jbartosik
asked on
Problems with Cisco 2600 router as DHCP router
I'm running a cisco 2600 router as my broadband router. I have 2 Windows XP machines on my LAN.
On one router interface it's set to pick up a dhcp address from my service provider, which it does, and I can ping from the router to any address I like, so it's working there.
From my PC, I can ping both router interfaces. However, I can't ping the service providers router. If my assigned DHCP address is 80.1.59.80 for example
then my PC won't be able to ping 80.1.59.1 (my service providers router!)
I suspect it's my static route setup, or something like that, but I've tried a few things. Any suggestions. My config is below:
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encr
!
hostname router
!
enable password 7 094D5B1B100216
!
ip subnet-zero
!
!
ip domain round-robin
!
call rsvp-sync
!
interface Ethernet0/0
description outside DHCP DSL interface
mac-address 0002.a560.b487
ip address dhcp
no ip mroute-cache
half-duplex
no cdp enable
!
interface Ethernet0/1
description Inside static Interface to my LAN
ip address 192.168.1.1 255.255.255.0
half-duplex
!
ip classless
no ip http server
!
!
dial-peer cor custom
!
line con 0
line aux 0
line vty 0 4
password 7 13040200020B05
login
!
end
On one router interface it's set to pick up a dhcp address from my service provider, which it does, and I can ping from the router to any address I like, so it's working there.
From my PC, I can ping both router interfaces. However, I can't ping the service providers router. If my assigned DHCP address is 80.1.59.80 for example
then my PC won't be able to ping 80.1.59.1 (my service providers router!)
I suspect it's my static route setup, or something like that, but I've tried a few things. Any suggestions. My config is below:
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encr
!
hostname router
!
enable password 7 094D5B1B100216
!
ip subnet-zero
!
!
ip domain round-robin
!
call rsvp-sync
!
interface Ethernet0/0
description outside DHCP DSL interface
mac-address 0002.a560.b487
ip address dhcp
no ip mroute-cache
half-duplex
no cdp enable
!
interface Ethernet0/1
description Inside static Interface to my LAN
ip address 192.168.1.1 255.255.255.0
half-duplex
!
ip classless
no ip http server
!
!
dial-peer cor custom
!
line con 0
line aux 0
line vty 0 4
password 7 13040200020B05
login
!
end
Can you still surf the internet with your PC? Perhaps your provider has set their router/gateway to refuse IMCP packets. Try a cdp nearest neighbor from your router to get more information. You can call your provider to see how their routers have been set up too.
ASKER
Maxxum, no I can't, and I know that they haven't disabled ICMP, because my router can ping past my service provider to other websites. I suspect that it's a default route problem on my config. I have setup my PC, so that the default gateway is 192.168.1.1, my inside router interface, and they can ping this, and they can ping my DHCP router interface, but they can't ping anything else or surf the net. I have also added the DNS severs to my PC's. any other suggestions?
Problems with the PCs aside, my first option would be to look at your side of the router (port). Since you can reach the internet from the outside port it must be inside your network. I would use cdp logs to check out what is happening to your packets once they hit your router. I would guess it has something to do with a conflict on the port on your side. If you tell me what the errors are I bet I could tell you how to fix it. Otherwise, I would just opt to flush your setup, start again, and go step by step re-configuring your router.
You do not have any routing or network address translation in your configuration. The following command sequence should enable NAT on your router.
enable
conf term
conf int e0/0
ip nat outside
int e0/1
ip nat inside
exit
ip routing
exit
wr
You may have to configure an acces group:
ip nat inside source list 1 interface Ethernet1 overload
access-list 1 permit 192.0.0.0 0.255.255.255
Good luck. MSGeek
enable
conf term
conf int e0/0
ip nat outside
int e0/1
ip nat inside
exit
ip routing
exit
wr
You may have to configure an acces group:
ip nat inside source list 1 interface Ethernet1 overload
access-list 1 permit 192.0.0.0 0.255.255.255
Good luck. MSGeek
ASKER
Thanks for the help so far MSGeek, I think I am very close now, I have added your access list, but think I may have somthing slightly wrong? Can you see where I'm going wrong?
interface Ethernet0/0
description outside DHCP DSL interface
mac-address 0002.a560.b487
ip address dhcp
ip nat outside
no ip mroute-cache
half-duplex
no cdp enable
!
interface Ethernet0/1
description Inside static Interface to my LAN
ip address 192.168.0.254 255.255.255.0
ip nat inside
half-duplex
!
ip nat inside source list 1 interface Ethernet0/1 overload
ip classless
ip http server
!
access-list 1 permit 192.168.0.0
!
dial-peer cor custom
!
Thanks
interface Ethernet0/0
description outside DHCP DSL interface
mac-address 0002.a560.b487
ip address dhcp
ip nat outside
no ip mroute-cache
half-duplex
no cdp enable
!
interface Ethernet0/1
description Inside static Interface to my LAN
ip address 192.168.0.254 255.255.255.0
ip nat inside
half-duplex
!
ip nat inside source list 1 interface Ethernet0/1 overload
ip classless
ip http server
!
access-list 1 permit 192.168.0.0
!
dial-peer cor custom
!
Thanks
On E0/0 you may want to add: no keepalive
On E0/0 I don't know why you have specified a MAC address, but that shouldn't matter
On your access list you did not give a subnet, to filter down to the last ocetet you want it to look like this:
access-list 1 permit 192.0.0.0 0.255.255.255
so first type: no access-list 1 permit 192.168.0.0
then: access-list 1 permit 192.0.0.0 0.255.255.255
On E0/0 I don't know why you have specified a MAC address, but that shouldn't matter
On your access list you did not give a subnet, to filter down to the last ocetet you want it to look like this:
access-list 1 permit 192.0.0.0 0.255.255.255
so first type: no access-list 1 permit 192.168.0.0
then: access-list 1 permit 192.0.0.0 0.255.255.255
ASKER
I did what you said, and just to be sure, the routing table looks ok:
Gateway of last resort is 80.0.159.1 to network 0.0.0.0
80.0.0.0/24 is subnetted, 1 subnets
C 80.0.159.0 is directly connected, Ethernet0/0
C 192.168.0.0/24 is directly connected, Ethernet0/1
S* 0.0.0.0/0 [254/0] via 80.0.159.1
The router can ping everything, but my PC's on the Lan still can't ping my service providers router? only my outside e0/0 interface?
interface Ethernet0/0
description outside DHCP DSL interface
mac-address 0002.a560.b487
ip address dhcp
ip nat outside
no ip mroute-cache
no keepalive
half-duplex
no cdp enable
!
interface Ethernet0/1
description Inside static Interface to my LAN
ip address 192.168.0.254 255.255.255.0
ip nat inside
half-duplex
!
ip nat inside source list 1 interface Ethernet0/1 overload
ip classless
ip http server
Can you think of anything else? thanks
Gateway of last resort is 80.0.159.1 to network 0.0.0.0
80.0.0.0/24 is subnetted, 1 subnets
C 80.0.159.0 is directly connected, Ethernet0/0
C 192.168.0.0/24 is directly connected, Ethernet0/1
S* 0.0.0.0/0 [254/0] via 80.0.159.1
The router can ping everything, but my PC's on the Lan still can't ping my service providers router? only my outside e0/0 interface?
interface Ethernet0/0
description outside DHCP DSL interface
mac-address 0002.a560.b487
ip address dhcp
ip nat outside
no ip mroute-cache
no keepalive
half-duplex
no cdp enable
!
interface Ethernet0/1
description Inside static Interface to my LAN
ip address 192.168.0.254 255.255.255.0
ip nat inside
half-duplex
!
ip nat inside source list 1 interface Ethernet0/1 overload
ip classless
ip http server
Can you think of anything else? thanks
Ahh, I know waht's up!! You need to specify the next hop in your routing statement. Connect a PC directly to your ISP and do a tracert to find out what your firts route is past your own IP. Set that at the end of your routing statement, it needs to know the next hop.
ASKER
Sorry to be thick MSgeek, I'm a little out of practice, my next hop is 10.64.0.1 to any site I try and ping, so I guess you mean I need to go into config mode and add: ip route 0.0.0.0 255.255.255.0 10.64.0.1 permanent for example?
80.0.0.0/24 is subnetted, 1 subnets
C 80.0.159.0 is directly connected, Ethernet0/0
C 192.168.0.0/24 is directly connected, Ethernet0/1
S* 0.0.0.0/0 [254/0] via 80.0.159.1
Nearly there!
80.0.0.0/24 is subnetted, 1 subnets
C 80.0.159.0 is directly connected, Ethernet0/0
C 192.168.0.0/24 is directly connected, Ethernet0/1
S* 0.0.0.0/0 [254/0] via 80.0.159.1
Nearly there!
That's it!
ASKER
I wish it was, but that doesn't work, whilst my router is fully operational and can ping everything, on the net and my lan, my PC's can't. Im running XP on them and I have obviously put in the ip address of 192.168.0.254 for their default router and have put in the DNS, but It still can't ping my service providers router or anything else?
just to be sure, my config is:
interface Ethernet0/0
description outside DHCP DSL interface
mac-address 0002.a560.b487
ip address dhcp
ip nat outside
no ip mroute-cache
no keepalive
half-duplex
no cdp enable
!
interface Ethernet0/1
description Inside static Interface to my LAN
ip address 192.168.0.254 255.255.255.0
ip nat inside
half-duplex
!
ip nat inside source list 1 interface Ethernet0/1 overload
ip classless
ip route 0.0.0.0 255.255.255.0 10.64.0.1 permanent
ip http server
and my routes are:
80.0.0.0/24 is subnetted, 1 subnets
C 80.0.159.0 is directly connected, Ethernet0/0
C 192.168.0.0/24 is directly connected, Ethernet0/1
S* 0.0.0.0/0 [254/0] via 80.0.159.1
Sorry about this, anything else we can try?
just to be sure, my config is:
interface Ethernet0/0
description outside DHCP DSL interface
mac-address 0002.a560.b487
ip address dhcp
ip nat outside
no ip mroute-cache
no keepalive
half-duplex
no cdp enable
!
interface Ethernet0/1
description Inside static Interface to my LAN
ip address 192.168.0.254 255.255.255.0
ip nat inside
half-duplex
!
ip nat inside source list 1 interface Ethernet0/1 overload
ip classless
ip route 0.0.0.0 255.255.255.0 10.64.0.1 permanent
ip http server
and my routes are:
80.0.0.0/24 is subnetted, 1 subnets
C 80.0.159.0 is directly connected, Ethernet0/0
C 192.168.0.0/24 is directly connected, Ethernet0/1
S* 0.0.0.0/0 [254/0] via 80.0.159.1
Sorry about this, anything else we can try?
I'm assuming you have typed the command "ip routing"? Knowing that you can ping from the router past the first hop tells me you have the router configured correctly, it's just not perfoming NAT. Can you ping your Default Gateway? I am sure the DNS you've specified includes your ISPs DNS servers.
What happened to your access list?
ASKER
yes I have typed in IP routing
yes I can ping my default gateway from my PC
yes I have put in my service providers 2 DNS servers 194.168.4.100, 194.168.8.100.
But I'll worry about domain name resolution once I can ping my service providers router 80.0.159.1, which I still can't do from my PC.
yes I can ping my default gateway from my PC
yes I have put in my service providers 2 DNS servers 194.168.4.100, 194.168.8.100.
But I'll worry about domain name resolution once I can ping my service providers router 80.0.159.1, which I still can't do from my PC.
ASKER
Hmm, you're right, the access list was missing, but that still hasn't fixed things? My PC still won't ping 80.0.159.1.
interface Ethernet0/0
description outside DHCP DSL interface
mac-address 0002.a560.b487
ip address dhcp
ip nat outside
no ip mroute-cache
no keepalive
half-duplex
no cdp enable
!
interface Ethernet0/1
description Inside static Interface to my LAN
ip address 192.168.0.254 255.255.255.0
ip nat inside
half-duplex
!
ip nat inside source list 1 interface Ethernet0/1 overload
ip classless
ip route 0.0.0.0 255.255.255.0 10.64.0.1 permanent
ip http server
!
access-list 1 permit 192.168.0.0 0.0.255.255
!
dial-peer cor custom
!
