i have a cisco 851w and i cant get it on the internet

Im a little new to cisco routers and i cannot get this one to connect to the internet... i have evperience w/ th older cisos but have not used one in a while. long story short im trying to set this up for a dr office. so it has to be encripted and use an interal address of 192.168.1.2 and a wan address of x.x.x.x.x /xx  they have a server as the dhcp ... i was able to change the ip and setup the access list to get back into the router... now i just need the wireless working and the nat working...
 and a vpn in the future...
here is my  running config...
Building configuration...
 
Current configuration : 7218 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Hiens
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$EGbZ$88KUSpK.lExiSSibS72zw0
!
aaa new-model
!
!
aaa group server radius rad_eap
!
aaa group server radius rad_mac
 --More--         !
aaa group server radius rad_acct
!
aaa group server radius rad_admin
!
aaa group server tacacs+ tac_admin
!
aaa group server radius rad_pmip
!
aaa group server radius dummy
!
aaa authentication login eap_methods group rad_eap
aaa authentication login mac_methods local
aaa authorization ipmobile default group rad_pmip
aaa accounting network acct_methods start-stop group rad_acct
!
!
aaa session-id common
!
crypto pki trustpoint TP-self-signed-3154526513
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3154526513
 revocation-check none
 --More--          rsakeypair TP-self-signed-3154526513
!
!
crypto pki certificate chain TP-self-signed-3154526513
 certificate self-signed 01
  30820251 308201BA A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33313534 35323635 3133301E 170D3032 30333031 30303038
  32375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 31353435
  32363531 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100BE72 DE523302 6F4C04A2 4E561825 83077A0E 20A95339 5BE684EE F54E417D
  857D1D65 240A2DF8 E7ADC391 72FFD272 0696F980 326F389A 662FAA60 D9BD8F30
  D199D2CB 1AA44E78 549F2EAE 52C4E4ED BB97CE0E 86A511AF 8457FCFB FB9EEAA3
  CD52A6A0 01837950 683CFECB DCCF939B AF5ECA6E 3E459CBA 36692A8A 829E1278
  68A30203 010001A3 79307730 0F060355 1D130101 FF040530 030101FF 30240603
  551D1104 1D301B82 19486965 6E732E48 65696E73 46616D69 6C794465 6E746973
  7279301F 0603551D 23041830 168014A6 3F73FC80 6AF0742E FF79C9D7 DCFFAC38
  F70AFC30 1D060355 1D0E0416 0414A63F 73FC806A F0742EFF 79C9D7DC FFAC38F7
  0AFC300D 06092A86 4886F70D 01010405 00038181 00346A79 ABB33A99 A95819D4
  A2FA298A 80C76537 8D3C107E B837D9CC B995647F 2673620C F00A2585 26775491
  45693189 541AF176 FEA8AC53 49336C0E 61E3D249 448417ED A5204295 BCD3351A
  C3186FFC 34148F73 657324BD 7B60CC8A 288780BD FB12E27B 62091AFC AA2F7CF6
 --More--           2316418F B3136EBB CA310C98 572F5DC1 AF34EA7C 92
                quit
dot11 syslog
!
dot11 ssid HFD
   authentication open
   guest-mode
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.121 192.168.1.254
!
ip dhcp pool ccp-pool
   import all
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.2
   dns-server 192.168.1.2 208.67.222.222
   lease 0 2
!
!
ip cef
ip domain name HeinsFamilyDentisry
 --More--         ip name-server 192.168.1.1
ip name-server 192.168.10.1
!
!
!
username admin privilege 15 secret 5 $1$NKDK$PWHYGjbQaeBY5779v3NSr1
!
!
archive
 log config
  hidekeys
!
!
zone security inside
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
 --More--         interface FastEthernet3
!
interface FastEthernet4
 description $ES_WAN$$ETH-WAN$
 ip address dhcp client-id FastEthernet4
 ip access-group 23 in
 ip access-group 100 out
 ip nat outside
 ip virtual-reassembly
 zone-member security inside
 duplex auto
 speed auto
!
interface Dot11Radio0
 no ip address
 !
 encryption key 1 size 128bit 0 11223344557711227788669911 transmit-key
 encryption mode wep mandatory
 !
 ssid HFD
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 --More--          station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
 ip address 192.168.1.2 255.255.255.0
 ip access-group 100 in
 ip access-group 23 out
 ip nat inside
 ip virtual-reassembly
 zone-member security inside
 ip tcp adjust-mss 1452
!
router rip
 network 192.168.1.0
 network 192.168.10.0
 no auto-summary
!
 --More--         ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool pool1 192.168.10.112 192.168.10.112 netmask 255.255.255.0
ip nat inside source list 111 pool pool1
!
ip access-list extended any
 remark SDM_ACL Category=128
 permit ip any any
!
access-list 23 remark CCP_ACL Category=17
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 23 permit any
access-list 100 remark CCP_ACL Category=1
access-list 100 permit udp host 192.168.1.1 eq domain any
access-list 100 permit ip 10.10.10.0 0.0.0.7 any
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
 --More--         access-list 100 permit ip any any
access-list 111 remark nat rule
access-list 111 remark CCP_ACL Category=2
access-list 111 permit ip 192.168.1.0 0.0.0.255 any
no cdp run
radius-server attribute 32 include-in-access-req format %h
radius-server vsa send accounting
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
 
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
 
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
 --More--         
username <myuser> privilege 15 secret 0 <mypassword>
 
Replace <myuser> and <mypassword> with the username and password you
want to use.
 
