Sorry I'm late replying...

Yes, I'm able to ping. I've changed my configuration; now I have my 2610 as my only router at the moment; I figure if I can just get that to connect to the internet, I can work my way back on everything else. So, my goal is to make a simple internet connection with just my 2610 for the moment. Unfortunately, I still can't connect. Here's my config:

Building configuration...

Current configuration : 1162 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname London1

!

boot-start-marker

boot-end-marker

!

no logging console

enable secret xxxxxxxxxxxxxxxxxxxxxxxxx

enable password xxxxxxxx

!

no aaa new-model

ip subnet-zero

ip cef

!

!

no ip domain lookup

ip dhcp excluded-address 172.16.31.1

ip dhcp excluded-address 172.16.31.2 172.16.31.99

ip dhcp excluded-address 172.16.31.102 172.16.31.254

!

ip dhcp pool Guardtower

import all

network 172.16.0.0 255.255.255.0

default-router 172.16.31.1

!

!

!

!

!

interface Ethernet0/0

description "The Great Outdoors (WAN)"

ip address dhcp

ip access-group 10 out

ip nat outside

full-duplex

no cdp enable

!

interface Ethernet1/0

description "Private LAN"

ip address 172.16.31.1 255.255.255.0

ip access-group 10 in

ip nat inside

full-duplex

no cdp enable

!

ip nat inside source list 11 interface Ethernet0/0 overload

ip http server

ip classless

ip route 0.0.0.0 0.0.0.0 Ethernet0/0

!

!

access-list 10 permit any

access-list 11 permit any

no cdp run

!

line con 0

line aux 0

line vty 0 4

password xxxxxxxxxxxxxxx

login

!

!

end

Any ideas where I'm going wrong?

Jay

Hi Jay

Can you also post your pix config ?

regds

I've taken my PIX offline until further notice. Once I can get my 2610 routing, then I'll probably re-install my pix.

Thanks for responding, by the way...

Jay

hi,

instead of doing

access-list 11 permit any

do this

access-list 101 permit ip 172.16.0.0 0.0.255.255 any

if 172.16.0.0 is the first 2 octet of your network if not then add to the access-list the network that you want to allow to hit internet

If at all possible, if "anyone" sees why this isn't working, could you "put it in the proper context" so that it does work? At this point, I figure it's best if someone who "knows" what's wrong makes it a working config (if you don't mind) and I can then trace back the steps it took to get it working.

I'm on a home 8mb/488kbps ADSL connection by the way...

Jay

Hi Jay,

I am not sure whether I follow your ideas but I can see discrepancy in subnetting.

I understand that your clients are on e0/0 which is subnetted to C-class address (/24).

When your router serves as dhcp server you either intend to provide 172.16.31.X address range (but due to "excluded" commands you can only assign 172.16.31.100-101 addresses), in this case your network statement under "ip dhcp pool Guardtower" should read: "network 172.16.31.0 255.555.255.0" NOT "network 172.16.0.0 255.255.255.0" or you intend to provide class B address range in which case your network statement should read "network 172.16.0.0 255.255.0.0". But then you MAY face problems with routing as you specify your default router as e0/0 interface. Also I have no information what sort of address you get assigned from your ISP when your box acts as a dhcp client.

So if you do not mind can you please change your "network (dhcp)" command and see if there is any progress.

Best regards,

Antonin

Okay,

I've scaled it down to just the commands I "think" I need to get my 2610 to connect to the internet and it "still" isn't working:

Building configuration...

Current configuration : 1018 bytes

!

! Last configuration change at 21:26:43 UTC Mon Nov 6 2006

! NVRAM config last updated at 21:26:46 UTC Mon Nov 6 2006

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname London1

!

boot-start-marker

boot-end-marker

!

no logging console

enable secret xxx

enable password xxxxxxxxxxxxxxxx

!

no aaa new-model

ip subnet-zero

ip cef

!

!

no ip domain lookup

!

!

!

!

!

interface Ethernet0/0

description "The Great Outdoors (WAN)"

ip address 87.xxx.xxx.54 255.255.255.0 (WAN IP)

ip nat outside

full-duplex

no cdp enable

!

interface Ethernet1/0

description "Private LAN"

ip address 172.16.31.1 255.255.255.0

ip nat inside

full-duplex

no cdp enable

!

ip default-gateway 87.xxx.xxx.54

ip nat inside source list 11 interface Ethernet0/0 overload

ip http server

ip classless

ip route 0.0.0.0 0.0.0.0 Ethernet0/0

!

!

access-list 11 permit any

no cdp run

!

line con 0

line aux 0

line vty 0 4

password xxxxxxxxxxxxxxxx

login

!

!

end

I'm out of ideas...

Jay

Hi Jay

I have 2 suggestions to make here.

1.As already mentioned by the other poster do change the access list entry accordingly to allow only your local lan subnet.

2.Do remove the ip default-gateway command and also the default route pointing via ethernet0/0.

You need to find out the ip address of the gateway equipment from the SP where you are currently getting connected and draft your default route pointing to that ip.

I feel that should solve your problem.

regs

the problem with your number 2 suggestion is the ISP didn't give him a static ip to use for his router, if he was given a static IP that would be fine but since it's via DHCP the default route to the e0/0 int is just fine.

@poster

change the NAT as i have said, i'm pretty sure that's where your problem is

Actally,

if I've never mentioned, I do have a static ip (and about 5 others I'm not using at the moment). I set it to dhcp because I wanted to make sure I was getting out to the internet.

This is pissing me off. I had my pix 501 running inside of 15 minutes so I don't know why it's so friggin' difficult with this piddly 2610?!?!?!? All I want is a simple basic config and I'm into three+ days with this thing :)

Jay

so, did you change the NAT statement?

Yep, and then some and it still didn't work:

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname London1

!

boot-start-marker

boot-end-marker

!

no logging console

enable secret 5 $1$YxtK$2CA0c/57PnC/6tOsyMwDu0

enable password xxxxxx

!

no aaa new-model

ip subnet-zero

ip cef

!

!

no ip domain lookup

ip dhcp excluded-address 172.16.31.1

!

ip dhcp pool guardtower

dns-server 87.xxx.xxx.30 87.xxx.xxx.28

!

!

!

!

!

interface Ethernet0/0

description "The Great Outdoors (WAN)"

ip address dhcp

ip nat outside

full-duplex

no cdp enable

!

interface Ethernet1/0

description "Private LAN"

ip address 172.16.31.1 255.255.255.0

ip nat inside

full-duplex

no cdp enable

!

router rip

network 172.16.0.0

!

ip default-gateway 87.xxx.xxx.7

ip nat inside source list 101 interface Ethernet0/0 overload

ip http server

ip classless

ip route 0.0.0.0 0.0.0.0 87.xxx.xxx.7

!

!

access-list 101 permit ip 172.16.0.0 0.0.255.255 any

no cdp run

!

line con 0

line aux 0

line vty 0 4

password xxxxxx

login

!

!

end

I tried adding the "dns-server" command and that didn't help either...

Jay

did the isp give you a deafult gateway to use? change your default route to "ip route 0.0.0.0 0.0.0.0 E0/0" and try again. do sh int and get the ip address assigned to e0/0 by the dhcp and do an extended ping to 4.2.2.2 and use the dhcp ip as source and tell us if it's ok or not