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 13040200020B05
login
!
end
Routes are as follows:
Gateway of last resort is 80.0.159.1 to network 0.0.0.0
80.0.0.0/24 is subnetted, 1 subnets
C 80.0.159.0 is directly connected, Ethernet0/0
C 192.168.0.0/24 is directly connected, Ethernet0/1
S* 0.0.0.0/0 [254/0] via 80.0.159.1
Sorry to be so difficult, Im just a university computing student and trying to get this working is harder than I thought.
interface Ethernet0/0
description outside DHCP DSL interface
mac-address 0002.a560.b487
ip address dhcp
ip nat outside
no ip mroute-cache
no keepalive
half-duplex
no cdp enable
!
interface Ethernet0/1
description Inside static Interface to my LAN
ip address 192.168.0.254 255.255.255.0
ip nat inside
half-duplex
!
ip nat inside source list 1 interface Ethernet0/1 overload
ip classless
ip route 0.0.0.0 255.255.255.0 10.64.0.1 permanent
ip http server
!
access-list 1 permit 192.168.0.0 0.0.255.255
!
dial-peer cor custom
!
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 13040200020B05
login
!
end
Routes are as follows:
Gateway of last resort is 80.0.159.1 to network 0.0.0.0
80.0.0.0/24 is subnetted, 1 subnets
C 80.0.159.0 is directly connected, Ethernet0/0
C 192.168.0.0/24 is directly connected, Ethernet0/1
S* 0.0.0.0/0 [254/0] via 80.0.159.1
Sorry to be so difficult, Im just a university computing student and trying to get this working is harder than I thought.
is routing enabled? have you typed "ip routing"?
ASKER
yes, a few times now,
router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#ip routing
router(config)#
router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#ip routing
router(config)#
> But I'll worry about domain name resolution once I can ping my service providers router 80.0.159.1, which I still can't do from my PC.
> ip route 0.0.0.0 255.255.255.0 10.64.0.1 permanent
Can you ping your firdt outside hop, 10.64.0.1
I was going to try, but I'm behind my router and an ISA server at the moment. Hehe, can't get in here. :)
> ip route 0.0.0.0 255.255.255.0 10.64.0.1 permanent
Can you ping your firdt outside hop, 10.64.0.1
I was going to try, but I'm behind my router and an ISA server at the moment. Hehe, can't get in here. :)
ASKER
No, I can't ping it, but here is an example trace from the router. Obviously it doesn't work from the PC either (yet!) :-)
router#trace www.cisco.com
Translating "www.cisco.com"...domain server (194.168.4.100) [OK]
Type escape sequence to abort.
Tracing the route to www.cisco.com (198.133.219.25)
1 10.64.0.1 32 msec 72 msec 16 msec
2 btn-t2cam1-a-v100.inet.ntl
3 btn-t2core-a-ge-wan61.inet
4 gfd-bb-a-so-230-0.inet.ntl
5 gfd-bb-b-ge-310-0.inet.ntl
6 bre-bb-a-so-000-0.inet.ntl
7 213.206.159.37 52 msec 28 msec 16 msec
8 sl-bb21-lon-9-0.sprintlink
9 sl-bb21-tuk-10-0.sprintlin
10 sl-bb26-rly-14-3.sprintlin
11 sl-bb20-rly-12-0.sprintlin
12 sl-bb20-sj-5-3.sprintlink.
13 sl-gw11-sj-9-0.sprintlink.
14 sl-ciscopsn2-11-0-0.sprint
15 sjce-dirty-gw1.cisco.com (128.107.239.89) 184 msec 180 msec 140 msec
16 sjck-sdf-ciod-gw2.cisco.co
17 * * *
18 www.cisco.com (198.133.219.25) 152 msec * 144 msec
router#trace www.cisco.com
Translating "www.cisco.com"...domain server (194.168.4.100) [OK]
Type escape sequence to abort.
