cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9885
Views
5
Helpful
35
Replies

Allowing Internet Access from LAN - Cisco 1841

Raul Armas
Level 1
Level 1

Hi everyone,

I'm trying to change my office's router (a D-Link) for a Cisco 1841.

The current router works for internet access but I need to do some new things which are too tricky to achieve on D-Link's user interface.

The network diagram is attached.

I need to assign the local server as our DHCP & DNS server.

So, I have been testing and trying to give LAN access to the internet with the following configuration:

*******

Router#sh run
Building configuration...

Current configuration : 1173 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool OFFICE
   next-server 192.168.0.70
   dns-server 192.168.0.70
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.0.3 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.10.16.64 255.255.0.0
ip nat outside
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clockrate 2000000
!
interface Serial0/0/1
no ip address
shutdown
clockrate 2000000
!
ip classless
!
ip http server
ip nat pool ISP 172.10.16.64 172.10.16.70 prefix-length 24
ip nat inside source list 1 pool ISP
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 101 permit icmp 192.168.0.0 0.0.0.255 any echo-reply
access-list 101 permit ip any any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
end

*******

But so far, It hasn't worked.

I can't even receive any ping responses from f0/0.

What really worries me it's the fact that I know this should be a very easy set-up.

What am I doing wrong?

Thanks in advance.

35 Replies 35

I'm setting to every host the exact configuration I have on my PC and test Laptop (DNS servers & DHCP auto).

So, how could somebody explain that two hosts, on the same network, on the same domain, with the same server, with a "working" DNS server configuration, cannot work the same way?

Sorry for asking too much but I just can't understand this.

Thanks,

RA.

Raul

Sorry, i misunderstood. I thought you were saying the only devices that worked were the ones that you manually setup DNS on. If these are windows PCs can you post the output of this command from a DOS prompt -

"ipconfig /all"

can you post from a PC that works and one that doesn't.

Jon

I issued "ipconfig /all" on 7 machines: 2 working, 5 not.

All the same:

DHCP Enabled: No.

Autoconfig Enabled: Yes.

IP Address: 192.168.0.X

Subnet Mask: 255.255.255.0

Default Gateway: 192.168.0.3

DHCP Server: 192.168.0.70

DNS Servers: X.X.X.X --> First ISP DNS

                    Y.Y.Y.Y --> Second ISP DNS

                    192.168.0.70

Raul

Does 192.168.0.70 server have forwarding setup to the ISP DNS servers ?

Jon

Raul

One more test. From a PC that doesn't work can you try accessing a website using the IP address in the web browser rather than an URL.

Jon

It had 8.8.8.8 and 8.8.4.4.

I erased that and set the two ISP DNS servers IP addresses.

DNS administrator screen says "cannot resolve server's FQDN" on each of them.

Anyway, I still have access to the internet & intranet only through my PC and my test laptop.

Thanks,

RA.

Can you try the web browser test i asked about ?

Jon

Already tried, same thing.

PC & Test Laptop ....   OK.

Rest of hosts ...........   Nothing

Thanks,

RA.

So just recap -

you have a PC and laptop that are cofigured in exactly the same way as other hosts - yes/no

the other hosts are in the same subnet as the PC and laptop - yes/no

all devices are in the same vlan on the switch - yes/no

you have tried accessing a web site using "http://" from the hosts that don't work and this still fails  - yes/no

if so can you -

1) from either the pc or laptop do a traceroute to an IP address on the internet

2) from one of the machines that doesn't work can you do the same ie. traceroute to the same IP on the internet

Jon

Yes

Yes

To tell you the truth, I'm not sure.

Yes

1) Everything OK (13 hops until reaching yahoo.com server)

2) Not working:

1          <1 ms          <1ms          <1ms          192.168.0.3

2         192.168.0.3     reports: destination host unreachable

PD: I don't know if those are the correct words (I'm translating from spanish).

Thanks,

RA.

I belive you need to add "overload" in the end of you source list configuration.

I hope it helps.

Sincerely,

GRinch

I've simulated your situation with cisco 1841 router. I changed addresses just for make configuration faster.  Everything works perfect.

Here an configuration example.

version 12.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname Router

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface FastEthernet0/0

ip address 192.168.10.1 255.255.255.0

ip nat outside

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 172.16.1.1 255.255.255.0

ip nat inside

duplex auto

speed auto

!

interface Vlan1

no ip address

shutdown

!

ip nat pool Inet 192.168.10.1 192.168.10.1 netmask 255.255.255.0

ip nat inside source list 1 pool Inet overload

ip classless

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

!

!

access-list 1 permit 172.16.1.0 0.0.0.255

!

!

!

!

!

line con 0

line vty 0 4

login

!

!

!

end

Almost there...!!!  

I added "overload" and after testing 12 machines here are the results:

a) 8 PCs have internet & intranet access

b) 4 PCs have internet access but no intranet.

Thank you very much for your help..!!!

RA.

Raul

What do you mean by intranet access ?

Jon

Hi Jon,

I mean access to our local / office website where we put our files and some other stuff.

A simple website located on our local server.

Thanks,

RA.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: