06-27-2008 01:16 PM - edited 03-05-2019 11:52 PM
Here is what I can and can't do with my current config:
1) I can ping from the console cable on my router, to 4.2.2.2 and pinging google.com
2) I can't ping out from my LAN PC with a static ip set, or dhcp in my config set.
2A) I can ping the router 192.168.1.1 from my lan PC
2B) I can ping the IP address assigned by my ISP from my LAN PC
2C) Pinging 4.2.2.2 from my LAN pc fails
3A) Adding ip nat outside on the outside nic prevents me pinging 4.2.2.2 from the router.
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 <password here>
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.179
!
ip dhcp pool 192.168.1.0/24
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
ip cef
ip audit po max-events 100
!
!
username <usernamehere> privilege 15 password 7 <password here>
!
!
!
!
!
!
interface Ethernet0
ip address dhcp
full-duplex
!
interface FastEthernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
speed 100
full-duplex
no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0
ip http server
ip http authentication local
ip http secure-server
!
!
!
!
!
line con 0
password 7 <password>
login
line aux 0
password 7 <password>
login
line vty 0 4
password 7 <password>
login
transport input telnet ssh
!
end
06-27-2008 03:48 PM
Chris
The immediate problem is that you are not translating addresses from the FastEthernet interface. So when you PC attempts to ping to the outside world the source address of the packet is 192.168.1.x and nothing in your ISP or the outside world knows how to route to that address.
To fix this you need to configure ip nat outside on interface ethernet0. And you need to configure address translation. It might look something like this:
access-list 15 permit 192.168.1.0 0.0.0.255
ip nat inside source list 15 interface FastEthernet0 overload
While it is not so much of a problem I will suggest a change in your static route. When you point a static route at an outbound interface as you have done it forces the router to ARP for every destination address and this causes the router to work harder and consume more memory. It would be better to configure it like ip route 0.0.0.0 0.0.0.0 dhcp
HTH
Rick
06-29-2008 08:42 AM
Thanks rick... so I added those four lines, and here is my new running config below, however I still don't have luck as the same thing seems to be happening. Did I configure this running config correctly?
My PC's can ping the address of the interface that my ISP gives me, but nothing outside on the internet (4.2.2.2 or google.com)
Thanks so much for your help!!
Thanks rick, so here is what I did ... , I added 3 lines:
and my new running config gives me the same results as before, i can ping outside the internet from the console of my router, just not any PC's inside the lan:
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.179
!
ip dhcp pool 192.168.1.0/24
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
ip cef
ip audit po max-events 100
!
!
username
!
interface Ethernet0
ip address dhcp
full-duplex
ip nat ouside
access-list 15 permit 192.168.1.0 0.0.0.255
ip nat inside source list 15 interface FastEthernet 0 overload
!
interface FastEthernet0
ip address 192.168.1.1 255.255.255.0
ip nat inside
speed 100
full-duplex
no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 dhcp
ip http server
ip http authentication local
ip http secure-server
!
!
line con 0
password 7
login
line aux 0
password 7
login
line vty 0 4
password 7
login
transport input telnet ssh
!
end
06-30-2008 08:35 AM
Chris
There was a problem in the suggestion that I gave you - for which I apologize. I referenced the wrong interface in the translation command. Remove this:
ip nat inside source list 15 interface FastEthernet 0 overload
and insert this:
ip nat inside source list 15 interface Ethernet 0 overload
and it should work better.
Give it a try and see if it fixes the problem.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide