Cisco 2651 Router Configuration

Hi,

I have a Cisco 2651 Router and i have broadband cable internet. I have the ethernet cable from my switch (network) plugged into FastEthernet 0/1 and the ethernet cable from my cable modem into FastEthernet 0/0. When i connet to console i can ping google.com as well as any internal IP address & Hostname. Computers on the network can ping each other but not the internet. So i assume i need to route my traffic from the network to use FastEthernet 0/0 for outboud routes, i also do not have a Gateway or last resort configured as my IP address from m cable provider is dynamic, it doesn't change often but still but still does from time to time. So i m worried that if it changes and is set as a default route or gateway then i will constantly be changing this and losing service until i manually change to the new IP.
SO basically i am looking for a way to have the two interfaces communicate and act in a way similarly to a basic home router like the ones most people have where you have a WAN port and LAN port. really simple in concept and so far i am half way there.

please help. thanks so much
LVL 1
mxrider_420Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Istvan KalmarHead of IT Security Division Commented:
Hi,

you need to configure NAT, please show us the config, and we put the lines....
0
alewis9777Commented:
For your gateway situation you could use a default route pointing to your external interface instead of your ISP's gateway.

ip route 0.0.0.0 0.0.0.0 FastEthernet 0/0

Also make sure you are overloading your translation on your outside interface.
2
ip nat inside source list 102 interface FasterEthernet0/0 overload

where is 102 is the access-list permitting your internet traffic out.

access-list 10 permit ip 192.168.1.0 0.0.0.255 any


0
alewis9777Commented:
sorry my 2 jumped to wrong place.

access-list 102 permit ip 192.168.1.0 0.0.0.255 any

as ikalmar said it would be beneficial if you posted your conifg just xxx out your passwords.
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

mxrider_420Author Commented:
are you suggesting i dont need a route from the network interface to the external? and i will go grab my code now and post. i am just confused. i also have SDM installed. should i use this instead as i am a noob.

thanks
0
Istvan KalmarHead of IT Security Division Commented:
I advis to use IOS for config....
0
mxrider_420Author Commented:
Router#show run
Building configuration...

Current configuration : 1486 bytes
!
version 12.3
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$6xpG$8A02rr8DYI2OEKBSZtdICUi0
enable password XXXXX
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 192.168.2.1 192.168.2.3
ip dhcp excluded-address 192.168.2.13 192.168.2.254
!
ip dhcp pool sdm-pool1
   network 192.168.2.0 255.255.255.0
   domain-name intra.exchangesolution.ca
   dns-server 192.168.1.1 192.168.1.59
   default-router 192.168.2.2 ***<-- WHY IS THIS LIKE THIS I NEVER SET IT TO THAT?***
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 description $ETH-LAN$
 ip address dhcp
 no ip redirects
 ip nat outside
 speed auto
 full-duplex
 no cdp enable
!
interface FastEthernet0/1
 description $ETH-LAN$
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
 no cdp enable
!
ip nat inside source list 2 interface FastEthernet0/0 overload
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark SDM_ACL Category=2
access-list 2 permit 192.168.1.0 0.0.0.255
no cdp run
!
snmp-server community public RO
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
 password XXXXXXXX
 login
!
!
end

0
greg wardSystems EngineerCommented:
copy and paste this into the router
conf t
no ip dhcp excluded-address 192.168.2.1 192.168.2.3
no ip dhcp excluded-address 192.168.2.13 192.168.2.254
!
ip dhcp pool sdm-pool1
   no network 192.168.2.0 255.255.255.0
network 192.168.1.0 255.255.255.0
   domain-name intra.exchangesolution.ca
   dns-server 192.168.1.1 192.168.1.59
   no default-router 192.168.2.2
default-router 192.168.1.1
 
Greg
0
mxrider_420Author Commented:
ok. i did that. i was wondering though do i need to set up nat rules and firewall inbound and outbound now too? for now i just need to get it working so each can ping eachother and so that the network can access the internet. is there anything else i am missing?
0
greg wardSystems EngineerCommented:
what happens if you ping google.co.uk
you want to do
conf t
ip name-server 4.2.2.1
first.
 
Greg
0
mxrider_420Author Commented:
Building configuration...