-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.
 
YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE  
PUBLICLY-KNOWN CREDENTIALS
 
Here are the Cisco IOS commands.
 
username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco
 
Replace <myuser> and <mypassword> with the username and password you want
 --More--         to use.
 
IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
 
For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp 
-----------------------------------------------------------------------
^C
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 transport input telnet ssh
!
scheduler max-task-time 5000
end
carrolc575Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Erik BjersPrincipal Systems AdministratorCommented:
not sure but I think this line

ip route 0.0.0.0 0.0.0.0 FastEthernet4

should be

ip route 0.0.0.0 0.0.0.0 IP.OF.ISP.Gateway

eb
0
carrolc575Author Commented:
thied it .... no go

they may be good but i cannot comunicate w/ my dns servers when i ping out from the cobnnection
i connot ping my network gateway of 192.168.10.1...
0
Erik BjersPrincipal Systems AdministratorCommented:
please provide a diagram of what you are trying to setup

you need to include IP information but you can use fake to protect your privacy.

eb
0
Webinar: Miercom Evaluates Wi-Fi Security

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom how WatchGuard's Wi-Fi security stacks up against the competition in our upcoming webinar!

carrolc575Author Commented:
ok my default rout was setup for 192.168.10.1 wehnt my gateway was 192.168.10.254

so now i just need to test it... internet trafic is not going trough yet  but im able to ping google from my router....
0
Erik BjersPrincipal Systems AdministratorCommented:
run these commands from a computer inside your network and post the results

ipconfig /all
nslookup google.com
nslookup google.com 4.2.2.2

eb
0
carrolc575Author Commented:
here is behind the router...
file.txt
0
Erik BjersPrincipal Systems AdministratorCommented:
OK you are still not getting out

Please run
tracert 4.2.2.2
attach the results and a new configuration from you router

I also noticed that you have both an internal and an external DNS assigned to your workstation
        DNS Servers . . . . . . . . . . . : 192.168.1.2
                                            208.67.222.222

if this computer is part of a domain then it should only look at the local domain controller.

eb
0
carrolc575Author Commented:
i think the issue is w/ the access list but i get very confused when setting them up...
here is the tracert
here is my running config
tracert.txt
config.txt
0
Erik BjersPrincipal Systems AdministratorCommented:
Please post a diagram of how you are trying to setup your network.

With out this I can not help any further.

eb
0
carrolc575Author Commented:
0
Erik BjersPrincipal Systems AdministratorCommented:
The attachment does not work.  Please use an image format such as JPG

eb
0
carrolc575Author Commented:
one more time
Drawing1.jpg
0
Erik BjersPrincipal Systems AdministratorCommented:
is the gateway router something you control?  Does it have a route back to your network (route 192.168.1.0 255.255.255.0 192.168.10.200)

I also see the 10.10.10.x network shown in your config, where does this fit in?

eb
0
carrolc575Author Commented:
no it is not something i can contol
the 10.10.10x network is a piece of the original config
0
carrolc575Author Commented:
i can ping the outside address of the router but not the address of the gateway
0
Erik BjersPrincipal Systems AdministratorCommented:
the 10.10.10x network is a piece of the original config <- I am assuming you did not wipe the old config, if not you should as this may be part of your problem

can ping the outside address of the router but not the address of the gateway <- do you mean 192.168.10.200, or 192.168.10.254?  Where are you pining from inside computer or the router?

If you do not have control of the other router who does?

eb
0
carrolc575Author Commented:
i can ping the outside address of 192.168.10.200 from a pc dehind the rout the laptop in the diag
0
Erik BjersPrincipal Systems AdministratorCommented:
but you can not get to 10.254 right.

Can you give me more details on what you want to do with your ACLs?  and I still recommend you wipe the original config and start over.

eb
0
carrolc575Author Commented:
should i dunp the load and go back to cisco defaults and start again...
0
carrolc575Author Commented:
i what to allow remote acces tot he router in the future
allow internet access to the computers behind the router
allow in the future a vpn to be setup
also note this is for a medical office so it need to be compient w/ security... so it cant be just wide open...
there is going to be a server onsite that will do the dhcp/ and some dns... the serer will be @ 192.168.1.1
also need to be able to get to the server remotely...
need to setup the wire less to use a wep key 128bit
and thing else you may think of...
0
lrmooreCommented:
Remove all acls from both interfaces and get communications going first. You've got both interfaces as security zone-members "inside". You don't have the zone pairs defined yet, so don't even try to use them

interface Vlan1
 no ip access-group 100 in
 no ip access-group 23 out
 no zone-member security inside

interface FastEthernet4
 no ip access-group 23 in
 no ip access-group 100 out
 no zone-member security inside
0
Erik BjersPrincipal Systems AdministratorCommented:
OK if this is for a medical office I suggest you hire a consultant who knows CISCO equipment and the various regulations you need to follow to configure this.  If you do this wrong you can be open to many legal issues.

And yes I recommend wiping and starting from the default, then working in steps;
1) get basic internet access
2) build your ACLs
3) start looking at other things

Get one thing working before trying the others.

eb
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.