?
Solved

Cisco 2600 as a home DSL router - problems

Posted on 2003-03-11
6
Medium Priority
?
390 Views
Last Modified: 2010-03-19
I'm trying to configure my 2600 as a router for my home LAN to my DSL service provider. After upgrading the IOS I am now able to pickup a DHCP address from my service provider. I can ping from my router and resolve domain names, I can also ping the 2 windows XP PC's on my home LAN. I can't get my PC's to ping past my outside interface on my router however, e0/0. I know that my service provider arn't blocking ICMP because I have asked them, and I can ping from my router. I am sure, that it's something small like NAT or an access list. I have posted one question on this and after much effort we couldn't get it to work.

Please help. The previous question was, it might help you understand what we tried : http://www.experts-exchange.com/Networking/Broadband/DSL_Cable/Q_20525298.html 

My current router config is:

Current configuration : 1064 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router
!
enable password 7 094D5B1B100216
!
ip subnet-zero
!
ip domain round-robin
!
no call rsvp-sync
!
interface Ethernet0/0
description outside DHCP DSL interface
mac-address 0002.a560.b487
ip address dhcp
ip access-group 100 in
ip nat outside
no ip mroute-cache
no keepalive
half-duplex
no cdp enable
!
interface Ethernet0/1
description Inside static Interface to my LAN
ip address 192.168.0.254 255.255.255.0
ip nat inside
half-duplex
!
router rip
version 2
passive-interface Ethernet0/0
network 192.168.1.0
no auto-summary
!
ip nat inside source list 1 interface Ethernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
ip route 0.0.0.0 255.255.255.0 10.64.0.1 permanent
no ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip any any
!
dial-peer cor custom
!
line con 0
line aux 0
line vty 0 4
password 7 13040200020B05
login
!
end

any help would be appreciated
0
Comment
Question by:jbartosik
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 18

Expert Comment

by:chicagoan
ID: 8113123
ip route 0.0.0.0 255.255.255.0 10.64.0.1 permanent

What's 10.64.0.1? if you're on DHCP from your ISP you ought to need only

ip route 0.0.0.0 0.0.0.0 Ethernet0/0

Any packet destined for a subnet other than 192.168.0.X will be put on E0/0...
0
 
LVL 18

Expert Comment

by:chicagoan
ID: 8113156
oops, just noticed this as well...
One would think a simple static default route to E0/0 should suffice.

Where did this idea come from?
router rip
version 2
passive-interface Ethernet0/0
network 192.168.1.0
no auto-summary
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 1200 total points
ID: 8113539
The problem could be in your access-list 1
Your internal clients are 192.168.0.x
You have defined 192.168.1.x to use nat

>CURRENT:
interface Ethernet0/1
description Inside static Interface to my LAN
ip address 192.168.0.254 255.255.255.0

access-list 1 permit 192.168.1.0 0.0.0.255


FIX:
no access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.0.0 0.0.0.255


Suggest that you use something other than subnet zero, or 1, this is way too common today and causes issues later on if you want to connect to another lan (like at the office) that is also on the same subnet.
Suggest a higher number, i.e. 192.168.222.x
Scans starting at 192.168.0.0 take longer to find you at 192.168.222.x, and you can generally determine that a scan is taking place long before they find you this way.
0
Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

 

Author Comment

by:jbartosik
ID: 8118277
Chigocan and lrmoore, thanks for your help, as soon as deleted the other stuff and put in access-list 1 permit 192.168.0.0 0.0.0.255 it started to work. We tried all kinds of things in the other question, but that made it work. I will change my subnet as you suggest. Thanks for your help, my working config is now:

Current configuration : 900 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router
!
enable password 7 094D5B1B100216
!
ip subnet-zero
!
!
ip domain round-robin
!
no call rsvp-sync
!
!
!
interface Ethernet0/0
 description outside DHCP DSL interface
 mac-address 0002.a560.b487
 ip address dhcp
 ip access-group 100 in
 ip nat outside
 no ip mroute-cache
 no keepalive
 half-duplex
 no cdp enable
!
interface Ethernet0/1
 description Inside static Interface to my LAN
 ip address 192.168.0.254 255.255.255.0
 ip nat inside
 half-duplex
!
ip nat inside source list 1 interface Ethernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
no ip http server
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 permit ip any any
!
dial-peer cor custom
!
!
!
!
line con 0
line aux 0
line vty 0 4
 password 7 13040200020B05
 login
!
end

0
 

Author Comment

by:jbartosik
ID: 8118284
Thanks very much for getting this working, fantastic.
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8118891
You're welcome.
Now, follow the Cisco Router guides here to make it secure:

http://www.nsa.gov/snac/index.html
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question