Current configuration : 2145 bytes
!
version 12.3
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router1A
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$6xpG$8A028DYI2OEKBSZtdICUi0
enable password XXXX
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip dhcp pool sdm-pool1
   network 192.168.1.0 255.255.255.0
   domain-name intra.exchangesolution.ca
   dns-server 192.168.1.1 192.168.1.59
   default-router 192.168.1.1
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 description $ETH-LAN$
 ip address 192.168.1.1 255.255.255.0
 ip access-group sdm_fastethernet0/0_in in
 ip access-group sdm_fastethernet0/0_out out
 no ip redirects
 ip nat inside
 speed auto
 full-duplex
 no cdp enable
!
interface FastEthernet0/1
 description $ETH-LAN$
 ip address dhcp
 ip access-group sdm_fastethernet0/1_in in
 ip access-group sdm_fastethernet0/1_out out
 no ip redirects
 ip nat outside
 duplex auto
 speed auto
 no cdp enable
!
router rip
 version 1
 redistribute connected
 passive-interface FastEthernet0/0
 passive-interface FastEthernet0/1
 network 192.168.1.0
 no auto-summary
!
ip nat inside source list 2 interface FastEthernet0/0 overload
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
!
!
ip access-list extended sdm_fastethernet0/0_in
 remark SDM_ACL Category=1
 permit ip any any
ip access-list extended sdm_fastethernet0/0_out
 remark SDM_ACL Category=1
 permit ip any any
ip access-list extended sdm_fastethernet0/1_in
 remark SDM_ACL Category=1
 permit ip any any
ip access-list extended sdm_fastethernet0/1_out
 remark SDM_ACL Category=1
 permit ip any any
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark SDM_ACL Category=2
access-list 2 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
snmp-server community public RO
!
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
 password XXXX
 login
!
!
end





ALSO I GET THIS WHEN I PING NOW AS YOU CAN SEE INTERNAL AND EXTERNAL PINGS.

Router1A#ping ad-server

Translating "ad-server"...domain server (64.59.176.13) (64.59.176.15)
% Unrecognized host or address, or protocol not running.

Router1A#ping google.ca

Translating "google.ca"...domain server (64.59.176.13) (64.59.176.15)
% Unrecognized host or address, or protocol not running.

0
greg wardSystems EngineerCommented:
you are unable to resolve ips.
can you ping 4.2.2.1
this is a well know name server.
 
Greg
0
mxrider_420Author Commented:
Perhaps I should start from scratch factory defaults. assuming the following information can you give me the config?

network FA0/0 192.168.1.1 255.255.255.0
netowrk DNS (and DHCP server) server 192.168.1.59

WAN- SHAW CABLE
Ip-is DHCP assigned from shaw and changes dynamically and random rates.

assuming this simple scenario i need FA0/1 to be my wan port and FA0/0 to go to my HP Procurve switch to serve my clients and network. i recently upgraded to this router to allow for evntually VLANS and subinterfaces, but im far off from configuring that when i cant even get simple networking done correctly on this :S lol

thanks for your help. if you can tell me how to reset it to defaults and then i can rebuild the router with your config that would be great. i feel i keep trying things and making matters worse
0
greg wardSystems EngineerCommented:
can you do a show ip int brief and paste the output please
 
 
Greg
0
mxrider_420Author Commented:
Router1A#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            192.168.1.1     YES manual up                    down
FastEthernet0/1            174.5.165.113   YES DHCP   up                    down


**NOTE: Only reason its state is 'down' is because i need to plug back into this computer directly to make these posts.
0
greg wardSystems EngineerCommented:
to delete a config
erase startup-config
reload
however this is wrong
ip nat inside source list 2 interface FastEthernet0/0 overload
 
you need to
conf t
no ip nat inside source list 2 interface FastEthernet0/0 overload
ip nat inside source list 2 interface FastEthernet1/0 overload

 Greg
0
greg wardSystems EngineerCommented:
and also
conf t
no ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

ip route 0.0.0.0 0.0.0.0 FastEthernet1/0
 
 
Now you are running!
 
Greg
0
mxrider_420Author Commented:
ok, are you suggesting i do NOT reload and start from scratch thus far?.. just try what you posted and then if not reload and go from there?.... i really appreciate your help btw. im really lost as to why sucha  seamingly easy thing seems so  complicated.
0
mxrider_420Author Commented:
Its puking:
Dynamic mapping in use, do you want to delete all entries? [no]: y
Router1A(config)#ip nat inside source list 2 interface FastEthernet1/0 overload
                                                       ^
% Invalid input detected at '^' marker.

