Setting up PAT on cisco router for home use.
beezee
Member Posts: 41 ■■□□□□□□□□
in CCNA & CCENT
From my router, I can ping yahoo, google e.t.c and ping my home pc. From my pc, I can ping the router. My pc shows local area connection conected; speed 10.0Mbps
I can't connect to the internet or ping yahoo, google etc.
This is a 2600 series router; IOS version 12.3(19)
What am I missing or overlooking?
Configuration on the pc is as follows:
IP address 192.168.1.101
subnet mast 255.255.255.0
Default gateway: 192.168.1.100
Router#sh run
Building configuration...
Current configuration : 613 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
!
!
!
!
interface Ethernet0/0
ip address 192.168.1.100 255.255.255.0
ip nat inside
half-duplex
no keepalive
!
interface Ethernet0/1
ip address dhcp
ip nat inside
half-duplex
no keepalive
!
ip nat inside source list 102 interface Ethernet0/1 overload
ip http server
ip classless
!
!
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
!
line con 0
line aux 0
line vty 0 4
!
!
end
Router#
I can't connect to the internet or ping yahoo, google etc.
This is a 2600 series router; IOS version 12.3(19)
What am I missing or overlooking?
Configuration on the pc is as follows:
IP address 192.168.1.101
subnet mast 255.255.255.0
Default gateway: 192.168.1.100
Router#sh run
Building configuration...
Current configuration : 613 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
!
!
!
!
interface Ethernet0/0
ip address 192.168.1.100 255.255.255.0
ip nat inside
half-duplex
no keepalive
!
interface Ethernet0/1
ip address dhcp
ip nat inside
half-duplex
no keepalive
!
ip nat inside source list 102 interface Ethernet0/1 overload
ip http server
ip classless
!
!
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
!
line con 0
line aux 0
line vty 0 4
!
!
end
Router#
Comments
-
nice343
Member Posts: 391
the interface that connects to the internet Ethernet0/1 should have
ip nat outside
My daily blog about IT and tech stuff
http://techintuition.com/ -
beezee
Member Posts: 41 ■■□□□□□□□□
..still not working.
Ip route shows gateway of last resort 0.0.0.0 to network 0.0.0.0
I also thought about the DNS issue. I can't ping google from my pc via IP or domain name.
From the router I can ping google. -
phantasm
Member Posts: 995
Is there a reason your using an extended ACL? Try access-list 1 permit 192.168.1.0 0.0.0.255 instead of your current ACL. Remember to change your ip nat inside statement to reflect the change as well."No man ever steps in the same river twice, for it's not the same river and he's not the same man." -Heraclitus -
dtlokee
Member Posts: 2,378 ■■■■□□□□□□
Did you set the default gateway of your PC to the router's inside IP address?The only easy day was yesterday! -
tech-airman
Member Posts: 953
beezee,
What kind of device is connected to the router's Ethernet0/1 port? -
networker050184
Mod Posts: 11,962 Mod
Have you checkd ip nat translations or done a debug?? The configuration looks right unless I'm missing something.phantasm wrote:Is there a reason your using an extended ACL?
I always use extended. You never know when you might have to go in there and deny traffic for VPNs and such.An expert is a man who has made all the mistakes which can be made. -
elegua
Member Posts: 282
Hi beezee,
OK, what you are trying to do never going to work and i going to explain you why, your cable modem is not a DHCP Server to assign IP's to all the devices in your LAN, your ISP is assing you only one (1) dynamic ip address and that ip address is using it in you interface ethernet0/1, if you want that all devices in your LAN access internet through your router you have to configuring DHCP Server in your router to assign ip addresses to all the devices in your LAN.
Try this configuration and let us know:no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! ! no aaa new-model ip subnet-zero ip cef no ip domain lookup ! ip dhcp excluded-address 192.168.2.1 192.168.2.5 ! ip dhcp pool MYNETWORK import all network 192.168.2.0 255.255.255.0 default-router 192.168.2.1 dns-server 4.2.2.2 lease 8 update arp ! interface Ethernet0/0 no shut ip address 192.168.2.1 255.255.255.0 ip nat inside ! interface Ethernet0/1 no shut ip address dhcp ip nat outside ! ip nat inside source list 1 interface Ethernet0/1 overload ! no ip http server ip classless ! ip route 0.0.0.0 0.0.0.0 Ethernet0/1 ! access-list 1 permit 192.168.2.0 0.0.0.255 ! line con 0 line aux 0 line vty 0 4 ! ! end
Ask to your ISP your DNS server IP address or addresses, also you can use 4.2.2.2 instead.
Hope this Help.
-
dtlokee
Member Posts: 2,378 ■■■■□□□□□□
He could statically assign the addresses on the internal LAN, there is no need for DHCP. If the cable modem is already performing NAT there is no problem doing it again on the router. A debug ip nat and a show ip not output would be helpful.The only easy day was yesterday!
-
elegua
Member Posts: 282
dtlokee wrote:He could statically assign the addresses on the internal LAN, there is no need for DHCP. If the cable modem is already performing NAT there is no problem doing it again on the router. A debug ip nat and a show ip not output would be helpful.
