Solved

Can someone look at my config?  I can ping out from the router but not from a pc attached to the fe0/0 interface...

Posted on 2008-10-22
7
249 Views
Last Modified: 2013-12-12
Hello,

I am trying to configure a router for a new T1 connection.  I think my config looks ok, but I must be missing something.  

At this time, I can ping the outside world from the router itself &

But, when I hook my laptop up to the fe0/0 interface, with an ip on the 192.168.5.0  subnet (fe0/0 is 192.168.5.1/24;  laptop is 192.168.5.123/24;  laptop gw is 192.168.5.1)&

I can ping fe0/0&
I can ping ser0/0/0.1 (66.84.152.78)&

But I can not ping past ser0/0/0.1 to the outside world.

I can ping the outside world from the router itself.

This tells me I have made a mistake in my configuration somewhere, but I cant seem to find it.

Would you mind looking over the config and seeing if you can spot my problem?  

I would hate to escalate it back to Norlight and have it be an issue with my configuration.  I would greatly appreciate it if you can take a look.



Here is the current config:

MEP_1841#sh run
Building configuration...

Current configuration : 2501 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname MEP_1841
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
!
!
ip domain name mepassociates.com
!

!
!
!
interface FastEthernet0/0
 description -----> LAN-side connection
 ip address 192.168.5.1 255.255.255.0
 ip access-group 101 in
 ip nat inside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0/0
 description -----> WAN connection to Norlight
 no ip address
 encapsulation frame-relay
 service-module t1 timeslots 1-24
 frame-relay lmi-type ansi
!
interface Serial0/0/0.1 point-to-point
 description MEP default gateway
 ip address 66.84.152.78 255.255.255.252
 frame-relay interface-dlci 500 IETF
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0.1
!
ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Serial0/0/0 overload
ip nat inside source static tcp 192.168.5.100 21 66.84.152.78 21 extendable
ip nat inside source static tcp 192.168.5.6 25 66.84.152.78 25 extendable
ip nat inside source static tcp 192.168.5.100 80 66.84.152.78 80 extendable
ip nat inside source static tcp 192.168.5.100 110 66.84.152.78 110 extendable
ip nat inside source static tcp 192.168.5.100 443 66.84.152.78 443 extendable
ip nat inside source static tcp 192.168.5.100 3389 66.84.152.78 3389 extendable
ip nat inside source static tcp 192.168.5.100 4125 66.84.152.78 4125 extendable
!
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 23 remark .......... allows telnet from CorpTech
access-list 23 permit 12.167.213.130
access-list 101 remark ........ blocks smtp traffic from any host except exchange server
access-list 101 permit tcp host 192.168.5.100 any eq smtp
access-list 101 deny   tcp any any eq smtp
access-list 101 permit ip any any
!
control-plane
!
!
line con 0
 login local
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 access-class 23 in
 privilege level 15
 login local
 transport input telnet
!
end

MEP_1841#


I can't for the life of me figure out why my pings from the laptop can't get out.  I would appreciate any thoughts or suggestions.

Scott

0
Comment
Question by:corptech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 16

Accepted Solution

by:
btassure earned 500 total points
ID: 22781684
You don't have an ip nat outside on the outside interface...
0
 
LVL 2

Author Comment

by:corptech
ID: 22781739
thanks...

can you tell me what that command is doing?
0
 
LVL 16

Expert Comment

by:btassure
ID: 22781786
You need a nat inside and a nat outside command so the router knows which packets to actually apply nat to. With only a nat inside it will not know that the packets are going outside the network and need to have the nat applied and will assume they are remaining in the network boundary.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 2

Author Comment

by:corptech
ID: 22782803
so, if i had left off the nat inside (which i need, to direct traffic to the appropriate servers, but I am just wondering), does the router then know to send the traffic out using the iproute command?

by the way, router is working perfectly now... thanks!!!

0
 
LVL 16

Expert Comment

by:btassure
ID: 22783572
No, if you took out all the nat commands then it wouldn't know to nat at all. It would then just route the traffic out but the routers further up the chain would not have routes for your private subnet.
0
 
LVL 2

Author Closing Comment

by:corptech
ID: 31508974
perfect... thanks!
0
 
LVL 2

Author Comment

by:corptech
ID: 22785544
gotcha...

Thanks a lot!
0

Featured Post

Want Experts Exchange at your fingertips?

With Experts Exchange’s latest app release, you can now experience our most recent features, updates, and the same community interface while on-the-go. Download our latest app release at the Android or Apple stores today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month6 days, 5 hours left to enroll

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question