Router1A(config)#ip nat inside source list 2 interface FastEthernet1/0 overload
                                                       ^
% Invalid input detected at '^' marker.

Router1A(config)#$de source list 2 interface FastEthernet1/0 overload
                                                       ^
% Invalid input detected at '^' marker.

Router1A(config)#ip nat inside source list 2 interface FastEthernet1/0 overload
                                                       ^
% Invalid input detected at '^' marker.

Router1A(config)#conf t
                      ^
% Invalid input detected at '^' marker.

Router1A(config)#
Router1A(config)#no ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
Router1A(config)#
Router1A(config)#
Router1A(config)#ip route 0.0.0.0 0.0.0.0 FastEthernet1/0
                                          ^
% Invalid input detected at '^' marker.

Router1A(config)#
Router1A(config)#

0
mxrider_420Author Commented:
OK... SO i redid the configuration. take a look and let me know...

Building configuration...

Current configuration : 844 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router1AExchange
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$IT8f$kJGnzPsR2DOq4gmizLtF2.
enable password xxxxx
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
no ip routing
no ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 no ip route-cache
 speed auto
 full-duplex
!
interface FastEthernet0/1
 ip address dhcp
 ip nat outside
 no ip route-cache
 shutdown
 duplex auto
 speed auto
!
ip http server
no ip http secure-server
ip classless
!
!
!
snmp-server community public RO
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 password xxxxx
 login
!
!
end


________________________

SHOW INTERFACE
_______________________

Router1AExchange#show interface
FastEthernet0/0 is up, line protocol is down
  Hardware is AmdFE, address is 0006.289c.4100 (bia 0006.289c.4100)
  Internet address is 192.168.1.1/24
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, Auto Speed, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:09, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     36 packets output, 2160 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
FastEthernet0/1 is administratively down, line protocol is down
  Hardware is AmdFE, address is 0006.289c.4101 (bia 0006.289c.4101)
  Internet address will be negotiated using DHCP
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Auto-duplex, Auto Speed, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:07:26, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes
     Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     7 packets output, 420 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
0
Istvan KalmarHead of IT Security Division Commented:
you need to enable:

interface FastEthernet0/1
 no shut
0
greg wardSystems EngineerCommented:
conf t
int fa0/1
no shut
int fa0/0
ip nat inside
ip route 0.0.0.0 0.0.0.0 FastEthernet1/0
 ip nat inside source list 1 interface FastEthernet1/0 overload
access-list 1 permit 192.168.1.0 0.0.0.255

For starters
 
Greg
0
mxrider_420Author Commented:
Router1AExchange#ping facebook.com

Translating "facebook.com"...domain server (64.59.176.13) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 69.63.181.12, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 100/109/121 ms
Router1AExchange#ping 192.168.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Router1AExchange#ping ad-server

Translating "ad-server"...domain server (64.59.176.13)
% Unrecognized host or address, or protocol not running.
0
greg wardSystems EngineerCommented:
ad-server is not a FQDN and wont resolve through dns.
Anyway it looks to be running now
do the other machines connect ok?
 
Greg
0
mxrider_420Author Commented:
i was hoping that FA0/0 would use my internal 192.168.1.59 for DNS and then bounce to secondary external if needed on FA0/1

The machines can ping internal but still have NO internet access.  :S and a few of your commands i manually types too to ensreu that no extra spaces etc.. were coming along with copy/paste and im still getting eg:

Router1AExchange(config)#ip route 0.0.0.0 0.0.0.0 FastEthernet1/0
                                                  ^
% Invalid input detected at '^' marker.


So if you can explin to me what the problem is perhaps i can do some research on my own. Like what am i missing? the machines can ping internal, and the outer can ping internal (via IP ONLY) and external as well. still seems like the two interfaces dont allow traffic to pass to eachother. :S this is strange to me because it should be basic to get this working.
0
Istvan KalmarHead of IT Security Division Commented:
it seems DNS problem....

