Re: 2600 Configuration Question

MarineBean · ‎02-20-2011

I have a CISCO 2600 (model 2621) which I am trying to configure to work in a residential environment. The “outside” of this router is connected to one of 4 ports available on the Actiontec MI424WR Verizon router. It is set up to issue an IP address to the CISCO, which it does correctly.

I am able to ping the “inside” and “outside” addresses from a workstation which is connected to the “inside”.

Additionally, I am able to ping the web (I used www.yahoo.com) successfully from the “inside” workstation. If I try to surf the net from that same workstation, I am unable to do so.

Done thus far:

FastEthernet 0/0

- ip address = dhcp

- no shutdown

FastEthernet 0/1

- ip address = 192.168.10.1 255.255.255.0

- no shutdown

Additional Instructions Issued:

- ip routing

- router rip

- network = 192.168.0.0

Any suggestions you can provide, please do so at your convenience as this is purely as a hobby and not mission critical.

Thanks in advance.

Reza Sharifi · ‎02-20-2011

You need a DNS server, so the IP can be resolved to FQDN

If you do not have a DNS server, then try accessing yahoo.com with IP address instead.

HTH

Reza

Latchum Naidu · ‎02-20-2011

Hi,

You need to get the DNS IP address from your provider and configure those in your router in lik below order to get name to ip and ip to name resolution.

#ip domain name yourdomain.com
#ip name-server 195.xxx.xxx.xxx
#ip name-server 195.xxx.xxx.xxx

#ip name-server 195.xxx.xxx.xxx

Once you have configured the name servers then you would able to surf internet.

Please rate the helpfull posts.

Regards,

Naidu.

cadet alain · ‎02-21-2011

Hi,

Additionally, I am able to ping the web (I used www.yahoo.com) successfully from the “inside”

It seems it has nothing to do with DNS.

Can you show the running config from the 2600.

Regards.

Alain.

Don't forget to rate helpful posts.

martin_knorre · ‎02-21-2011

hi,

that could be ;-)

First you should try to set the DNS settings in the IP configuration of the Workstation to 4.4.4.4 or 8.8.8.8.

If that doesn't solve the problem... maybe you have a problem with the PAT (NAT) on the Router.

Try to debug with

show ip nat translation

and

show ip nat statistics

and debug ip packets

can you post the output of the show ip nat translations and you NAT configuration?

Hope that helps

rgds Martin

cadet alain · ‎02-21-2011

Hi martin,

that could be ;-)

Can you explain how he can ping by name if he has a DNS problem.

Regards.

Alain.

Don't forget to rate helpful posts.

ms_sourav · ‎02-21-2011

Hi This is Sourav,

Can you please give me the diagram of your home network and the running-configuration of your Router so that I can understand where is the problem.

Thanks Regards.

MarineBean · ‎02-23-2011

I've checked the NAT information as recommended but no information comes up.

I can also say that I haven't set up NAT and would like to know more about doing so on the 2600.

Can someone direct me to documentation explaining this?

Thank you

mmirrotto · ‎02-23-2011

The dhcp address you are getting on the 'outside' interface of your router is on a different subnet from what is assigned on the inside, correct? If so, does your ISP know how to route to the inside subnet? If not you will have to nat the inside address to a routable outside address. Google search cisco nat configuration and you will see a document about how to set it up, or provide a copy of your running configuration - masking any public addresses for security sake and I am sure we can help tune the configuration.

Sent from Cisco Technical Support iPhone App

MarineBean · ‎02-24-2011

Well... I've follow instructions and made a few changes, but still no luck. I'll be posting a diagram of my network shortly. In the mean time, here is my running config:

MyRouter#show running-config
Building configuration...

Current configuration : 849 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname MyRouter
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
enable password xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
ip subnet-zero
!
!
!
!
!
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
no ip mroute-cache
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.10.1 255.255.255.0
ip nat inside
no ip mroute-cache
speed auto
full-duplex
!
router rip
network 192.168.0.0
!
ip nat pool no-overload 192.168.10.150 192.168.10.225 prefix-length 24
ip nat inside source list 7 pool no-overload
ip classless
ip http server
ip pim bidir-enable
!
access-list 7 permit 192.168.10.0 0.0.0.75
access-list 7 permit 192.168.1.0 0.0.0.75
snmp-server community public RO
!
line con 0
line aux 0
line vty 0 4
password xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
login
!
end

Latchum Naidu · ‎02-24-2011

Please do the NAT config like below and see.
And as I told in my previous post that you must need to set the public DNS settings which you can get from your ISP inorder to get dns resolutions.

interface FastEthernet0/0
description WAN link to Internet
ip address 210.x.x.25 255.255.255.0
ip nat outside

interface FastEthernet0/1
description Internal Network
ip address 192.168.168.252 255.255.255.0
ip nat inside

ip nat pool my-pool 210.x.x.25 210.x.x.25 netmask 255.255.255.128
ip nat inside source list 20 pool my-pool overload

ip nat inside source static 192.168.0.15 210.x.x.26

Please rate the helpfull posts.

Regards,
Naidu.

MarineBean · ‎02-25-2011

Ok... I'll get the config and post it.

I'm a bit curious though... I'm pinging successfully to an actual name (www.yahoo.com), Why would DNS be an issue? I would think that if it was, I would only be able to ping Yahoo's address and not their name.

martin_knorre · ‎02-24-2011

Hi,

regarding to the ACL 7, you have an invailied wildcardmask, an easy way to calculate one is to substract the configured Subnetmask from 255 and you have the Wildcard.

As mentioned before your nat pool should contain public addresses or do you want a natting inside your corporation?

Regards Martin

mmirrotto · ‎02-25-2011

Its not a DNS issue. Where did you get the IP address for the "inside" interface? Did Verizon assign it to you? What is handing out DHCP to the PCs on the inside? Are you sure the default gateway in the DHCP scope for the inside devices is set to 192.168.10.1??? Also is the Verizon router running RIP for sure? Is it possible to run RIP version 2? You are assigning a class B address but masking it with a 24 bit mask, that could cause issues in a classfull routing protocol like RIP v1. Also as pointed out in other responses, your ACL wildcard mask needs to be tuned a little.

You may want to set a default route to point to interfaceFastEthernet 0/0; in your scenario I see no reason to need a routing protocol......

Keep at it! Isn't networking fun????

MarineBean · ‎02-28-2011

Here is the layour of the "Network"...