Didnt work...  Couldnt get to the internet or ping 8.8.8.8

My current setup for this would be:

I have my Cisco 871 connected to the LAN port off the Verizon Router... (Verion Router IP: 192.168.1.1)

The IP Address I am using on the Cisco WAN fa4 port is 192.168.1.2 /24, My machine wont reach out to the internet from the computer...DHCP is working fine and I can get an IP of 192.168.10.x or 192.168.20.x also able to ping the interface 192.168.10.x or 192.168.20.x 

Still confused on why I cant reach out to the internet...

Below is my current config:

Building configuration...

Current configuration : 4260 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname P1-Router

!

boot-start-marker

boot-end-marker

!

enable secret 5

enable password 7

!

aaa new-model

!

!

aaa authentication login default local

aaa authorization exec default local

!

!

aaa session-id common

!

crypto pki trustpoint TP-self-signed-

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-

!

!

crypto pki certificate chain TP-self-signed-

        quit

dot11 syslog

ip cef

!

!

no ip dhcp use vrf connected

no ip dhcp conflict logging

ip dhcp excluded-address 192.168.10.1 192.168.10.99

ip dhcp excluded-address 192.168.20.1 192.168.20.99

!

ip dhcp pool vlan10-pool

   network 192.168.10.0 255.255.255.0

   default-router 192.168.10.1

   dns-server 192.168.1.1 8.8.8.8

!

ip dhcp pool vlan20-pool

   network 192.168.20.0 255.255.255.0

   default-router 192.168.20.1

   dns-server 192.168.1.1 8.8.8.8

!

!

no ip domain lookup

ip domain name P1.COM

ip inspect name MYFW tcp

ip inspect name MYFW udp

!

multilink bundle-name authenticated

!

!

username admin privilege 15 password

!

!

archive

log config

  hidekeys

!

!

!

!

!

interface FastEthernet0

switchport access vlan 10

!

interface FastEthernet1

switchport access vlan 10

!

interface FastEthernet2

switchport access vlan 20

!

interface FastEthernet3

switchport access vlan 20

!

interface FastEthernet4

ip address 192.168.1.2 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Vlan1

ip address 192.168.2.1 255.255.255.0

!

interface Vlan10

ip address 192.168.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Vlan20

ip address 192.168.20.1 255.255.255.0

ip access-group Restrict_GUESTS in

ip nat inside

ip virtual-reassembly

!

ip forward-protocol nd

!

!

ip http server

ip http secure-server

ip nat inside source route-map NAT_MAP interface FastEthernet4 overload

!

ip access-list extended NAT-ACL

deny   ip 192.168.10.0 0.0.0.255 192.168.10.0 0.0.0.255

deny   ip 192.168.10.0 0.0.0.255 192.168.20.0 0.0.0.255

deny   ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255

deny   ip 192.168.20.0 0.0.0.255 192.168.20.0 0.0.0.255

permit ip 192.168.10.0 0.0.0.255 any

permit ip 192.168.20.0 0.0.0.255 any

deny   ip any any

ip access-list extended Restrict_GUESTS

deny   ip 192.168.20.0 0.0.0.255 192.168.10.0 0.0.0.255

permit ip 192.168.20.0 0.0.0.255 any

deny   ip any any

!

!

!

!

route-map NAT_MAP permit 10

match ip address NAT-ACL

!

!

control-plane

!

!

line con 0

password 7

no modem enable

line aux 0

line vty 0 4

password 7

!

scheduler max-task-time 5000

end

Hello Andrew,

Can you provide output of #tracert 8.8.8.8, can you also provide output of ping and traceroute 8.8.8.8 from router?

Configuration seems OK.

Best Regards

Please rate all helpful posts and close solved questions

I think so DNS and WAN Ips are not corect.

Can you provide me detials how you are connected to ISP.

Router > ISP (if i am correct)

If you are connecte like above scenerio verify from ISP what DNS and WAN IP you will use..

Hello!
For waht do you need this line?

deny   ip 192.168.10.0 0.0.0.255 192.168.10.0 0.0.0.255

it almost work, i could ping 8.8.8.8 from the router, but internet doesn't work anyway on my laptop

Hello, thanks for all this useful information. My plan is to get rid of my BT home router, but I have a few questions:

if you dont mind:

1. How do you go about setting up the wireless ssids etc on same router? If you could point me on the right direction? I understand the logic of all these commands and the logic on why you did the subnetting between 192.168.10.254 and 192.168.20.254, but Im quite lost in regards wireless settings. 

2. How do you go about firewalling this router? Because at the moment, I have a BT home router who does basic firewal function?

Many thanks in advance, and thanks everyone on this post; there is lot of useful information in here.

Regards,

Hi,

For Firewalling you can use CBAC or Zone Based Firewall, here are some docs about these:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca7c5.html

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_data_zbf/configuration/12-4t/sec-zone-pol-fw.html

For Wireless it all depends on the router model.

Regards

Alain

Don't forget to rate helpful posts.

Hello Roberto,

Here are links to configure wifi on 871:

- https://supportforums.cisco.com/docs/DOC-16020

- http://www.piglet-net.net/tech/cisco/cisco-871W-simple.html

Zone-Based Policy Firewall

- http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00808bc994.shtml

Hope this helps you.

Best Regards

Please rate all helpful posts and close solved questions