Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 317
  • Last Modified:

Cisco 831 - Internet Configuration Questions

Hi,

I am trying to setup my Cisco 831 router for connection to the internet. I have a cable modem connected to its WAN port and my PC connected to a LAN. I would like to be able to setup the router by using the commands via hyper terminal. I have not been able to get a sucessful connection by using either the SDM or CLI. NAT and ACL's I think are my problem.

Can someone please explain how NAT and NAT Rules work? I can post up my running config if this helps...

Thanks
0
amerretz
Asked:
amerretz
  • 7
  • 4
  • 3
2 Solutions
 
rsivanandanCommented:
It would be better if you could post your current configuration and we can start from there.

Before you do that; I'm assuming that public ip address is being assigned on the WAN interface of the router, in that case, the nat statements should be like this;

ip nat inside source list 1 interface <wanInterface> overload

access-list 1 permit ip <Inside IP of your Network/Your Computer IP Address> <Mask>

int ethernet (Inside interface)
ip nat inside

int <WanInterface>
ip nat outside.

That should be it.

Cheers,
Rajesh
0
 
amerretzAuthor Commented:
Current configuration : 683 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
logging queue-limit 100
enable secret 5 $1$zldM$z3bq.7znh6Lg1LVLraiy7.
!
ip subnet-zero
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
 ip address 192.168.1.20 255.255.255.0
 ip nat inside
 hold-queue 100 out
!
interface Ethernet1
 ip address dhcp
 ip nat outside
 duplex auto
!
ip classless
no ip http server
no ip http secure-server
!
!
line con 0
 no modem enable
 stopbits 1
line aux 0
!
interface Ethernet1
 ip address dhcp
 ip nat outside
 duplex auto
!
ip classless
no ip http server
no ip http secure-server
!
!
line con 0
 no modem enable
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 login
!
scheduler max-task-time 5000
!
end
0
 
amerretzAuthor Commented:
I cant seem to get this to apply.

access-list 1 permit ip <Inside IP of your Network/Your Computer IP Address> <Mask>


I am typing in

access-list 1 permit ip 192.168.1.0 255.255.255.0

Is this right?


0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
rsivanandanCommented:
Ok type this in there;

access-list 1 permit ip 192.168.1.0 0.0.0.255

On the routers, it is the wildcard mask and not the exact mask.

ip nat inside source list 1 interface ethernet1 overload

Cheers,
Rajesh
0
 
amerretzAuthor Commented:
Nope still wont accept it...

This is what happens:


Router(config)#access-list 1 permit ip 192.168.1.0 0.0.0.255
Translating "ip"...domain server (255.255.255.255)
                                    ^
% Invalid input detected at '^' marker.

Router(config)#
0
 
rsivanandanCommented:
Oops, sorry about that, remove the 'ip' from it.

access-list 1 permit 192.168.1.0 0.0.0.255

Cheers,
Rajesh
0
 
Don JohnstonInstructorCommented:
You'll also need to add (from global config mode):

ip nat inside source list 1 interface e1 overload

0
 
amerretzAuthor Commented:
Below is my current config. I still am unable to connect or ping an internet address after applying those commands.

My pc tcp/ip settings are:

IP: 192.168.1.21/24
GW: 192.168.1.20
DNS: 192.168.1.20




Router#sh ru
Building configuration...

Current configuration : 783 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
logging queue-limit 100
enable secret XXXXXXXXXXXXXXXXXXXXXXXXXx
!
ip subnet-zero
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!        
!
!
!
interface Ethernet0
 ip address 192.168.1.20 255.255.255.0
 ip nat inside
 hold-queue 100 out
!
interface Ethernet1
 ip address dhcp
 ip nat outside
 duplex auto
!
ip nat inside source list 1 interface Ethernet1 overload
ip classless
no ip http server
no ip http secure-server
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
line con 0
 no modem enable
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 login
!
scheduler max-task-time 5000
!
end
0
 
Don JohnstonInstructorCommented:
Post the results of:

"show ip interface brief"
"show dhcp lease"
"show ip route"
0
 
amerretzAuthor Commented:
Im just at work now and don't have the router in front of me. I will post the info once I get back home. THanks.
0
 
amerretzAuthor Commented:
ok, I switched on the router this afternoon and the internet now seems to be working. Thanks for your help.

Just a couple of other things. When I point my PC's dns to 192.168.1.20 (router) it does not automatically route dns through the router. I have to manually set the dns address of my isp's servers. Is there a way to set this up on the router.

Also, in terms of security can you please advise what other things I should setup to harden the securty side of things?

Thank you.
0
 
rsivanandanCommented:
If you had been using the router as the dhcp server then it can be provided automatically (I mean the ISP server). The router by itself doesn't act as a dns server.

Cheers,
Rajesh
0
 
amerretzAuthor Commented:
If I use the router as a dhcp server, can I reserve specific IP addresses for mac addresses? I need to remote connect to a workstation via rdp and this would require a fixed address. That way I can setup a static NAT rule...

Thanks
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 7
  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now