You are right, he can assign the ip addresses statically but why? you can give that job to DHCP, is you do this manually (static route) each time you add one device you have to configure a static route statement, in the other hand, if you setup DHCP server, allways DHCP will has an IP ready for any device you add to your LAN, and setup DHCP server in the router is very straightforward.
If he only have one PC in his LAN, static router is better than DHCP. -
networker050184
Mod Posts: 11,962 Mod
elegua wrote:dtlokee wrote:He could statically assign the addresses on the internal LAN, there is no need for DHCP. If the cable modem is already performing NAT there is no problem doing it again on the router. A debug ip nat and a show ip not output would be helpful.
You are right, he can assign the ip addresses statically but why? you can give that job to DHCP, is you do this manually (static route) each time you add one device you have to configure a static route statement, in the other hand, if you setup DHCP server, allways DHCP will has an IP ready for any device you add to your LAN, and setup DHCP server in the router is very straightforward.
If he only have one PC in his LAN, static router is better than DHCP.
You should stop while you are ahead....
You do not need static a route for each ip. You don't need a static route for any since they are directly connected. You just need a default route pointed towards the internet. Your service provider will take care of getting traffic back to your outside ip.
You should really look into routing and NAT/PAT a little deeper.An expert is a man who has made all the mistakes which can be made. -
networknoob
Member Posts: 18 ■□□□□□□□□□
Do what I do, use SDM. It is the easiest way, however I hope your 2600 is capable. And for learning purpose, you should always work on the CLI.
-
elegua
Member Posts: 282
networker050184 wrote:elegua wrote:dtlokee wrote:He could statically assign the addresses on the internal LAN, there is no need for DHCP. If the cable modem is already performing NAT there is no problem doing it again on the router. A debug ip nat and a show ip not output would be helpful.
You are right, he can assign the ip addresses statically but why? you can give that job to DHCP, is you do this manually (static route) each time you add one device you have to configure a static route statement, in the other hand, if you setup DHCP server, allways DHCP will has an IP ready for any device you add to your LAN, and setup DHCP server in the router is very straightforward.
If he only have one PC in his LAN, static router is better than DHCP.
You should stop while you are ahead....
You do not need static a route for each ip. You don't need a static route for any since they are directly connected. You just need a default route pointed towards the internet. Your service provider will take care of getting traffic back to your outside ip.
You should really look into routing and NAT/PAT a little deeper.
You should take some minutes and look the configuration i posted before and you'll see the default route there: ip route 0.0.0.0 0.0.0.0 Ethernet0/1 , is the one you was talking??.
By the way, the guy that opened this threat need help, you should really look into help people instead telling them what to do. -
networker050184
Mod Posts: 11,962 Mod
I was talking about needing a static route for each ip address you add manually. That is not the case. You will not need a static route for your local subnet as it will be connected.An expert is a man who has made all the mistakes which can be made.
-
Darthn3ss
Member Posts: 1,096
.. glad i'm not the only person that thought he wasn't making much sense...networker050184 wrote:You should stop while you are ahead....
You do not need static a route for each ip. You don't need a static route for any since they are directly connected. You just need a default route pointed towards the internet. Your service provider will take care of getting traffic back to your outside ip.
You should really look into routing and NAT/PAT a little deeper.Fantastic. The project manager is inspired.
In Progress: 70-640, 70-685 -
dtlokee
Member Posts: 2,378 ■■■■□□□□□□
It dosen't get much easier than this:
interface ethernet0/0 ip address dhcp ip nat outside no shut ! interface ethernet 0/1 ip address 192.168.1.1 255.255.255.0 ip nat inside no shut ! access-list 1 permit 192.168.1.0 0.0.0.255 ! ip nat inside source list 1 interface ethernet0/0 ! ip dhcp pool INSIDE network 192.168.1.0 /24 default-gateway 192.168.1.1 import all ! ip dhcp excluded-address 192.168.1.1
The only easy day was yesterday! -
beezee
Member Posts: 41 ■■□□□□□□□□
dtlokee wrote:It dosen't get much easier than this:
interface ethernet0/0 ip address dhcp ip nat outside no shut ! interface ethernet 0/1 ip address 192.168.1.1 255.255.255.0 ip nat inside no shut ! access-list 1 permit 192.168.1.0 0.0.0.255 ! ip nat inside source list 1 interface ethernet0/0 ! ip dhcp pool INSIDE network 192.168.1.0 /24 default-gateway 192.168.1.1 import all ! ip dhcp excluded-address 192.168.1.1
Thanks dtlokee, I tried your shorter version on another 2611 and I had the same issue. I could ping any internet site from the router but not from the PC. On the PC, I could ping ethernet0/0 and ethernet0/1 on the 2611.
Then I remembered what "nlabelle" said about DNS, pinging the domain name and IP. I got a replies when I pinged Google and Yahoo by IP from my PC so I went into TCP/IP properties and manually put in my ISP's DNS server.
Everything works now. I will ALWAYS ping the domain name and IP.(maybe that should be my signature)
Thanks a lot to ALL of you who chimed in.
bZ
