Solved: Can not connect any device to internet

arif48301 · ‎12-28-2016

Hi

I am new to networking.I have got a cisco 2800 series router and I configured nat.I can ping domains and have full internet connection on all interfaces but any device such as LAPTOP can not connect to internet.IP NAT works fine ,Please have a look at current configuration and see if I am doing anything wrong.

Interface fa0/0 connects to a SKY router and gets IP from that DHCP,interface fa0/1 connects to my laptop and shows that router has given out IP to the computer through DHCP configured but laptops can not ping any domain or reach internet.

version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.10
!
ip dhcp pool 1
network 10.10.10.0 255.255.255.0
default-router 192.168.0.1
dns-server 90.207.238.99
!
!
no ip ips deny-action ips-interface
!
no ftp-server write-enable
!
!
no crypto isakmp ccm
!
!
!
!
interface Loopback0
ip address pool 1
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial1/0
no ip address
shutdown
no dce-terminal-timing-enable
!
interface Serial1/1
no ip address
shutdown
no dce-terminal-timing-enable
!
interface Serial1/2
no ip address
shutdown
no dce-terminal-timing-enable
!
interface Serial1/3
no ip address
shutdown

ip classless
!
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit any log
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
!
end

Router#ping bbc.co.uk

Translating "bbc.co.uk"...domain server (192.168.0.1) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 212.58.244.22, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/16 ms

Router#ping bbc.co.uk source fa0/0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 212.58.244.22, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.13
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/13/16 ms

Router#sh ip nat trans
Pro Inside global Inside local Outside local Outside global
icmp 192.168.0.13:21 192.168.0.13:21 212.58.244.22:21 212.58.244.22:21
icmp 192.168.0.13:22 192.168.0.13:22 212.58.244.22:22 212.58.244.22:22
udp 192.168.0.13:53151 192.168.0.13:53151 192.168.0.1:53 192.168.0.1:53

Router#sh ip dhcp pool 1

Pool 1 :
Utilization mark (high/low) : 100 / 0
Subnet size (first/next) : 0 / 0
Total addresses : 254
Leased addresses : 1
Pending event : none
1 subnet is currently in the pool :
Current index IP address range Leased addresses
10.10.10.12 10.10.10.1 - 10.10.10.254 1

please see what i am doing wrong as I am doing this for last three days but no luck.

Thank you

arif

paul driver · ‎12-28-2016

Hello

A couple of things I can see within your configuration -

1) I don't see a default route applied it could be you have just not posted it but it the rtr needs to know where to send any traffic not known locally to itself and as your outside interface is setup for dhcp I would suggest applying a default static for this

2) The ACL has just a permit any statement however NAT requires

any access-list it refers to - to be more specific

3) As you are receiving dynamic addressing from I guess your isp then you can append those dhcp options to you local dhcp pool so you clients receive them also

can you try appending the following:

ip route 0.0.0.0 0.0.0.0 fa0/0 dhcp

no access-list 1

access-list 1 permit 10.10.10.0 0.0.0.255

cp pool 1
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
Import-all

res

paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

mvsheik123 · ‎12-28-2016

Arif,

Try by changing 'default-router 192.168.0.1" to 10.10.10.1 as below..

ip dhcp pool 1
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 90.207.238.99

hth

MS

paul driver · ‎12-28-2016

Hello

A couple of things I can see within your configuration -

1) I don't see a default route applied it could be you have just not posted it but it the rtr needs to know where to send any traffic not known locally to itself and as your outside interface is setup for dhcp I would suggest applying a default static for this

2) The ACL has just a permit any statement however NAT requires

any access-list it refers to - to be more specific

3) As you are receiving dynamic addressing from I guess your isp then you can append those dhcp options to you local dhcp pool so you clients receive them also

can you try appending the following:

ip route 0.0.0.0 0.0.0.0 fa0/0 dhcp

no access-list 1

access-list 1 permit 10.10.10.0 0.0.0.255

cp pool 1
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
Import-all

res

paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

arif48301 · ‎12-28-2016

Thank you it worked as charm.I am obliged.

Regards

Can not connect any device to internet

ASA5500-X: Internet Firewall 設定例 (冗長構成)

setting up connection for internet

事象：ASDM Unable to launch device manager from <IP address>

connection reserve within the devices

Cisco router can connect to internet but any connected devices can't