Tracing the route to www.cisco.com (198.133.219.25)
1 10.64.0.1 32 msec 72 msec 16 msec
2 btn-t2cam1-a-v100.inet.ntl
3 btn-t2core-a-ge-wan61.inet
4 gfd-bb-a-so-230-0.inet.ntl
5 gfd-bb-b-ge-310-0.inet.ntl
6 bre-bb-a-so-000-0.inet.ntl
7 213.206.159.37 52 msec 28 msec 16 msec
8 sl-bb21-lon-9-0.sprintlink
9 sl-bb21-tuk-10-0.sprintlin
10 sl-bb26-rly-14-3.sprintlin
11 sl-bb20-rly-12-0.sprintlin
12 sl-bb20-sj-5-3.sprintlink.
13 sl-gw11-sj-9-0.sprintlink.
14 sl-ciscopsn2-11-0-0.sprint
15 sjce-dirty-gw1.cisco.com (128.107.239.89) 184 msec 180 msec 140 msec
16 sjck-sdf-ciod-gw2.cisco.co
17 * * *
18 www.cisco.com (198.133.219.25) 152 msec * 144 msec
Paste a full show run in here. You can edit out non-encrypted passwords if you like.
ASKER
That's ok, here it is:
Current configuration : 852 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router
!
enable password 7 094D5B1B100216
!
ip subnet-zero
!
!
ip domain round-robin
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface Ethernet0/0
description outside DHCP DSL interface
mac-address 0002.a560.b487
ip address dhcp
ip nat outside
no ip mroute-cache
no keepalive
half-duplex
no cdp enable
!
interface Ethernet0/1
description Inside static Interface to my LAN
ip address 192.168.0.254 255.255.255.0
ip nat inside
half-duplex
!
ip nat inside source list 1 interface Ethernet0/1 overload
ip classless
ip route 0.0.0.0 255.255.255.0 10.64.0.1 permanent
ip http server
!
access-list 1 permit 192.168.0.0 0.0.255.255
!
dial-peer cor custom
!
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 13040200020B05
login
!
end
Current configuration : 852 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router
!
enable password 7 094D5B1B100216
!
ip subnet-zero
!
!
ip domain round-robin
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface Ethernet0/0
description outside DHCP DSL interface
mac-address 0002.a560.b487
ip address dhcp
ip nat outside
no ip mroute-cache
no keepalive
half-duplex
no cdp enable
!
interface Ethernet0/1
description Inside static Interface to my LAN
ip address 192.168.0.254 255.255.255.0
ip nat inside
half-duplex
!
ip nat inside source list 1 interface Ethernet0/1 overload
ip classless
ip route 0.0.0.0 255.255.255.0 10.64.0.1 permanent
ip http server
!
access-list 1 permit 192.168.0.0 0.0.255.255
!
dial-peer cor custom
!
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 13040200020B05
login
!
end
try turning on debug ip routing and debug ip packet. This should give you an idea of what's going on.
Not sure why you have call rsvp-sync or dial-peer cor custom?
you may want to add to your outside interface:
ip access-group 100 in
Then in your access list:
access-list 100 permit ip any any
I don't have nay more ideas if this doesn't do it, try the debuging or repost question under Routers/Switches.
Not sure why you have call rsvp-sync or dial-peer cor custom?
you may want to add to your outside interface:
ip access-group 100 in
Then in your access list:
access-list 100 permit ip any any
I don't have nay more ideas if this doesn't do it, try the debuging or repost question under Routers/Switches.
ASKER
I've tried, and nothings changed, thanks for all of Your help, I'll give the routing and switching a go
also I tried to remove those statements:
router(config)#no dial-peer cor custom
This command is a default configuration can not be removed.
also I tried to remove those statements:
router(config)#no dial-peer cor custom
This command is a default configuration can not be removed.
Change the inside IP of your router to 192.168.0.253
Strike that.
