eaglerod
asked on
Cisco 3725 Router Config
So I decided to purchase a used Cisco 3725 Router and I have a barebone setup on it. I can ping from the FastEthernet0/0 without a problem but cannot ping from FastEthernet-0/1 at all except to the FastEthernet0/0 port. Please take a look at this barebone config and tell me what I am missing please.
Using 1128 out of 57336 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname XXXXXXXXXXXXXX
!
boot-start-marker
boot-end-marker
!
enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXX X
enable password 7 XXXXXXXXXXXXXXXXXXXXXXXXXX Xx
!
memory-size iomem 15
no aaa new-model
ip subnet-zero
no ip routing
!
!
ip dhcp excluded-address 192.168.0.200 192.168.0.254
ip dhcp excluded-address 192.168.0.2 192.168.0.99
!
ip dhcp pool Pius
dns-server 192.168.0.2 8.8.8.8
netbios-name-server 192.168.0.2
default-router 192.168.0.1
!
ip name-server 77.77.76.777
ip name-server 77.77.77.777
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
ip address 77.77.777.777 255.255.255.240
ip access-group 10 in
ip nat outside
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
ip address 192.168.0.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip classless
no ip http server
!
access-list 10 permit any
snmp-server community public RO
snmp-server enable traps tty
!
line con 0
line aux 0
line vty 0 4
password 7 XXXXXXXXXXXXXXXXXXXXXXXX
login
!
!
end
Using 1128 out of 57336 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname XXXXXXXXXXXXXX
!
boot-start-marker
boot-end-marker
!
enable secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXX
enable password 7 XXXXXXXXXXXXXXXXXXXXXXXXXX
!
memory-size iomem 15
no aaa new-model
ip subnet-zero
no ip routing
!
!
ip dhcp excluded-address 192.168.0.200 192.168.0.254
ip dhcp excluded-address 192.168.0.2 192.168.0.99
!
ip dhcp pool Pius
dns-server 192.168.0.2 8.8.8.8
netbios-name-server 192.168.0.2
default-router 192.168.0.1
!
ip name-server 77.77.76.777
ip name-server 77.77.77.777
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
ip address 77.77.777.777 255.255.255.240
ip access-group 10 in
ip nat outside
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
ip address 192.168.0.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip classless
no ip http server
!
access-list 10 permit any
snmp-server community public RO
snmp-server enable traps tty
!
line con 0
line aux 0
line vty 0 4
password 7 XXXXXXXXXXXXXXXXXXXXXXXX
login
!
!
end
ASKER
I know this. I purposely replaced those numbers with the 7's for security purposes. The Cisco router wouldn't of even allowed me to input that if I wanted to.
FastEthernet0/0
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 77537 5321600 1927 186765
Route cache 0 0 0 0
Total 77537 5321600 1927 186765
FastEthernet0/1
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 31247 2182260 2313 202054
Route cache 0 0 0 0
Total 31247 2182260 2313 202054
Ping from FastEthernet0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 72.30.2.43, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/38/48 ms
Ping Source FastEthernet0/1
Translating "www.yahoo.com"...domain server (77.77.28.16) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 72.30.2.43, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.1
.....
Success rate is 0 percent (0/5)
FastEthernet0/0
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 77537 5321600 1927 186765
Route cache 0 0 0 0
Total 77537 5321600 1927 186765
FastEthernet0/1
Switching path Pkts In Chars In Pkts Out Chars Out
Processor 31247 2182260 2313 202054
Route cache 0 0 0 0
Total 31247 2182260 2313 202054
Ping from FastEthernet0/0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 72.30.2.43, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/38/48 ms
Ping Source FastEthernet0/1
Translating "www.yahoo.com"...domain server (77.77.28.16) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 72.30.2.43, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.1
.....
Success rate is 0 percent (0/5)
Ah, you're trying to set up the router as a NAT/PAT router, now that that is clear I believe all you will need to do to get it working is to put some statements in to do NAT overload on the router.
There's a few different ways to go about getting overload NAT running, so it's probably just best I point you to a document that shows you the fundamentals of Cisco NAT: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml
There's a few different ways to go about getting overload NAT running, so it's probably just best I point you to a document that shows you the fundamentals of Cisco NAT: http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you Sanjeevloke this is exactly what I was looking for but I have ran into another problem now.
I can now ping from the router to yahoo.com from both the f0/0 and the f0/1. I was still not able to get any of my computers to ping past the f0/0 (outside) ip address to the ISP gateway. So I removed DHCP on the router and moved it to my 2008 R2 Server. DHCP is working fine but I still can get out. I can ping the outside IP address but I cant ping the ISP gateway. The new config file is as follows:
Using 1019 out of 57336 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname PiusRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 XXXX
enable password 7 XXXX
!
memory-size iomem 15
no aaa new-model
ip subnet-zero
no ip routing
!
!
!
ip name-server XX.XX.28.16
ip name-server XX.XX.29.16
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
ip address XX.XX.238.132 255.255.255.240
ip access-group 10 in
ip nat outside
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
ip address 192.168.0.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip nat inside source list NAT_LIST interface FastEthernet0/0 overload
ip classless
no ip http server
!
ip access-list extended NAT_LIST
permit ip 192.168.0.0 0.0.0.255 any
!
snmp-server community public RO
snmp-server enable traps tty
!
line con 0
line aux 0
line vty 0 4
password 7 xxxx
login
!
!
end
I can now ping from the router to yahoo.com from both the f0/0 and the f0/1. I was still not able to get any of my computers to ping past the f0/0 (outside) ip address to the ISP gateway. So I removed DHCP on the router and moved it to my 2008 R2 Server. DHCP is working fine but I still can get out. I can ping the outside IP address but I cant ping the ISP gateway. The new config file is as follows:
Using 1019 out of 57336 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname PiusRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 XXXX
enable password 7 XXXX
!
memory-size iomem 15
no aaa new-model
ip subnet-zero
no ip routing
!
!
!
ip name-server XX.XX.28.16
ip name-server XX.XX.29.16
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
ip address XX.XX.238.132 255.255.255.240
ip access-group 10 in
ip nat outside
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
ip address 192.168.0.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip nat inside source list NAT_LIST interface FastEthernet0/0 overload
ip classless
no ip http server
!
ip access-list extended NAT_LIST
permit ip 192.168.0.0 0.0.0.255 any
!
snmp-server community public RO
snmp-server enable traps tty
!
line con 0
line aux 0
line vty 0 4
password 7 xxxx
login
!
!
end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ip name-server 77.77.76.777
ip name-server 77.77.77.777
interface FastEthernet0/0
ip address 77.77.777.777 255.255.255.240
An IPv4 address must be in the range of 0 to 255 in each octet, and usually the first and last address in a subnet cannot be used for a host as they are reserved for the network and broadcast address.
Could you please provide the output of "sh interfaces status" and also the ping command and its output?
Thanks.