Solved

Cisco 831 - Internet Configuration Questions

Posted on 2006-11-25
14
312 Views
Last Modified: 2010-04-17
Hi,

I am trying to setup my Cisco 831 router for connection to the internet. I have a cable modem connected to its WAN port and my PC connected to a LAN. I would like to be able to setup the router by using the commands via hyper terminal. I have not been able to get a sucessful connection by using either the SDM or CLI. NAT and ACL's I think are my problem.

Can someone please explain how NAT and NAT Rules work? I can post up my running config if this helps...

Thanks
0
Comment
Question by:amerretz
  • 7
  • 4
  • 3
14 Comments
 
LVL 32

Expert Comment

by:rsivanandan
ID: 18013408
It would be better if you could post your current configuration and we can start from there.

Before you do that; I'm assuming that public ip address is being assigned on the WAN interface of the router, in that case, the nat statements should be like this;

ip nat inside source list 1 interface <wanInterface> overload

access-list 1 permit ip <Inside IP of your Network/Your Computer IP Address> <Mask>

int ethernet (Inside interface)
ip nat inside

int <WanInterface>
ip nat outside.

That should be it.

Cheers,
Rajesh
0
 

Author Comment

by:amerretz
ID: 18013631
Current configuration : 683 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
logging queue-limit 100
enable secret 5 $1$zldM$z3bq.7znh6Lg1LVLraiy7.
!
ip subnet-zero
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
 ip address 192.168.1.20 255.255.255.0
 ip nat inside
 hold-queue 100 out
!
interface Ethernet1
 ip address dhcp
 ip nat outside
 duplex auto
!
ip classless
no ip http server
no ip http secure-server
!
!
line con 0
 no modem enable
 stopbits 1
line aux 0
!
interface Ethernet1
 ip address dhcp
 ip nat outside
 duplex auto
!
ip classless
no ip http server
no ip http secure-server
!
!
line con 0
 no modem enable
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 login
!
scheduler max-task-time 5000
!
end
0
 

Author Comment

by:amerretz
ID: 18013639
I cant seem to get this to apply.

access-list 1 permit ip <Inside IP of your Network/Your Computer IP Address> <Mask>


I am typing in

access-list 1 permit ip 192.168.1.0 255.255.255.0

Is this right?


0
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

 
LVL 32

Expert Comment

by:rsivanandan
ID: 18013773
Ok type this in there;

access-list 1 permit ip 192.168.1.0 0.0.0.255

On the routers, it is the wildcard mask and not the exact mask.

ip nat inside source list 1 interface ethernet1 overload

Cheers,
Rajesh
0
 

Author Comment

by:amerretz
ID: 18013884
Nope still wont accept it...

This is what happens:


Router(config)#access-list 1 permit ip 192.168.1.0 0.0.0.255
Translating "ip"...domain server (255.255.255.255)
                                    ^
% Invalid input detected at '^' marker.

Router(config)#
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 250 total points
ID: 18013992
Oops, sorry about that, remove the 'ip' from it.

access-list 1 permit 192.168.1.0 0.0.0.255

Cheers,
Rajesh
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 250 total points
ID: 18014106
You'll also need to add (from global config mode):

ip nat inside source list 1 interface e1 overload

0
 

Author Comment

by:amerretz
ID: 18015315
Below is my current config. I still am unable to connect or ping an internet address after applying those commands.

My pc tcp/ip settings are:

IP: 192.168.1.21/24
GW: 192.168.1.20
DNS: 192.168.1.20




Router#sh ru
Building configuration...

Current configuration : 783 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
logging queue-limit 100
enable secret XXXXXXXXXXXXXXXXXXXXXXXXXx
!
ip subnet-zero
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!        
!
!
!
interface Ethernet0
 ip address 192.168.1.20 255.255.255.0
 ip nat inside
 hold-queue 100 out
!
interface Ethernet1
 ip address dhcp
 ip nat outside
 duplex auto
!
ip nat inside source list 1 interface Ethernet1 overload
ip classless
no ip http server
no ip http secure-server
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
line con 0
 no modem enable
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 login
!
scheduler max-task-time 5000
!
end
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 18015694
Post the results of:

"show ip interface brief"
"show dhcp lease"
"show ip route"
0
 

Author Comment

by:amerretz
ID: 18015719
Im just at work now and don't have the router in front of me. I will post the info once I get back home. THanks.
0
 

Author Comment

by:amerretz
ID: 18017575
ok, I switched on the router this afternoon and the internet now seems to be working. Thanks for your help.

Just a couple of other things. When I point my PC's dns to 192.168.1.20 (router) it does not automatically route dns through the router. I have to manually set the dns address of my isp's servers. Is there a way to set this up on the router.

Also, in terms of security can you please advise what other things I should setup to harden the securty side of things?

Thank you.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 18017864
If you had been using the router as the dhcp server then it can be provided automatically (I mean the ISP server). The router by itself doesn't act as a dns server.

Cheers,
Rajesh
0
 

Author Comment

by:amerretz
ID: 18018022
If I use the router as a dhcp server, can I reserve specific IP addresses for mac addresses? I need to remote connect to a workstation via rdp and this would require a fixed address. That way I can setup a static NAT rule...

Thanks
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 18018638
0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question