Please try 208.67.222.222 for DNS...
ANd fix that the local DNS server
0
greg wardSystems EngineerCommented:
your dhcp has configure the dns server
ip name-server will allow you to add a namesever ie 192.168.1.59
ip dhcp pool lan
network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
   dns-server 192.168.1.59
also
router rip
version 2
network 192.168.1.0
ip route 0.0.0.0 0.0.0.0 fa1/0
if that does not work try
ip route ?
 
Greg
0
Istvan KalmarHead of IT Security Division Commented:
default route command not need, if you get the outside IP address from DHCP server!
0
mxrider_420Author Commented:
ok i tried that and im not sure my syntax is correct i continually get errors.
Router1AExchange(config)#default-router 192.168.1.1
                                 ^
% Invalid input detected at '^' marker.

Router1AExchange(config)#dns-server 192.168.1.59
                            ^
% Invalid input detected at '^' marker.
0
Istvan KalmarHead of IT Security Division Commented:
you need to add dhcp pool first:

ip dhcp pool lan
   network 192.168.1.0 255.255.255.0
  default-router 192.168.1.1
   dns-server 192.168.1.59
0
Istvan KalmarHead of IT Security Division Commented:
But I advise this:

ip dhcp pool lan
  network 192.168.1.0 255.255.255.0
  default-router 192.168.1.1
  dns-server 192.168.1.59 208.67.222.222

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
mxrider_420Author Commented:
ok thanks ikalamar. i will disregard that. but is there a reason this is so troublesome? i am on SDM and when i run the test its failing at the routes and flow. is almost as though the FA0/0 has no idea how to route to FA0/1
0
Istvan KalmarHead of IT Security Division Commented:
please provide us:

sh ip route
0
greg wardSystems EngineerCommented:

router rip
version 2
network 192.168.1.0
ip route 0.0.0.0 0.0.0.0 fa0/1
 
sorry had the fa the wrong way round.
 
Greg
0
greg wardSystems EngineerCommented:
ip nat inside source list 1 interface FastEthernet0/1 overload
guess that needs to be done too
 
Greg
0
Istvan KalmarHead of IT Security Division Commented:
please show the config that running now...
0
mxrider_420Author Commented:
Router1AExchange#sh ip route
Default gateway is 174.5.164.1

Host               Gateway           Last Use    Total Uses  Interface
ICMP redirect cache is empty


Router1AExchange#show
*Mar  1 01:55:44.055: %SYS-5-CONFIG_I: Configured from console                                                                by consolerun
Building configuration...

Current configuration : 1181 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router1AExchange
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$IT8f$kJGnzPsR2DOq4gmizLtF2.
enable password Teambrap420
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
no ip routing
no ip cef
!
!
ip name-server 4.2.2.1
ip name-server 192.168.1.59
ip name-server 64.59.177.226
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 no ip route-cache
 speed auto
 full-duplex
!
interface FastEthernet0/1
 ip address dhcp
 ip nat outside
 no ip route-cache
 duplex auto
 speed auto
!
ip nat inside source list 1 interface FastEthernet0/1 overload
ip nat inside source list 2 interface FastEthernet0/1 overload
ip http server
no ip http secure-server
ip classless
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark SDM_ACL Category=2
access-list 2 permit 192.168.1.0 0.0.0.255
!
snmp-server community public RO
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 password Teambrap420
 login
!
!
end


0
greg wardSystems EngineerCommented:
router rip
version 2
network 192.168.1.0
ip route 0.0.0.0 0.0.0.0 fa0/1
did this not work?
Greg
0
Istvan KalmarHead of IT Security Division Commented:
Hi Greg,

Why do you want to add RIP for a gateway?

mxrider_420,

Did you set DNS on your PC?
0
greg wardSystems EngineerCommented:
from comment 32166187
 i recently upgraded to this router to allow for evntually VLANS and subinterfaces
 
Greg
0
mxrider_420Author Commented:
well all i get is this
Router1AExchange(config)#router rip
IP routing not enabled
0
mxrider_420Author Commented:
Ok so would you be able to walk me through step by step from a blank slate how to configure both interfaces as if i just got it from factory defaults. ? i think i need to back out from trying so many things and just start fresh. can you give me a step by step walk through of the commands modes etc...? appreciate your time very much. i feel like i am almost there but if i start witha  blank slate perhaps we can get it working correctly.
thanks
0
Istvan KalmarHead of IT Security Division Commented:
ip dhcp pool lan
  network 192.168.1.0 255.255.255.0
  default-router 192.168.1.1
  dns-server 192.168.1.59 208.67.222.222
interface FastEthernet0/0
 no shu
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 no ip route-cache
 speed auto
 full-duplex
!
interface FastEthernet0/1
 no shu
 ip address dhcp
 ip nat outside
 no ip route-cache
 duplex auto
 speed auto
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source list 1 interface FastEthernet0/1 overload
0
mxrider_420Author Commented:
**Ok so i did a fresh start and followed your commands verbatum. this is my results. :S im at a loss gentlemen...

