Thank you for pointing out those glaring mistakes    much appreciated.  I've corrected them and still  I'm still having the same issue though.  Still can't ping internet addresses from the lan addresses 10.22.22.0...

hi,

could you issue ipconfig/release and ipconfig/ renew from your PC?

kindly post ipconfig/ all and tracert 8.8.8.8 from your PC, show run and show ip route output from your 2600 router.

Hi,

Can you get rid of the log keyword in the NAT ACL.

Regards.

Alain

Don't forget to rate helpful posts.

Here's the show output from the host and the router

****HOST*****

show ipconfig /all
Ethernet adapter RJ45 Connection:

   Connection-specific DNS Suffix  . : collabrotech
   Description . . . . . . . . . . . : Intel(R) 82577LC Gigabit Network Connecti
on
   Physical Address. . . . . . . . . : 64-31-50-79-AC-DD
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::ac0b:1a0b:b6d:2261%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.22.22.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, January 10, 2013 6:18:25 AM
   Lease Expires . . . . . . . . . . : Friday, January 11, 2013 7:17:37 AM
   Default Gateway . . . . . . . . . : 10.22.22.1
   DHCP Server . . . . . . . . . . . : 10.22.22.1
   DHCPv6 IAID . . . . . . . . . . . : 258224464
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-DA-A2-A5-64-31-50-79-AC-DD

   DNS Servers . . . . . . . . . . . : 10.22.22.1
   Primary WINS Server . . . . . . . : 136.200.117.17
   Secondary WINS Server . . . . . . : 136.200.232.141
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VirtualBox Host-Only Network:

C:\Users\aducey>tracert 8.8.8.8

Tracing route to 8.8.8.8 over a maximum of 30 hops

  1     1 ms     1 ms     1 ms  10.22.22.1
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8     *        *        *     Request timed out.
  9     *        *        *     Request timed out.
 10     *        *        *     Request timed out.
 11     *


*********ROUTER****

R1#
R1#show run
Building configuration...

Current configuration : 3066 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot system flash:c2600-adventerprisek9-mz.124-25d.bin
boot-end-marker
!
logging buffered 4096 debugging

!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool internal-client
   network 10.22.22.0 255.255.255.0
   dns-server 10.22.22.1
   default-router 10.22.22.1
   domain-name collabrotech
!
!
ip name-server 10.22.22.55
ip name-server 174.34.223.139
ip name-server 10.22.22.1
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!

!
!
!
interface FastEthernet0/0
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 no clns route-cache
!
interface Serial0/0
 no ip address
 shutdown
 no clns route-cache
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
 no clns route-cache
!
interface Serial0/1
 no ip address
 shutdown
 no clns route-cache
!
interface FastEthernet1/0
 description DMZ Subnet
 no switchport
 ip address 10.33.33.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface FastEthernet1/1
 description paloalto-subnet
 switchport access vlan 33
!
interface FastEthernet1/2
 description paloalto-subnet
 switchport access vlan 33
 no clns route-cache
 spanning-tree portfast
!
interface FastEthernet1/3
 description paloalto-subnet
 switchport access vlan 33
 no clns route-cache
!

!
interface FastEthernet1/15
 description LAN Subnet
 switchport access vlan 22
 spanning-tree portfast
!
interface Vlan1
 no ip address
 shutdown
 no clns route-cache
!
interface Vlan22
 ip address 10.22.22.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 no clns route-cache
!
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 dhcp
!
!
ip http server
no ip http secure-server
ip nat inside source list natpool interface FastEthernet0/0 overload
!
ip access-list extended natpool
 permit ip 10.22.22.0 0.0.0.255 any 
 permit ip 10.33.33.0 0.0.0.255 any 
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 no login
 transport input none
line vty 5 15

 no login
 transport input none
!
!
end

R1#


R1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 174.34.223.129 to network 0.0.0.0

     64.0.0.0/32 is subnetted, 1 subnets
S       64.30.98.6 [254/0] via 174.34.223.129, FastEthernet0/0
     174.34.0.0/26 is subnetted, 1 subnets
C       174.34.223.128 is directly connected, FastEthernet0/0
     10.0.0.0/24 is subnetted, 1 subnets
C       10.22.22.0 is directly connected, Vlan22
S*   0.0.0.0/0 [1/0] via 174.34.223.129
R1#show int f0/0
FastEthernet0/0 is up, line protocol is up
  Hardware is AmdFE, address is 000f.904d.b700 (bia 000f.904d.b700)
  Internet address is 174.34.223.139/26
  MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:18, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 2000 bits/sec, 3 packets/sec
     8266 packets input, 893595 bytes
     Received 5830 broadcasts, 0 runts, 0 giants, 0 throttles
     79 input errors, 0 CRC, 0 frame, 0 overrun, 79 ignored
     0 watchdog
     0 input packets with dribble condition detected
     189473 packets output, 15145428 bytes, 0 underruns
     0 output errors, 0 collisions, 7 interface resets

