Re: Routing from PC on network to ISP on Cisco 851

mrphilli1 · ‎09-20-2006

I am a newbie to Cisco router configs. I have just purchased a CISCO 851-K9. I have a ISP which gives me a static IP and used PPPOE. I can connect to my ISP and they can see me successful connection. From the CISCO SDM software I can ping outside IP addresses but I can not ping them from my PCs on the internal network. It seems like I'm not getting routed out. I have included my router show config and my ip route info below. I'm hoping I've just made a simple goof someone can help me with.

Many thanks! Mark

ip subnet-zero

no ip source-route

no ip dhcp use vrf connec

ip dhcp excluded-address 10.10.10.1 10.10.10.10

!

ip dhcp pool sdm-pool1

import all

network 10.10.10.0 255.255.255.0

dns-server 216.x.x.22 209.242.0.2

default-router 10.10.10.10

!

ip cef

ip tcp synwait-time 10

no ip bootp server

ip domain name home.com

ip name-server 216.x.243.22

ip name-server 209.x.0.2

ip ssh time-out 60

ip ssh authentication-retries 2

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

description $FW_OUTSIDE$$ES_WAN$

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex auto

speed auto

pppoe enable

pppoe-client dial-pool-number 1

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$

ip address 10.10.10.10 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

ip tcp adjust-mss 1412

!

interface Dialer0

ip address 209.xxx.xx.x 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip mtu 1452

encapsulation ppp

ip route-cache flow

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname markp

ppp chap password 7 XXX

ppp pap sent-username markp password 7 xxx

!

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip http

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

logging trap debugging

dialer-list 1 protocol ip permit

markp#show ip route

candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

C 209.xxx.xx.x/24 is directly connected, Dialer0

S* 0.0.0.0/0 is directly connected, Dialer0

rajinikanth · ‎09-20-2006

Hi,

In ur sh ip route command

i dont see 10.10.10.0 network.

Why do u have the dialer-list 1 protocol ip permit command

and can you please provide me this command output

sh ip interface brief

Thanks

Raj

mrphilli1 · ‎09-20-2006

I used the SDM express to configure so these are the options it configured for me. I told the WAN that I had a static IP address and it set it up as dialer0.

Thanks much for the help,

Mark

Here is the command output:

markp#sh ip interface brief

Interface IP-Address OK? Method Status Prot

ocol

FastEthernet0 unassigned YES unset up down

FastEthernet1 unassigned YES unset up down

FastEthernet2 unassigned YES unset up down

FastEthernet3 unassigned YES unset up down

FastEthernet4 unassigned YES NVRAM up down

Vlan1 10.10.10.10 YES NVRAM up up

Dialer0 209.xxx.xx.s YES NVRAM up up

rajinikanth · ‎09-20-2006

Hi,

I want to know to what port ur connecting ur pc to on ur router.

and whose IP is 10.10.10.1

Before that can u add this static route in global config mode

markp(config)#ip route 209.xxx.xx.x 255.255.255.0 10.10.10.10

Tell me if it works

Thanks

Raj

mrphilli1 · ‎09-20-2006

I'm connecting my pc to lone of the LAN ports marked as FE0, FE1, FE2 and FE3. The WAN cable is hooked to my static IP which comes off of my ISP into my house. The connection is PPPOE but it's fixed wireless on the roof not DSL or Cable.

ip route 209.xxx.xx.x 255.255.255.0 10.10.10.10

gives me this error:

%Inconsistent address and mask

Thanks,

Mark

mrphilli1 · ‎09-20-2006

I can ping hosts outside my network while using the command line interface of the router, but I can not ping any host outside from any PC that's connected to one of the LAN ports on the router. What do I need to do to enable the routing from my 10.10.10.10 router address out to remote networks like my ISP DNS server address?

Thanks,

Mark

thisisshanky · ‎09-20-2006

Mark,

What you are missing here is NAT on the router. Your 10.x.x.x network is a private address space and is not routable in internet. So you need to translate that to your public ip assigned to you by your ISP.

int dialer 0

ip add

ip nat outside

int vlan 200

ip add

ip nat inside

ip nat inside source list 101 interface dialer 0 overload

access-list 101 permit 10.0.0.0 255.0.0.0

In this acl i am permitting the entire 10.0.0.0 range, which you dont need to. You should customize the ACL according to the internal lan subnets that you have. If you have multiple lan segments, you will need to add multiple acl statments, each line matching the corresponding lan subnet.

HTH

Sankar

PS: please remember to rate posts!

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

mrphilli1 · ‎09-20-2006

Yes I used SDM to enable basic NAT and that did the trick. This router is blazing compared to my old SOHO one. Thanks much for all the suggestions!

Mark