Can someone look at my config? I can ping out from the router but not from a pc attached to the fe0/0 interface...

Hello,

I am trying to configure a router for a new T1 connection.  I think my config looks ok, but I must be missing something.  

At this time, I can ping the outside world from the router itself &

But, when I hook my laptop up to the fe0/0 interface, with an ip on the 192.168.5.0  subnet (fe0/0 is 192.168.5.1/24;  laptop is 192.168.5.123/24;  laptop gw is 192.168.5.1)&

I can ping fe0/0&
I can ping ser0/0/0.1 (66.84.152.78)&

But I can not ping past ser0/0/0.1 to the outside world.

I can ping the outside world from the router itself.

This tells me I have made a mistake in my configuration somewhere, but I cant seem to find it.

Would you mind looking over the config and seeing if you can spot my problem?  

I would hate to escalate it back to Norlight and have it be an issue with my configuration.  I would greatly appreciate it if you can take a look.



Here is the current config:

MEP_1841#sh run
Building configuration...

Current configuration : 2501 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname MEP_1841
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
!
!
ip domain name mepassociates.com
!

!
!
!
interface FastEthernet0/0
 description -----> LAN-side connection
 ip address 192.168.5.1 255.255.255.0
 ip access-group 101 in
 ip nat inside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0/0
 description -----> WAN connection to Norlight
 no ip address
 encapsulation frame-relay
 service-module t1 timeslots 1-24
 frame-relay lmi-type ansi
!
interface Serial0/0/0.1 point-to-point
 description MEP default gateway
 ip address 66.84.152.78 255.255.255.252
 frame-relay interface-dlci 500 IETF
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0.1
!
ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Serial0/0/0 overload
ip nat inside source static tcp 192.168.5.100 21 66.84.152.78 21 extendable
ip nat inside source static tcp 192.168.5.6 25 66.84.152.78 25 extendable
ip nat inside source static tcp 192.168.5.100 80 66.84.152.78 80 extendable
ip nat inside source static tcp 192.168.5.100 110 66.84.152.78 110 extendable
ip nat inside source static tcp 192.168.5.100 443 66.84.152.78 443 extendable
ip nat inside source static tcp 192.168.5.100 3389 66.84.152.78 3389 extendable
ip nat inside source static tcp 192.168.5.100 4125 66.84.152.78 4125 extendable
!
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 23 remark .......... allows telnet from CorpTech
access-list 23 permit 12.167.213.130
access-list 101 remark ........ blocks smtp traffic from any host except exchange server
access-list 101 permit tcp host 192.168.5.100 any eq smtp
access-list 101 deny   tcp any any eq smtp
access-list 101 permit ip any any
!
control-plane
!
!
line con 0
 login local
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 access-class 23 in
 privilege level 15
 login local
 transport input telnet
!
end

MEP_1841#


I can't for the life of me figure out why my pings from the laptop can't get out.  I would appreciate any thoughts or suggestions.

Scott

LVL 2
corptechAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btassureCommented:
You don't have an ip nat outside on the outside interface...
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
corptechAuthor Commented:
thanks...

can you tell me what that command is doing?
0
btassureCommented:
You need a nat inside and a nat outside command so the router knows which packets to actually apply nat to. With only a nat inside it will not know that the packets are going outside the network and need to have the nat applied and will assume they are remaining in the network boundary.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

corptechAuthor Commented:
so, if i had left off the nat inside (which i need, to direct traffic to the appropriate servers, but I am just wondering), does the router then know to send the traffic out using the iproute command?

by the way, router is working perfectly now... thanks!!!

0
btassureCommented:
No, if you took out all the nat commands then it wouldn't know to nat at all. It would then just route the traffic out but the routers further up the chain would not have routes for your private subnet.
0
corptechAuthor Commented:
perfect... thanks!
0
corptechAuthor Commented:
gotcha...

Thanks a lot!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Broadband

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.