R1#show ip nat trans

R1#ping www.yahoo.com source 10.22.22.1

Translating "www.yahoo.com"...domain server (66.60.130.158) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 98.138.253.109, timeout is 2 seconds:
Packet sent with a source address of 10.22.22.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 104/133/192 ms
R1#
*Apr  8 02:51:16.998: NAT: s=10.22.22.1->174.34.223.139, d=98.138.253.109 [336]
*Apr  8 02:51:17.110: NAT*: s=98.138.253.109, d=174.34.223.139->10.22.22.1 [8248]
*Apr  8 02:51:17.114: NAT: s=10.22.22.1->174.34.223.139, d=98.138.253.109 [337]
*Apr  8 02:51:17.214: NAT*: s=98.138.253.109, d=174.34.223.139->10.22.22.1 [9206]
*Apr  8 02:51:17.218: NAT: s=10.22.22.1->174.34.223.139, d=98.138.253.109 [338]
*Apr  8 02:51:17.322: NAT*: s=98.138.253.109, d=174.34.223.139->10.22.22.1 [10089]
*Apr  8 02:51:17.322: NAT: s=10.22.22.1->174.34.223.139, d=98.138.253.109 [339]
*Apr  8 02:51:17.510: NAT*: s=98.138.253.109, d=174.34.223.139->10.22.22.1 [11171]
*Apr  8 02:51:17.514: NAT: s=10.22.22.1->174.34.223.139, d=98.138.253.109 [340]
*Apr  8 02:51:17.670: NAT*: s=98.138.253.109, d=174.34.223.139->10.22.22.1 [12817]
R1#show ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
icmp 174.34.223.139:75 10.22.22.1:75      98.138.253.109:75  98.138.253.109:75
R1#
*Apr  8 02:51:43.974: %SEC-6-IPACCESSLOGDP: list natpool permitted icmp 10.22.22.1 -> 98.138.253.109 (0/0), 1 packet
R1#
*Apr  8 02:52:17.834: NAT: expiring 174.34.223.139 (10.22.22.1) icmp 75 (75)

I clicked on correct answer accidentally...it's still not working.

I put the ACL into an accept any any state and that seems to have resolved some of this...but still not able to ping internet names.  I'm able to ping numerics though...not able to surf

*Apr  8 05:33:27.114: NAT*: s=8.8.8.8, d=174.34.223.139->10.22.22.6 [0]

*Apr  8 05:33:27.550: NAT*: s=10.22.22.5->174.34.223.139, d=81.18.85.57 [31919]

*Apr  8 05:33:27.918: NAT*: s=10.22.22.6->174.34.223.139, d=72.30.38.140 [0]

*Apr  8 05:33:27.986: NAT*: s=74.125.129.189, d=174.34.223.139->10.22.22.3 [792]

*Apr  8 05:33:27.986: NAT*: s=10.22.22.3->174.34.223.139, d=74.125.129.189 [48207]

*Apr  8 05:33:28.030: NAT*: s=72.30.38.140, d=174.34.223.139->10.22.22.6 [19845]

*Apr  8 05:33:28.066: NAT*: s=10.22.22.6->174.34.223.139, d=8.8.8.8 [0]

*Apr  8 05:33:28.110: NAT*: s=8.8.8.8, d=174.34.223.139->10.22.22.6 [0]

*Apr  8 05:33:28.222: NAT*: s=10.22.22.3->174.34.223.139, d=74.125.224.79 [15436]

*Apr  8 05:33:28.270: NAT*: s=74.125.224.79, d=174.34.223.139->10.22.22.3 [34754]

*Apr  8 05:33:28.270: NAT*: s=10.22.22.3->174.34.223.139, d=74.125.224.79 [15437]

*Apr  8 05:33:28.922: NAT*: s=10.22.22.6->174.34.223.139, d=72.30.38.140 [0]

*Apr  8 05:33:28.954: NAT*: s=72.30.38.140, d=174.34.223.139->10.22.22.6 [26890]

*Apr  8 05:33:29.070: NAT*: s=10.22.22.6->174.34.223.139, d=8.8.8.8 [0]

*Apr  8 05:33:29.114: NAT*: s=8.8.8.8, d=174.34.223.139->10.22.22.6 [0]

*Apr  8 05:33:29.330: NAT*: s=10.22.22.5->174.34.223.139, d=81.18.85.57 [31920]

*Apr  8 05:33:29.718: NAT*: s=74.125.129.189, d=174.34.223.139->10.22.22.3 [57167

Hi,

change your dns server in the dhcp pool to the one from the provider( or 8.8.8.8) instead of the router IP.

Regards.

Alain

Don't forget to rate helpful posts.

I did that already

ip dhcp pool internal-client

   import all

   network 10.22.22.0 255.255.255.0

   default-router 10.22.22.1

   domain-name collabrotech

   dns-server 8.8.8.8

still didn't work 

hi,

did you release/renew the iP on the PC and flush the dns cache( ipconfig/flushdns) ?

Regards.

Alain

Don't forget to rate helpful posts.

Is there a way do dynamically get dns from the isp? 

I thought the import all statement in the client dhcp pool would do that. 

Should I have dns relay set up some how?

flushed the routes and nat an renewed dhcp

still not working..

I'll have to look in to how to do that on a linux host as that's what I was pinging from.  using RIP as a routing process and rebooting the isp gear worked with this.  Thanks so much for you help!