ROUTER1A-EXCHANGE#show run
Building configuration...

Current configuration : 979 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER1A-EXCHANGE
!
boot-start-marker
boot-end-marker
!
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip dhcp pool lan
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
   dns-server 192.168.1.59 208.67.222.222
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 no ip route-cache cef
 no ip route-cache
 speed auto
 full-duplex
!
interface FastEthernet0/1
 ip address dhcp
 ip nat outside
 no ip route-cache cef
 no ip route-cache
 duplex auto
 speed auto
!
ip nat inside source list 1 interface FastEthernet0/1 overload
ip http server
no ip http secure-server
ip classless
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end



_________________

SHOW IP ROUTE
___________________

ROUTER1A-EXCHANGE#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     174.5.0.0/22 is subnetted, 1 subnets
C       174.5.164.0 is directly connected, FastEthernet0/1
C    192.168.1.0/24 is directly connected, FastEthernet0/0
ROUTER1A-EXCHANGE#


__________________
SHOW INTERFACE
_______________

Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            192.168.1.1     YES manual up                    up
FastEthernet0/1            174.5.165.113   YES DHCP   up                    up



_______________
PING
______________

ROUTER1A-EXCHANGE#ping 192.168.1.59

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.59, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
ROUTER1A-EXCHANGE#ping ad-server

Translating "ad-server"...domain server (255.255.255.255)
% Unrecognized host or address, or protocol not running.

ROUTER1A-EXCHANGE#ping ad-server.intra.exchangesolution.ca

Translating "ad-server.intra.exchangesolution.ca"...domain server (255.255.255.255) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.59, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
ROUTER1A-EXCHANGE#ping google.ca

Translating "google.ca"...domain server (255.255.255.255)
% Unrecognized host or address, or protocol not running.

ROUTER1A-EXCHANGE#ping www.google.ca

Translating "www.google.ca"...domain server (255.255.255.255)
% Unrecognized host or address, or protocol not running.

ROUTER1A-EXCHANGE#ping 64.59.176.13

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 64.59.176.13, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
0
Istvan KalmarHead of IT Security Division Commented:
ok there is a problem with outside dhcp server

you need:

ip route 0.0.0.0 0.0.0.0 fast 0/1
0
mxrider_420Author Commented:
run this from global config mode?... then my issue is fixed?...
0
Istvan KalmarHead of IT Security Division Commented:
yes
0
mxrider_420Author Commented:
also i should mention froma  pc back on the network i can ping the IP address of FA0/1 but if i ping out via IP to google, or even the DNS server IP it fails. same goes when ping run from router directly. and hostnames.... forget about it. they fail. with the exception of computers on the domain internally my pings via host name work....
0
mxrider_420Author Commented:
Here is what SDM is saying....
fa00.JPG
fa01.JPG
0
mxrider_420Author Commented:
Is it possible that my router is bad? i mean this is crazy. you all have been very helpful and i am following your lead exactly...
0
mxrider_420Author Commented:
why when i add this
ip route 192.168.1.0 255.255.255.0 FastEthernet0/1

does it work?.....
0
mxrider_420Author Commented:
HERE IS MY FINAL WORKING CONFIGURATION.. AND I THOUGHT ID NEVER GET HERE! haha

Lastly before i close this thread and award points. i have an FTP server on port 91 internal and a webserver 8888 internally. since i have a dynamic IP address for my WAN my linksys had a feature for automatically updating hostnames with DYNDNS. does anyone know a way to do this with the 2600 series?.. this way my host records are still accessable?...

Building configuration...

