Setting up PAT on cisco router for home use.

From my router, I can ping yahoo, google e.t.c and ping my home pc. From my pc, I can ping the router. My pc shows local area connection conected; speed 10.0Mbps
I can't connect to the internet or ping yahoo, google etc.

This is a 2600 series router; IOS version 12.3(19)

What am I missing or overlooking?

Configuration on the pc is as follows:

IP address 192.168.1.101
subnet mast 255.255.255.0
Default gateway: 192.168.1.100

Router#sh run
Building configuration...

Current configuration : 613 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
!
!
!
!
interface Ethernet0/0
ip address 192.168.1.100 255.255.255.0
ip nat inside
half-duplex
no keepalive
!
interface Ethernet0/1
ip address dhcp
ip nat inside
half-duplex
no keepalive
!
ip nat inside source list 102 interface Ethernet0/1 overload
ip http server
ip classless
!
!
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
!
line con 0
line aux 0
line vty 0 4
!
!
end

Router#

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

nice343

the interface that connects to the internet Ethernet0/1 should have

ip nat outside

beezee

nice343 wrote:
the interface that connects to the internet Ethernet0/1 should have
ip nat outside

ahhhh, I see it. I had inside instead of outside. Lets see it it works now.
Thanks

beezee

..Still not working.

hypnotoad

Can you ping by IP and name? Might be DNS.

elegua

Hi,

Try this:

ip route 0.0.0.0 0.0.0.0 Ethernet0/1

Hope this help.

beezee

..still not working.

Ip route shows gateway of last resort 0.0.0.0 to network 0.0.0.0

I also thought about the DNS issue. I can't ping google from my pc via IP or domain name.
From the router I can ping google.

phantasm

Is there a reason your using an extended ACL? Try access-list 1 permit 192.168.1.0 0.0.0.255 instead of your current ACL. Remember to change your ip nat inside statement to reflect the change as well.

beezee

still no luck..

dtlokee

Did you set the default gateway of your PC to the router's inside IP address?

beezee

Yes. 192.168.1.100

tech-airman

beezee,

What kind of device is connected to the router's Ethernet0/1 port?

beezee

An Arris broadband cable modem.

networker050184

Have you checkd ip nat translations or done a debug?? The configuration looks right unless I'm missing something.

phantasm wrote:

Is there a reason your using an extended ACL?

I always use extended. You never know when you might have to go in there and deny traffic for VPNs and such.

tech-airman

beezee wrote:

An Arris broadband cable modem.

beezee,

Which model?

CM450
CM550
Other?

beezee

CM 450A

elegua

Hi beezee,

OK, what you are trying to do never going to work and i going to explain you why, your cable modem is not a DHCP Server to assign IP's to all the devices in your LAN, your ISP is assing you only one (1) dynamic ip address and that ip address is using it in you interface ethernet0/1, if you want that all devices in your LAN access internet through your router you have to configuring DHCP Server in your router to assign ip addresses to all the devices in your LAN.

Try this configuration and let us know:

no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption 
! 
hostname Router 
! 
boot-start-marker 
boot-end-marker 
! 
! 
no aaa new-model 
ip subnet-zero 
ip cef
no ip domain lookup 
!
ip dhcp excluded-address 192.168.2.1 192.168.2.5
!
ip dhcp pool MYNETWORK
   import all
   network 192.168.2.0 255.255.255.0
   default-router 192.168.2.1 
   dns-server 4.2.2.2
   lease 8
   update arp
! 
interface Ethernet0/0
no shut 
ip address 192.168.2.1 255.255.255.0 
ip nat inside 
! 
interface Ethernet0/1
no shut 
ip address dhcp 
ip nat outside 
! 
ip nat inside source list 1 interface Ethernet0/1 overload 
!
no ip http server 
ip classless 
!
ip route 0.0.0.0 0.0.0.0 Ethernet0/1 
! 
access-list 1 permit 192.168.2.0 0.0.0.255 
! 
line con 0 
line aux 0 
line vty 0 4 
! 
! 
end

Ask to your ISP your DNS server IP address or addresses, also you can use 4.2.2.2 instead.

Hope this Help.

dtlokee

He could statically assign the addresses on the internal LAN, there is no need for DHCP. If the cable modem is already performing NAT there is no problem doing it again on the router. A debug ip nat and a show ip not output would be helpful.

elegua

dtlokee wrote:

He could statically assign the addresses on the internal LAN, there is no need for DHCP. If the cable modem is already performing NAT there is no problem doing it again on the router. A debug ip nat and a show ip not output would be helpful.

