Solved

Cisco 831 - Internet Configuration Questions

Posted on 2006-11-25
14
308 Views
Last Modified: 2010-04-17
Hi,

I am trying to setup my Cisco 831 router for connection to the internet. I have a cable modem connected to its WAN port and my PC connected to a LAN. I would like to be able to setup the router by using the commands via hyper terminal. I have not been able to get a sucessful connection by using either the SDM or CLI. NAT and ACL's I think are my problem.

Can someone please explain how NAT and NAT Rules work? I can post up my running config if this helps...

Thanks
0
Comment
Question by:amerretz
  • 7
  • 4
  • 3
14 Comments
 
LVL 32

Expert Comment

by:rsivanandan
ID: 18013408
It would be better if you could post your current configuration and we can start from there.

Before you do that; I'm assuming that public ip address is being assigned on the WAN interface of the router, in that case, the nat statements should be like this;

ip nat inside source list 1 interface <wanInterface> overload

access-list 1 permit ip <Inside IP of your Network/Your Computer IP Address> <Mask>

int ethernet (Inside interface)
ip nat inside

int <WanInterface>
ip nat outside.

That should be it.

Cheers,
Rajesh
0
 

Author Comment

by:amerretz
ID: 18013631
Current configuration : 683 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
logging queue-limit 100
enable secret 5 $1$zldM$z3bq.7znh6Lg1LVLraiy7.
!
ip subnet-zero
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
 ip address 192.168.1.20 255.255.255.0
 ip nat inside
 hold-queue 100 out
!
interface Ethernet1
 ip address dhcp
 ip nat outside
 duplex auto
!
ip classless
no ip http server
no ip http secure-server
!
!
line con 0
 no modem enable
 stopbits 1
line aux 0
!
interface Ethernet1
 ip address dhcp
 ip nat outside
 duplex auto
!
ip classless
no ip http server
no ip http secure-server
!
!
line con 0
 no modem enable
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 login
!
scheduler max-task-time 5000
!
end
0
 

Author Comment

by:amerretz
ID: 18013639
I cant seem to get this to apply.

access-list 1 permit ip <Inside IP of your Network/Your Computer IP Address> <Mask>


I am typing in

access-list 1 permit ip 192.168.1.0 255.255.255.0

Is this right?


0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 18013773
Ok type this in there;

access-list 1 permit ip 192.168.1.0 0.0.0.255

On the routers, it is the wildcard mask and not the exact mask.

ip nat inside source list 1 interface ethernet1 overload

Cheers,
Rajesh
0
 

Author Comment

by:amerretz
ID: 18013884
Nope still wont accept it...

This is what happens:


Router(config)#access-list 1 permit ip 192.168.1.0 0.0.0.255
Translating "ip"...domain server (255.255.255.255)
                                    ^
% Invalid input detected at '^' marker.

Router(config)#
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 250 total points
ID: 18013992
Oops, sorry about that, remove the 'ip' from it.

access-list 1 permit 192.168.1.0 0.0.0.255

Cheers,
Rajesh
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 250 total points
ID: 18014106
You'll also need to add (from global config mode):

ip nat inside source list 1 interface e1 overload

0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:amerretz
ID: 18015315
Below is my current config. I still am unable to connect or ping an internet address after applying those commands.

My pc tcp/ip settings are:

IP: 192.168.1.21/24
GW: 192.168.1.20
DNS: 192.168.1.20




Router#sh ru
Building configuration...

Current configuration : 783 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
logging queue-limit 100
enable secret XXXXXXXXXXXXXXXXXXXXXXXXXx
!
ip subnet-zero
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!        
!
!
!
interface Ethernet0
 ip address 192.168.1.20 255.255.255.0
 ip nat inside
 hold-queue 100 out
!
interface Ethernet1
 ip address dhcp
 ip nat outside
 duplex auto
!
ip nat inside source list 1 interface Ethernet1 overload
ip classless
no ip http server
no ip http secure-server
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
line con 0
 no modem enable
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 login
!
scheduler max-task-time 5000
!
end
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 18015694
Post the results of:

"show ip interface brief"
"show dhcp lease"
"show ip route"
0
 

Author Comment

by:amerretz
ID: 18015719
Im just at work now and don't have the router in front of me. I will post the info once I get back home. THanks.
0
 

Author Comment

by:amerretz
ID: 18017575
ok, I switched on the router this afternoon and the internet now seems to be working. Thanks for your help.

Just a couple of other things. When I point my PC's dns to 192.168.1.20 (router) it does not automatically route dns through the router. I have to manually set the dns address of my isp's servers. Is there a way to set this up on the router.

Also, in terms of security can you please advise what other things I should setup to harden the securty side of things?

Thank you.
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 18017864
If you had been using the router as the dhcp server then it can be provided automatically (I mean the ISP server). The router by itself doesn't act as a dns server.

Cheers,
Rajesh
0
 

Author Comment

by:amerretz
ID: 18018022
If I use the router as a dhcp server, can I reserve specific IP addresses for mac addresses? I need to remote connect to a workstation via rdp and this would require a fixed address. That way I can setup a static NAT rule...

Thanks
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 18018638
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now