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service tcp-small-servers
no service udp-small-servers
hostname Router
enable password cisco
no ip name-server
ip subnet-zero
no ip domain-lookup
ip routing
interface Ethernet 0/0
no shutdown
description connected to Internet
ip address dhcp
ip nat outside
no keepalive
interface Ethernet 0/1
no shutdown
description connected to lan
ip address 192.168.1.254 255.255.255.0
ip nat inside
keepalive 10
no access-list 1
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source list 1 interface Ethernet 0/0 overload
router rip
version 2
network 192.168.1.0
passive-interface Ethernet 0/0
no auto-summary
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet 0/0
no ip http server
line console 0
exec-timeout 0 0
password cisco
login
line vty 0 4
password cisco
login
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service tcp-small-servers
no service udp-small-servers
hostname Router
enable password cisco
no ip name-server
ip subnet-zero
no ip domain-lookup
ip routing
interface Ethernet 0/0
no shutdown
description connected to Internet
ip address dhcp
ip nat outside
no keepalive
interface Ethernet 0/1
no shutdown
description connected to lan
ip address 192.168.1.254 255.255.255.0
ip nat inside
keepalive 10
no access-list 1
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source list 1 interface Ethernet 0/0 overload
router rip
version 2
network 192.168.1.0
passive-interface Ethernet 0/0
no auto-summary
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet 0/0
no ip http server
line console 0
exec-timeout 0 0
password cisco
login
line vty 0 4
password cisco
login
ASKER
Nope, Still not working, did the things you said above:
From the PC:
C:\>ipconfig
Windows IP Configuration
Ethernet adapter LAN:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.254
C:\>ping 192.168.0.254
Pinging 192.168.0.254 with 32 bytes of data:
Reply from 192.168.0.254: bytes=32 time=1ms TTL=255
Reply from 192.168.0.254: bytes=32 time=1ms TTL=255
Reply from 192.168.0.254: bytes=32 time=1ms TTL=255
Reply from 192.168.0.254: bytes=32 time=1ms TTL=255
Ping statistics for 192.168.0.254:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
C:\>ping 80.0.159.96
Pinging 80.0.159.96 with 32 bytes of data:
Reply from 80.0.159.96: bytes=32 time=1ms TTL=255
Reply from 80.0.159.96: bytes=32 time=1ms TTL=255
Reply from 80.0.159.96: bytes=32 time=1ms TTL=255
Reply from 80.0.159.96: bytes=32 time=1ms TTL=255
Ping statistics for 80.0.159.96:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
C:\>ping 80.0.159.1
Pinging 80.0.159.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 80.0.159.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\>
From the router:
router#ping 80.0.159.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 80.0.159.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/34/84 ms
router#
Current configuration : 1064 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router
!
enable password 7 094D5B1B100216
!
ip subnet-zero
!
!
ip domain round-robin
no ip domain-lookup
!
no call rsvp-sync
!
!
!
!
!
!
!
!
interface Ethernet0/0
description outside DHCP DSL interface
mac-address 0002.a560.b487
ip address dhcp
ip access-group 100 in
ip nat outside
no ip mroute-cache
no keepalive
half-duplex
no cdp enable
!
interface Ethernet0/1
description Inside static Interface to my LAN
ip address 192.168.0.254 255.255.255.0
ip nat inside
half-duplex
!
router rip
version 2
passive-interface Ethernet0/0
network 192.168.1.0
no auto-summary
!
ip nat inside source list 1 interface Ethernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
ip route 0.0.0.0 255.255.255.0 10.64.0.1 permanent
no ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip any any
!
dial-peer cor custom
!
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 13040200020B05
login
!
end
From the PC:
C:\>ipconfig
Windows IP Configuration
Ethernet adapter LAN:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.254
C:\>ping 192.168.0.254
Pinging 192.168.0.254 with 32 bytes of data:
Reply from 192.168.0.254: bytes=32 time=1ms TTL=255
Reply from 192.168.0.254: bytes=32 time=1ms TTL=255
Reply from 192.168.0.254: bytes=32 time=1ms TTL=255
Reply from 192.168.0.254: bytes=32 time=1ms TTL=255
Ping statistics for 192.168.0.254:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
C:\>ping 80.0.159.96
Pinging 80.0.159.96 with 32 bytes of data:
Reply from 80.0.159.96: bytes=32 time=1ms TTL=255
Reply from 80.0.159.96: bytes=32 time=1ms TTL=255
Reply from 80.0.159.96: bytes=32 time=1ms TTL=255
Reply from 80.0.159.96: bytes=32 time=1ms TTL=255
Ping statistics for 80.0.159.96:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
C:\>ping 80.0.159.1
Pinging 80.0.159.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 80.0.159.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\>
From the router:
router#ping 80.0.159.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 80.0.159.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/34/84 ms
router#
Current configuration : 1064 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router
!
enable password 7 094D5B1B100216
!
ip subnet-zero
!
