Cisco 2600 as a home DSL router - problems

I'm trying to configure my 2600 as a router for my home LAN to my DSL service provider. After upgrading the IOS I am now able to pickup a DHCP address from my service provider. I can ping from my router and resolve domain names, I can also ping the 2 windows XP PC's on my home LAN. I can't get my PC's to ping past my outside interface on my router however, e0/0. I know that my service provider arn't blocking ICMP because I have asked them, and I can ping from my router. I am sure, that it's something small like NAT or an access list. I have posted one question on this and after much effort we couldn't get it to work.

Please help. The previous question was, it might help you understand what we tried : http://www.experts-exchange.com/Networking/Broadband/DSL_Cable/Q_20525298.html 

My current router config is:

Current configuration : 1064 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router
!
enable password 7 094D5B1B100216
!
ip subnet-zero
!
ip domain round-robin
!
no call rsvp-sync
!
interface Ethernet0/0
description outside DHCP DSL interface
mac-address 0002.a560.b487
ip address dhcp
ip access-group 100 in
ip nat outside
no ip mroute-cache
no keepalive
half-duplex
no cdp enable
!
interface Ethernet0/1
description Inside static Interface to my LAN
ip address 192.168.0.254 255.255.255.0
ip nat inside
half-duplex
!
router rip
version 2
passive-interface Ethernet0/0
network 192.168.1.0
no auto-summary
!
ip nat inside source list 1 interface Ethernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
ip route 0.0.0.0 255.255.255.0 10.64.0.1 permanent
no ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip any any
!
dial-peer cor custom
!
line con 0
line aux 0
line vty 0 4
password 7 13040200020B05
login
!
end

any help would be appreciated
jbartosikAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

chicagoanCommented:
ip route 0.0.0.0 255.255.255.0 10.64.0.1 permanent

What's 10.64.0.1? if you're on DHCP from your ISP you ought to need only

ip route 0.0.0.0 0.0.0.0 Ethernet0/0

Any packet destined for a subnet other than 192.168.0.X will be put on E0/0...
0
chicagoanCommented:
oops, just noticed this as well...
One would think a simple static default route to E0/0 should suffice.

Where did this idea come from?
router rip
version 2
passive-interface Ethernet0/0
network 192.168.1.0
no auto-summary
0
lrmooreCommented:
The problem could be in your access-list 1
Your internal clients are 192.168.0.x
You have defined 192.168.1.x to use nat

>CURRENT:
interface Ethernet0/1
description Inside static Interface to my LAN
ip address 192.168.0.254 255.255.255.0

access-list 1 permit 192.168.1.0 0.0.0.255


FIX:
no access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.0.0 0.0.0.255


Suggest that you use something other than subnet zero, or 1, this is way too common today and causes issues later on if you want to connect to another lan (like at the office) that is also on the same subnet.
Suggest a higher number, i.e. 192.168.222.x
Scans starting at 192.168.0.0 take longer to find you at 192.168.222.x, and you can generally determine that a scan is taking place long before they find you this way.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

jbartosikAuthor Commented:
Chigocan and lrmoore, thanks for your help, as soon as deleted the other stuff and put in access-list 1 permit 192.168.0.0 0.0.0.255 it started to work. We tried all kinds of things in the other question, but that made it work. I will change my subnet as you suggest. Thanks for your help, my working config is now:

Current configuration : 900 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router
!
enable password 7 094D5B1B100216
!
ip subnet-zero
!
!
ip domain round-robin
!
no call rsvp-sync
!
!
!
interface Ethernet0/0
 description outside DHCP DSL interface
 mac-address 0002.a560.b487
 ip address dhcp
 ip access-group 100 in
 ip nat outside
 no ip mroute-cache
 no keepalive
 half-duplex
 no cdp enable
!
interface Ethernet0/1
 description Inside static Interface to my LAN
 ip address 192.168.0.254 255.255.255.0
 ip nat inside
 half-duplex
!
ip nat inside source list 1 interface Ethernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0/0
no ip http server
!
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 permit ip any any
!
dial-peer cor custom
!
!
!
!
line con 0
line aux 0
line vty 0 4
 password 7 13040200020B05
 login
!
end

0
jbartosikAuthor Commented:
Thanks very much for getting this working, fantastic.
0
lrmooreCommented:
You're welcome.
Now, follow the Cisco Router guides here to make it secure:

http://www.nsa.gov/snac/index.html
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.