Thank you for the replies.

My initial idea was to deploy 2 vlans, SERVERS and LAN, with intervlan routing so the networks can communicate. Here is the configuration as it stands right now. This is totally cut down to only the essentials and one vlan. The IOS image appears to be limited to only 2 vlans and since vlan 1 cannot be deleted, I believe that I must use it and then configure a second vlan. This configuration current will not allow an extended ping from the inside address of vlan 1 on the router. A standard ping to the net works.

Edit: I only have a few devices to connect to the network at the moment, so I was going to use the switchports built into the router for switching.

Lab#sho ver

Cisco IOS Software, C860 Software (C860-UNIVERSALK9-M), Version 12.4(20)T5, RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2010 by Cisco Systems, Inc.

Compiled Mon 08-Mar-10 17:36 by prod_rel_team

ROM: System Bootstrap, Version 12.4(15r)XZ5, RELEASE SOFTWARE (fc1)

Lab uptime is 3 hours, 33 minutes

System returned to ROM by reload

System image file is "flash:c860-universalk9-mz.124-20.T5.bin"

Last reload reason: Reload Command

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco 861 (MPC8300) processor (revision 0x100) with 249856K/12288K bytes of memory.

Processor board ID FTX141482E3

5 FastEthernet interfaces

256K bytes of non-volatile configuration memory.

126000K bytes of ATA CompactFlash (Read/Write)

License Information for 'c860-data'

    License Level: advsecurity   Type: Permanent

    Next reboot license Level: advsecurity

Configuration register is 0x2102

Lab#sho run

Building configuration...

Current configuration : 1323 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Areas_Micros_Lab

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

enable secret 5 *****

!

no aaa new-model

!

!

ip source-route

!

!

ip cef

no ip domain lookup

ip domain name xxxxx.local

ip name-server 208.67.220.220

ip name-server 208.67.222.222

ip name-server 66.155.216.122

ip name-server 207.59.153.242

!

!

!

!

username ***** privilege 15 secret 5 *****

!

!

!

archive

log config

  hidekeys

!

!

!

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

ip address 207.x.x.x 255.255.255.248

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Vlan1

ip address 10.255.255.254 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 207.x.x.x

no ip http server

no ip http secure-server

!

ip nat inside source list 10 interface FastEthernet4 overload

!

access-list 10 permit 10.255.255.0 0.0.0.255

!

control-plane

!

!

line con 0

no modem enable

line aux 0

line vty 0 4

login local

transport input ssh

!

scheduler max-task-time 5000

end

Lab#

This is what I am trying to do with the pings...

Lab#ping 208.67.222.222

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 208.67.222.222, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms

Lab#ping

Protocol [ip]:

Target IP address: 208.67.222.222

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 10.255.255.254

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 208.67.222.222, timeout is 2 seconds:

Packet sent with a source address of 10.255.255.254

.....

Success rate is 0 percent (0/5)

Lab#

Hi,

access-list 10 permit 10.255.255.0 0.0.0.255 

How the IOS let you configure this? the wildcard mask is not good it must be 0.0.0.255

do a sh ip int br | exc unna to verify int vlan1 is up/up change the wildcard in the ACL and then try again

if it still doesn't work then do debug ip nat and try again.

By the way for your extended ping you can do : ping 208.67.222.222 source 10.255.255.254

Regards.

Alain.

Hi Alain,

The wildcard mask is 0.0.0.255, which is correct.

As Alain noted, can you try ping 208.67.222.222 source 10.255.255.254 or ping 208.67.222.222 source vlan1

Alain,

Thanks for the tip on the extended ping... much easier.

The ACL was and is configured correctly. I'm not sure what you mean about the wildcard mask... it is 0.0.0.255... both in the configuration, and as listed on your reply.

When I do a sho ip bri, vlan 1 is up/down...

So, given that information, I was able to make it work! I knew the problem/answer was simple...

I didn't have any devices connected to the switchports on the router. Therefore, Vlan1 did not come up... which caused the pings from the inside interface were failing.

Oh man I wish I would have realized that yesterday... Thank you to those that helped!