!
ip domain round-robin
no ip domain-lookup
!
no call rsvp-sync
!
!
!
!
!
!
!
!
interface Ethernet0/0
description outside DHCP DSL interface
mac-address 0002.a560.b487
ip address dhcp
ip access-group 100 in
ip nat outside
no ip mroute-cache
no keepalive
half-duplex
no cdp enable
!
interface Ethernet0/1
description Inside static Interface to my LAN
ip address 192.168.0.254 255.255.255.0
ip nat inside
half-duplex
!
router rip
version 2
passive-interface Ethernet0/0
network 192.168.1.0
no auto-summary
!
ip nat inside source list 1 interface Ethernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
ip route 0.0.0.0 255.255.255.0 10.64.0.1 permanent
no ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip any any
!
dial-peer cor custom
!
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 13040200020B05
login
!
end
ASKER
Nope, Still not working, did the things you said above:
From the PC:
C:\>ipconfig
Windows IP Configuration
Ethernet adapter LAN:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.254
C:\>ping 192.168.0.254
Pinging 192.168.0.254 with 32 bytes of data:
Reply from 192.168.0.254: bytes=32 time=1ms TTL=255
Reply from 192.168.0.254: bytes=32 time=1ms TTL=255
Reply from 192.168.0.254: bytes=32 time=1ms TTL=255
Reply from 192.168.0.254: bytes=32 time=1ms TTL=255
Ping statistics for 192.168.0.254:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
C:\>ping 80.0.159.96
Pinging 80.0.159.96 with 32 bytes of data:
Reply from 80.0.159.96: bytes=32 time=1ms TTL=255
Reply from 80.0.159.96: bytes=32 time=1ms TTL=255
Reply from 80.0.159.96: bytes=32 time=1ms TTL=255
Reply from 80.0.159.96: bytes=32 time=1ms TTL=255
Ping statistics for 80.0.159.96:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
C:\>ping 80.0.159.1
Pinging 80.0.159.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 80.0.159.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\>
From the router:
router#ping 80.0.159.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 80.0.159.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/34/84 ms
router#
Current configuration : 1064 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router
!
enable password 7 094D5B1B100216
!
ip subnet-zero
!
!
ip domain round-robin
no ip domain-lookup
!
no call rsvp-sync
!
!
!
!
!
!
!
!
interface Ethernet0/0
description outside DHCP DSL interface
mac-address 0002.a560.b487
ip address dhcp
ip access-group 100 in
ip nat outside
no ip mroute-cache
no keepalive
half-duplex
no cdp enable
!
interface Ethernet0/1
description Inside static Interface to my LAN
ip address 192.168.0.254 255.255.255.0
ip nat inside
half-duplex
!
router rip
version 2
passive-interface Ethernet0/0
network 192.168.1.0
no auto-summary
!
ip nat inside source list 1 interface Ethernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
ip route 0.0.0.0 255.255.255.0 10.64.0.1 permanent
no ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip any any
!
dial-peer cor custom
!
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 13040200020B05
login
!
end
From the PC:
C:\>ipconfig
Windows IP Configuration
Ethernet adapter LAN:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.254
C:\>ping 192.168.0.254
Pinging 192.168.0.254 with 32 bytes of data:
Reply from 192.168.0.254: bytes=32 time=1ms TTL=255
Reply from 192.168.0.254: bytes=32 time=1ms TTL=255
Reply from 192.168.0.254: bytes=32 time=1ms TTL=255
Reply from 192.168.0.254: bytes=32 time=1ms TTL=255
Ping statistics for 192.168.0.254:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
C:\>ping 80.0.159.96
Pinging 80.0.159.96 with 32 bytes of data:
Reply from 80.0.159.96: bytes=32 time=1ms TTL=255
Reply from 80.0.159.96: bytes=32 time=1ms TTL=255
Reply from 80.0.159.96: bytes=32 time=1ms TTL=255
Reply from 80.0.159.96: bytes=32 time=1ms TTL=255
Ping statistics for 80.0.159.96:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
C:\>ping 80.0.159.1
Pinging 80.0.159.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 80.0.159.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\>
From the router:
router#ping 80.0.159.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 80.0.159.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/34/84 ms
router#
Current configuration : 1064 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router
!
enable password 7 094D5B1B100216
!
ip subnet-zero
!
