no, still not working.

Hello,

I have rebuilt your setup in GNS3, the only thing I cannot simulate is your Home Router. Not sure if it has been mentioned before in this thread, but what brand/model is that router ?

Also, post the configuration of R2 again, I want to check if all the changes I have suggested have been implemented properly...

Hello,

what is your Home Router ? What brand/model ? Can you access the configuration ?

Its genexis titanium 20 series fiber router and yes i can access the configuration. 

Hello,

the default routes on R3 and R1 are wrong or non-existent. Add the below:

R3

ip route 0.0.0.0 0.0.0.0 12.0.0.1

R1

ip route 0.0.0.0 0.0.0.0 11.0.0.2

I am pretty sure that the Genexis is causing your problem. Since this is a home (learning) lab, try and replace the Genexis with one of your 2811 routers, and use the config with the amended access list I posted earlier. 'Any any' access lists for NAT are never a good idea...

Also, on the VTY lines of R1 and R3, there is no 'transport input all' configured:

line vty 0 4
password cisco
login

transport input all

Hi

I have tested now with another router (netgear),changed the IP to 192.168.1.254 (same as my home router,previously removed the home router from network). I have tested all your suggestions and the results are same. No telnet, no ping from my home network/netgear 192.168.1.x to "cisco" networks 192.168.2.x, 192.168.3.x and 192.168.4.x.

Only way i can telnet from home network/netgear to Router2 is using ip 192.168.1.88 trough interface f0/0. Nothing strange there because it's on the same network, from there i ping across "cisco" networks 2, 3 and 4 and get response every time.

Locally everything works fine. I can telnet into every device and all devices (laptops, switches and routers) responds to ping and telnet. 

I doubt the problem is in home router because it didn't work with netgear router either.   

The suggestion was to use one of your 2811 routers as replacement, not a Netgear router. I have tested your setup with a Cisco router, and it works fine. I can send over the configs (in order to 'simulate' the Home router, I have used bridging...

I cannot replace my home router(genexis). Its an fiber router (fiber lines from the outside are connected to it) and provides my house with the internet access. I've just connected R2 (2811) to one of free lan ports and that's how it gets the internet access to my cisco setup. "Only" problem is reaching it from outside the "cisco network". As I said earlier, locally everything works fine, i just want to add my cisco lab setup to my home network, but that seams an impossible task :).

Hi. 

Is there any other way to make this configuration work? Its driving me mad :(.

I can now ping from pc 1,2 and 3(192.168.2. (3) and (4) subnets) to my "home pc" 192.168.1.5 and other devices on my home network but it doesn't work the other way. Only ping to R2 192.168.1.88 on f0/0 works.  

i have now added the static routes on my windows 10 and netgear router, and now i can ping to my routers and swtches from my home network. Only problem left now is telnet. 

Post the configuration of the NAT router again, as we have lost track of what changes were made...

Building configuration...

Current configuration : 1888 bytes
!
! Last configuration change at 20:29:37 UTC Tue May 29 2018 by sanel
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
ip domain name sanelccent.org
!
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2811 sn FCZ094871GQ
username sanel privilege 15 secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY
!
redundancy
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.0.0.254 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Serial0/0/0
ip address 12.0.0.1 255.0.0.0
ip nat inside
ip virtual-reassembly in
clock rate 2000000
!
interface Serial0/0/1
ip address 11.0.0.2 255.0.0.0
ip nat inside
ip virtual-reassembly in
clock rate 2000000
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 101 interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip route 11.0.0.0 255.0.0.0 11.0.0.1
ip route 12.0.0.0 255.0.0.0 12.0.0.2
ip route 192.168.2.0 255.255.255.0 11.0.0.1
ip route 192.168.4.0 255.255.255.0 12.0.0.2
!
access-list 101 permit ip any any
access-list 101 deny ip 192.168.2.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 101 deny ip 192.168.3.0 0.0.0.255 10.0.0.0 0.0.0.255
access-list 101 deny ip 192.168.4.0 0.0.0.255 10.0.0.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
password cisco
login local
transport input all
!
scheduler allocate 20000 1000
end

I notice that your ACL for nat does permit ip any any. I have sees that cause problems with telnet and SSH access. I suggest that you change the ACL so that you are permitting traffic from specific subnets or networks.

I also notice that your ACL for nat starts with permit any any and then tries to deny some traffic. That will not achieve what you intend. After permit any any the router will not evaluate any other entries in the ACL.

HTH

Rick