUTION

Accepted Solutions
Richard Burts
Hall of Fame Guru

Patrick

I think that for the most part the config that you posted is quite reasonable and I do not see anything here that would cause the symptoms that you describe. I believe that the problem is more likely something on your home router. And the most likely thing is that your home router is not properly translating your address when you attempt to use the Internet. If it is configured like many home routers are it will translate addresses for the 192.168.0.0 network but is not set up to translate for the 192.168.100.0 network.

I will comment on a couple aspects of the config that you posted.

- if you are building your nat pool with addresses in the 192.168.100.0 network then you probably want to add those addresses to the dhcp excluded addresses.

- your default route ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 just points to the exit interface. This may work (and it is apparent that it does work for you) but it is a poor choice. There is a much better choice which is to have the static route specify the next hop address (similar to what you did with the default gateway command). There are several aspects which make pointing at the exit interface (when it is an Ethernet interface) a poor choice 1) it requires that the router arp for every destination address to which it tries to forward a packet. This will consume more memory and take more CPU processing to maintain the arp table. 2) it only works if the next hop router has enabled proxy arp. In your case the next hop router does appear to have proxy arp enabled, but increasingly Service Providers and many enterprises are disabling proxy arp. So you should use the better choice.

- you have configured both a static default route and a default-gateway. The default-gateway command will only be used if the router is acting as an IP host (essentially if ip routing is disabled). Many people might say that you should not configure default-gateway on a router. I say it is ok to configure it but to realize that normally it would not be used. It is essentially an insurance policy that might help you some day if something bad happens to the router.

HTH

Rick

HTH

Rick

View solution in original post

3 REPLIES 3
Richard Burts
Hall of Fame Guru

Patrick

I think that for the most part the config that you posted is quite reasonable and I do not see anything here that would cause the symptoms that you describe. I believe that the problem is more likely something on your home router. And the most likely thing is that your home router is not properly translating your address when you attempt to use the Internet. If it is configured like many home routers are it will translate addresses for the 192.168.0.0 network but is not set up to translate for the 192.168.100.0 network.

I will comment on a couple aspects of the config that you posted.

- if you are building your nat pool with addresses in the 192.168.100.0 network then you probably want to add those addresses to the dhcp excluded addresses.

- your default route ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 just points to the exit interface. This may work (and it is apparent that it does work for you) but it is a poor choice. There is a much better choice which is to have the static route specify the next hop address (similar to what you did with the default gateway command). There are several aspects which make pointing at the exit interface (when it is an Ethernet interface) a poor choice 1) it requires that the router arp for every destination address to which it tries to forward a packet. This will consume more memory and take more CPU processing to maintain the arp table. 2) it only works if the next hop router has enabled proxy arp. In your case the next hop router does appear to have proxy arp enabled, but increasingly Service Providers and many enterprises are disabling proxy arp. So you should use the better choice.

- you have configured both a static default route and a default-gateway. The default-gateway command will only be used if the router is acting as an IP host (essentially if ip routing is disabled). Many people might say that you should not configure default-gateway on a router. I say it is ok to configure it but to realize that normally it would not be used. It is essentially an insurance policy that might help you some day if something bad happens to the router.

HTH

Rick

HTH

Rick

Hi Rick. Thats for getting back to me.

You pointed me straight in the correct direction. Changing my NAT pool to the below sorted it. I actually tried that before asking the question and for some reason it didnt work.  I assume that it was because the NAT pool was in use? I gave it a reboot and hey presto. 

ip nat pool Nat-Pool 192.168.0.200 192.168.0.215 netmask 255.255.255.0

Thanks for the pointers.  You have taought me some useful lessions that i dont think i would have picked up from books. 

Patrick

Patrick

I am glad that my response pointed you in the right direction. And I am glad that you worked out the solution and that you posted back to the forum to let us know how you solved it. Thank you for using the rating system to mark the question as asnwered. It makes the forum more useful when people can read about a problem and can know that the problem was solved and they will see the solution. Your posting your fix and marking the question as answered have contributed to the process.

HTH

Rick

HTH

Rick