Current configuration : 1293 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER1A-EXCHANGE
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$93hR$uyzPXtpfNZcaDpnTQzFTc1
!
clock timezone EST -5
clock summer-time EST recurring
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
!
ip name-server 64.59.176.13
!
ip dhcp pool lan
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
   dns-server 192.168.1.59 208.67.222.222
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip helper-address 192.168.1.59
 ip nat inside
 no ip route-cache cef
 no ip route-cache
 speed auto
 full-duplex
 no cdp enable
!
interface FastEthernet0/1
 ip address dhcp
 ip nat outside
 no ip route-cache cef
 no ip route-cache
 duplex auto
 speed auto
!
router rip
0
mxrider_420Author Commented:
Building configuration...

Current configuration : 1293 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER1A-EXCHANGE
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$93hR$uyzPXtpfNZcaDpnTQzFTc1
!
clock timezone EST -5
clock summer-time EST recurring
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
!
ip name-server 64.59.176.13
!
ip dhcp pool lan
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
   dns-server 192.168.1.59 208.67.222.222
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.1.1 255.255.255.0
 ip helper-address 192.168.1.59
 ip nat inside
 no ip route-cache cef
 no ip route-cache
 speed auto
 full-duplex
 no cdp enable
!
interface FastEthernet0/1
 ip address dhcp
 ip nat outside
 no ip route-cache cef
 no ip route-cache
 duplex auto
 speed auto
!
router rip
 version 2
 passive-interface FastEthernet0/1
 network 192.168.1.0
!
ip nat inside source list 1 interface FastEthernet0/1 overload
ip http server
no ip http secure-server
ip classless
ip route 192.168.1.0 255.255.255.0 FastEthernet0/1
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 login
!
!
end
0
mxrider_420Author Commented:
Also can someone please elaborate to me please why RIP is so critical? what about OSPF? in my home environment when would i use this? i only have 1 router so i dont need EIRGP because i dont have or need n atonomous system number. but is it safe to assupe RIP is all i need?
0
greg wardSystems EngineerCommented:
Rip is ok, so is OSPF .
If you show ip route and nothing is shown to use rip you dont need it.
It is POSSIBLE to configure ddns on a cisco router but not easy
http://www.petri.co.il/csc_configuring_dynamic_dns_in_cisco_ios.htm 
not sure you static route is correct
ip route 192.168.1.0 255.255.255.0 FastEthernet0/1

i would think  ip route 0.0.0.0 0.0.0.0 fa0/1
would be better.
Greg
0
mxrider_420Author Commented:
thanks for the link. and when i usep route 0.0.0.0 0.0.0.0 fa0/1 NOTHING works, no WAN ping, no internet on client pc's nothing... when i do theip route 192.168.1.0 255.255.255.0 FastEthernet0/1 EVERYTHING works fine, ping internet browsing.. basically i dont understand why and what the difference is. but whatever i did made it work.

also when it comes to single port forwarding i cant do this through NAT because both interfaces are designated, so is there another way to have port hostname.dyndns,org hit FA0/1 then go to FA0/0 and translate into abc.def.ghi.jkl :91
?
0
mxrider_420Author Commented:
what does the ip route 0.0.0.0 0.0.0.0 fa0/0 mean? allow any<->any?...

0
greg wardSystems EngineerCommented:
all traffic that is unknow goes to the default gateway.
0.0.0.0 0.0.0.0 fa0/0 would send all traffic to the wrong interface.
0.0.0.0 0.0.0.0 fa0/1 would be correct.
what about if you change your access rule to permit any, does it work then?
 
Greg
0
mxrider_420Author Commented:
My appologies i did mean 0.0....... on fa0/1 not 0/0 thanks for the clairification. Well then your way sounds correct i really am at a loss for understanding why this didnt work alot earlier. as i did do that on the fa0/1 but when i changed it to the network address with the Sm it worked correctly.

I dont have any ACL in place as of yet, i am going to configure this but only if you feel its the reccommended way becasue i am already using both FA0/0 FA0/1 as designated interfaces for my NAT.

Let me know... thanks. so far i got any<->any
0
greg wardSystems EngineerCommented:
afaik this is wrong
ip route 192.168.1.0 255.255.255.0 FastEthernet0/1

Im sorry that it works and the idea i sugested does not but i dont want to proceed as is.
Maybe someone else can explain why it does not.
 
Greg
0
mxrider_420Author Commented:
Very Helpful, thanks everyone!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.