Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Can someone look at my config?  I can ping out from the router but not from a pc attached to the fe0/0 interface...

Posted on 2008-10-22
7
Medium Priority
?
252 Views
Last Modified: 2013-12-12
Hello,

I am trying to configure a router for a new T1 connection.  I think my config looks ok, but I must be missing something.  

At this time, I can ping the outside world from the router itself &

But, when I hook my laptop up to the fe0/0 interface, with an ip on the 192.168.5.0  subnet (fe0/0 is 192.168.5.1/24;  laptop is 192.168.5.123/24;  laptop gw is 192.168.5.1)&

I can ping fe0/0&
I can ping ser0/0/0.1 (66.84.152.78)&

But I can not ping past ser0/0/0.1 to the outside world.

I can ping the outside world from the router itself.

This tells me I have made a mistake in my configuration somewhere, but I cant seem to find it.

Would you mind looking over the config and seeing if you can spot my problem?  

I would hate to escalate it back to Norlight and have it be an issue with my configuration.  I would greatly appreciate it if you can take a look.



Here is the current config:

MEP_1841#sh run
Building configuration...

Current configuration : 2501 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname MEP_1841
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
!
!
ip domain name mepassociates.com
!

!
!
!
interface FastEthernet0/0
 description -----> LAN-side connection
 ip address 192.168.5.1 255.255.255.0
 ip access-group 101 in
 ip nat inside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0/0
 description -----> WAN connection to Norlight
 no ip address
 encapsulation frame-relay
 service-module t1 timeslots 1-24
 frame-relay lmi-type ansi
!
interface Serial0/0/0.1 point-to-point
 description MEP default gateway
 ip address 66.84.152.78 255.255.255.252
 frame-relay interface-dlci 500 IETF
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0.1
!
ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Serial0/0/0 overload
ip nat inside source static tcp 192.168.5.100 21 66.84.152.78 21 extendable
ip nat inside source static tcp 192.168.5.6 25 66.84.152.78 25 extendable
ip nat inside source static tcp 192.168.5.100 80 66.84.152.78 80 extendable
ip nat inside source static tcp 192.168.5.100 110 66.84.152.78 110 extendable
ip nat inside source static tcp 192.168.5.100 443 66.84.152.78 443 extendable
ip nat inside source static tcp 192.168.5.100 3389 66.84.152.78 3389 extendable
ip nat inside source static tcp 192.168.5.100 4125 66.84.152.78 4125 extendable
!
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 23 remark .......... allows telnet from CorpTech
access-list 23 permit 12.167.213.130
access-list 101 remark ........ blocks smtp traffic from any host except exchange server
access-list 101 permit tcp host 192.168.5.100 any eq smtp
access-list 101 deny   tcp any any eq smtp
access-list 101 permit ip any any
!
control-plane
!
!
line con 0
 login local
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 access-class 23 in
 privilege level 15
 login local
 transport input telnet
!
end

MEP_1841#


I can't for the life of me figure out why my pings from the laptop can't get out.  I would appreciate any thoughts or suggestions.

Scott

0
Comment
Question by:corptech
  • 4
  • 3
7 Comments
 
LVL 16

Accepted Solution

by:
btassure earned 2000 total points
ID: 22781684
You don't have an ip nat outside on the outside interface...
0
 
LVL 2

Author Comment

by:corptech
ID: 22781739
thanks...

can you tell me what that command is doing?
0
 
LVL 16

Expert Comment

by:btassure
ID: 22781786
You need a nat inside and a nat outside command so the router knows which packets to actually apply nat to. With only a nat inside it will not know that the packets are going outside the network and need to have the nat applied and will assume they are remaining in the network boundary.
0
Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
LVL 2

Author Comment

by:corptech
ID: 22782803
so, if i had left off the nat inside (which i need, to direct traffic to the appropriate servers, but I am just wondering), does the router then know to send the traffic out using the iproute command?

by the way, router is working perfectly now... thanks!!!

0
 
LVL 16

Expert Comment

by:btassure
ID: 22783572
No, if you took out all the nat commands then it wouldn't know to nat at all. It would then just route the traffic out but the routers further up the chain would not have routes for your private subnet.
0
 
LVL 2

Author Closing Comment

by:corptech
ID: 31508974
perfect... thanks!
0
 
LVL 2

Author Comment

by:corptech
ID: 22785544
gotcha...

Thanks a lot!
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question