!
ip domain round-robin
no ip domain-lookup
!
no call rsvp-sync
!
!
!
!
!
!
!
!
interface Ethernet0/0
description outside DHCP DSL interface
mac-address 0002.a560.b487
ip address dhcp
ip access-group 100 in
ip nat outside
no ip mroute-cache
no keepalive
half-duplex
no cdp enable
!
interface Ethernet0/1
description Inside static Interface to my LAN
ip address 192.168.0.254 255.255.255.0
ip nat inside
half-duplex
!
router rip
version 2
passive-interface Ethernet0/0
network 192.168.1.0
no auto-summary
!
ip nat inside source list 1 interface Ethernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
ip route 0.0.0.0 255.255.255.0 10.64.0.1 permanent
no ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip any any
!
dial-peer cor custom
!
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 13040200020B05
login
!
end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
MSgeek, thanks for all your help, I'm going to award you the points anyway, it finally started working with the following config, as soon as I put in the access list:
access-list 1 permit 192.168.0.0 0.0.0.255
I'm sure we tried similar to this, put must have screwed up something else, nevermind, its working, many thanks:
Current configuration : 900 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router
!
enable password 7 094D5B1B100216
!
ip subnet-zero
!
!
ip domain round-robin
!
no call rsvp-sync
!
!
interface Ethernet0/0
description outside DHCP DSL interface
mac-address 0002.a560.b487
ip address dhcp
ip access-group 100 in
ip nat outside
no ip mroute-cache
no keepalive
half-duplex
no cdp enable
!
interface Ethernet0/1
description Inside static Interface to my LAN
ip address 192.168.0.254 255.255.255.0
ip nat inside
half-duplex
!
ip nat inside source list 1 interface Ethernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
no ip http server
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 permit ip any any
!
dial-peer cor custom
!
line con 0
line aux 0
line vty 0 4
password 7 13040200020B05
login
!
end
access-list 1 permit 192.168.0.0 0.0.0.255
I'm sure we tried similar to this, put must have screwed up something else, nevermind, its working, many thanks:
Current configuration : 900 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router
!
enable password 7 094D5B1B100216
!
ip subnet-zero
!
!
ip domain round-robin
!
no call rsvp-sync
!
!
interface Ethernet0/0
description outside DHCP DSL interface
mac-address 0002.a560.b487
ip address dhcp
ip access-group 100 in
ip nat outside
no ip mroute-cache
no keepalive
half-duplex
no cdp enable
!
interface Ethernet0/1
description Inside static Interface to my LAN
ip address 192.168.0.254 255.255.255.0
ip nat inside
half-duplex
!
ip nat inside source list 1 interface Ethernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
no ip http server
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 permit ip any any
!
dial-peer cor custom
!
line con 0
line aux 0
line vty 0 4
password 7 13040200020B05
login
!
end
ASKER
Excellent persistent help despite a complex problem
I have to admit I was getting frustrated, that's the funny thing about the CLI. Sometimes it will give an error when you incorrectly enter a command, but if the general syntax is correct or if you have not explicity performed a "no" on previous before adding new it can bring one to tears!
Glad your up and working, just wish I knew what exactly the issue was. I went back over the post and that access list was there since 3/6 @ 2:44 PST. It disappeared around then and you put it back in, oh well make sure you get a TFTP server on your workstation and backup that config!!! Then you can play wround with that as much as you like. Enjoy!
Glad your up and working, just wish I knew what exactly the issue was. I went back over the post and that access list was there since 3/6 @ 2:44 PST. It disappeared around then and you put it back in, oh well make sure you get a TFTP server on your workstation and backup that config!!! Then you can play wround with that as much as you like. Enjoy!