Setting up Cisco 1750 Router as an internet router for local lan

I have a cisco 1750 Router which I need to give a few users outbound internet connection to. My LAN and WAN IP is configured and ip routing enabled. From the router I can ping the internet but can't ping or access the internet from any users workstation.  Do i need to create a access-list for outbound traffic for my LAN? My configuration file is as follow:

Current configuration : 1045 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxx.xxxxxx.xxxx
!
memory-size iomem 25
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
!
!
ip name-server 8.8.4.4
ip dhcp excluded-address 192.168.2.1 192.168.2.100
ip dhcp excluded-address 192.168.2.150 192.168.2.255
!
ip dhcp pool test
   network 192.168.2.0 255.255.255.0
   dns-server 8.8.4.4
   default-router 192.168.2.1
!
ip cef
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
 ip address 67.68.69.243 255.255.255.248
 ip nat inside
 full-duplex
!
interface FastEthernet0
 ip address 192.168.2.1 255.255.255.0
 speed auto
!
interface Serial0
 no ip address
 shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 67.68.69.241
no ip http server
no ip http secure-server
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
end
marcalfa1Asked:
Who is Participating?
 
Justin EllenbeckerConnect With a Mentor IT DirectorCommented:
OK you ip nat inside statement is on the wrong interface.  The lines below will fix that you need to make the one with the external adapter outside, then make the one with the lan IP inside.  Then we tell it what ACL to use which is a list of IPs and where they can go and what the external IP it should use.  Since you only have we tell it to use the on on the ethernet0 interface, doing it this way is nice if that IP ever changes.  Then we create the ACL and the permit statement. That should do it.

Conf t
int eth0
no ip nat inside
ip nat outside
exit
int fa0
ip nat inside
exit
ip nat inside source list NATACL interface Ethernet0 overload
ip access-list extended NATACL
permit ip 192.168.2.0 0.0.0.255 any


StrifeJester
0
 
Justin EllenbeckerIT DirectorCommented:
Yes you will need and ACL to tell it what IPs are allowed to NAT. Give me a few and I will post what you need to put in.
0
 
shauncroucherConnect With a Mentor Commented:
For all clients run below. change the wildcask mask as appropriate to allow only certain users.

Also note your ip nat inside statement is on the wrong interface at the moment, so I have removed this in the commands.

access-list 1 permit 192.168.2.0 0.0.0.255

interface fa0/0
ip nat inside
interface e0/0
no ip nat inside
ip nat outside

ip nat inside source list 1 interface e0/0 overload

Shaun
0
All Courses

From novice to tech pro — start learning today.