Also ,

interface FastEthernet0/0

description $ETH-LAN$

ip address 10.10.10.1 255.255.255.0

ip nat inside

no ip route-cache

speed auto

half-duplex

no cdp enable

no mop enabled

Check the duplex configuration of the equipment connected to the router's Fa0/0.

Dan

Hi Dan,

Thanks for the reply. I ran the command you suggested to enable ip routing. After executing the command, I am still unable to get to the Internet and now I am unable to ping any external domains for external IP's from the router. I checked as you asked for the duplex mode on the switch which is set to Auto,

One other piece of information, I am running Cisco Configuration professional and when doing a test check connection, I get an error when testing the connection which fails on pinging the destination host.

Below is the latest running config after enabling routing as you requested.

Thanks for taking the time to help me.

Ron

Building configuration...

Current configuration : 1483 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname cisco

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable secret 5 $1$qY4A$6u.zFbIIHacEB51di1Sda.

enable password astec72

!

no aaa new-model

ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 10.10.10.1 10.10.10.14

ip dhcp excluded-address 10.10.10.51 10.10.10.254

!

ip dhcp pool SpyTraer

   import all

   network 10.10.10.0 255.255.255.0

   default-router 10.10.10.1

   dns-server 66.18.32.2 66.18.32.3

!

!

ip name-server 66.18.32.2

ip name-server 66.18.32.3

!

!

!

!

!

!

interface FastEthernet0/0

description $ETH-LAN$

ip address 10.10.10.1 255.255.255.0

ip flow ingress

ip flow egress

ip nat inside

speed auto

half-duplex

no cdp enable

no mop enabled

!

interface FastEthernet0/1

description $ETH-WAN$

ip address dhcp client-id FastEthernet0/1

ip flow ingress

ip flow egress

ip nat outside

duplex auto

speed auto

no cdp enable

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 permanent

!

!

ip http server

no ip http secure-server

ip nat inside source list 1 interface FastEthernet0/1 overload

!

access-list 1 remark CCP_ACL Category=2

access-list 1 permit any

snmp-server community public RO

!

!

!

control-plane

!

!

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

password astec

login

!

scheduler allocate 20000 1000

no process cpu extended

no process cpu autoprofile hog

end

Hi Jeff,

You are correct. I sent the incorrect information.

The Cisco is setup as DHCP and assigning private IP's through the switch to client workstations.

Correction, the switch is not handing out IP's. Sorry for the misleading information before.

Thanks,

Ron

Hi Jblakley,

Did as you suggested - output from command:

access-list 1 remark CCP_ACL Category=2

access-;ist 1 permit any

access-list 1 permit 10.10.10.0 0.0.0.255

still no Internet access or pinging any outside domain via IP including ISP dns servers.

Thanks,

Ron

Ron,

You'll need to get rid of the permit any statement. Try this:

no access-list 1

access-list 1 permit 10.10.10.0 0.0.0.255

Sorry I misunderstood your previous request change.

New output shows: access-list 1 permit 10.10.10.0 0.0.0.255

Still same issues as before.

The only thing that has changed was that I added to the command for enabling routing, but since then no outside pinging.

Dan is on the right track and you are right on with ACL.

Since I am unable to ping the ISP DNS servers this is not good.

Thanks,

Ron

Show IP Route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

66.0.0.0/32 is subnetted, 1 subnets

S     66.18.63.164 [254/0] via 108.174.105.1, FastEthernet0/1

     10.0.0.0/24 is subnetted 1 subnets

C     10.10.10.0 is directly connected FastEthernet0/0

     108.0.0.0/24 is subnetted, 1 subnets

C     108.174.105.0 is directly connected, FastEthernet0/1

S*     0.0.0.0/0 is directly connected, FastEthernet0/1

Ron,

Let's try this:

change the default route to:

ip route 0.0.0.0 0.0.0.0 fa0/1 dhcp

Shut your fa0/1 interface and bring it back up.

Once you get this, try to ping:

4.2.2.1

Then try to ping that while sourcing from the inside interface. If that works, you're natting fine. If it doesn't work and the above doesn't work, something else between you and the router isn't working.

ping 4.2.2.1 source fa0/0

If that doesn't work, we'll need to get into debugging because the above looks fine. Your routing table should show a next hop though which is why we're adding the dhcp tag at the end of the default route. If your original default route doesn't go away after adding this one, go ahead and delete it and put the one above. We'll only want the one.

OK I am now able to ping 4.2.2.1 from the router and from a connected client.

I am also able to ping my ISP DNS servers as well.

Issue now is that I am dropping about 40% of packets to all ping locations.

Browsing is also really, really slow.

Any idea why?

Thanks -Ron

Ron,

That problem probably goes back to the half-duplex setting that you have on your internal interface. Try hard setting that to 100/full:

int fa0/0

speed 100

duple full

John

Please remember to rate all helpful posts...

John,

Made the changes but still the same amount of % packets are dropping.