You are right, he can assign the ip addresses statically but why? you can give that job to DHCP, is you do this manually (static route) each time you add one device you have to configure a static route statement, in the other hand, if you setup DHCP server, allways DHCP will has an IP ready for any device you add to your LAN, and setup DHCP server in the router is very straightforward.

If he only have one PC in his LAN, static router is better than DHCP.

networker050184

elegua wrote:

dtlokee wrote:

He could statically assign the addresses on the internal LAN, there is no need for DHCP. If the cable modem is already performing NAT there is no problem doing it again on the router. A debug ip nat and a show ip not output would be helpful.

You are right, he can assign the ip addresses statically but why? you can give that job to DHCP, is you do this manually (static route) each time you add one device you have to configure a static route statement, in the other hand, if you setup DHCP server, allways DHCP will has an IP ready for any device you add to your LAN, and setup DHCP server in the router is very straightforward.

If he only have one PC in his LAN, static router is better than DHCP.

You should stop while you are ahead....

You do not need static a route for each ip. You don't need a static route for any since they are directly connected. You just need a default route pointed towards the internet. Your service provider will take care of getting traffic back to your outside ip.

You should really look into routing and NAT/PAT a little deeper.

networknoob

Do what I do, use SDM. It is the easiest way, however I hope your 2600 is capable. And for learning purpose, you should always work on the CLI.

elegua

networker050184 wrote:

elegua wrote:

dtlokee wrote:

He could statically assign the addresses on the internal LAN, there is no need for DHCP. If the cable modem is already performing NAT there is no problem doing it again on the router. A debug ip nat and a show ip not output would be helpful.

You are right, he can assign the ip addresses statically but why? you can give that job to DHCP, is you do this manually (static route) each time you add one device you have to configure a static route statement, in the other hand, if you setup DHCP server, allways DHCP will has an IP ready for any device you add to your LAN, and setup DHCP server in the router is very straightforward.

If he only have one PC in his LAN, static router is better than DHCP.

You should stop while you are ahead....

You do not need static a route for each ip. You don't need a static route for any since they are directly connected. You just need a default route pointed towards the internet. Your service provider will take care of getting traffic back to your outside ip.

You should really look into routing and NAT/PAT a little deeper.

You should take some minutes and look the configuration i posted before and you'll see the default route there: ip route 0.0.0.0 0.0.0.0 Ethernet0/1 , is the one you was talking??.

By the way, the guy that opened this threat need help, you should really look into help people instead telling them what to do.

networker050184

I was talking about needing a static route for each ip address you add manually. That is not the case. You will not need a static route for your local subnet as it will be connected.

Darthn3ss

networker050184 wrote:

You should stop while you are ahead....

You do not need static a route for each ip. You don't need a static route for any since they are directly connected. You just need a default route pointed towards the internet. Your service provider will take care of getting traffic back to your outside ip.

You should really look into routing and NAT/PAT a little deeper.

.. glad i'm not the only person that thought he wasn't making much sense...

dtlokee

It dosen't get much easier than this:

interface ethernet0/0
 ip address dhcp
 ip nat outside
 no shut
!
interface ethernet 0/1
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 no shut
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
ip nat inside source list 1 interface ethernet0/0
!
ip dhcp pool INSIDE
 network 192.168.1.0 /24
 default-gateway 192.168.1.1
 import all
!
ip dhcp excluded-address 192.168.1.1

beezee

dtlokee wrote:

It dosen't get much easier than this:

interface ethernet0/0
 ip address dhcp
 ip nat outside
 no shut
!
interface ethernet 0/1
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 no shut
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
ip nat inside source list 1 interface ethernet0/0
!
ip dhcp pool INSIDE
 network 192.168.1.0 /24
 default-gateway 192.168.1.1
 import all
!
ip dhcp excluded-address 192.168.1.1

Thanks dtlokee, I tried your shorter version on another 2611 and I had the same issue. I could ping any internet site from the router but not from the PC. On the PC, I could ping ethernet0/0 and ethernet0/1 on the 2611.
Then I remembered what "nlabelle" said about DNS, pinging the domain name and IP. I got a replies when I pinged Google and Yahoo by IP from my PC so I went into TCP/IP properties and manually put in my ISP's DNS server.
Everything works now. I will ALWAYS ping the domain name and IP.(maybe that should be my signature)

Thanks a lot to ALL of you who chimed in.

bZ