Juneaucounty
asked on
Cisco Router 881 setup to route my LAN to internet
I have a Cisco 881 and i want to route multiple computers to the router to get out to the internet.
My internal (LAN) ip scheme 172.20.X.X
My internet (outside) ip address is 1.1.1.1 (example)
My internal (LAN) network is plugged into FastEthernet 0
My internet (global) outside is plugged into FastEthernet 4
If I setup my computers default gateway to 172.20.0.246, i am not getting out to the internet. What am i doing wrong?
Here is my config:
Building configuration...
! Last configuration change at 16:47:47 UTC Thu Apr 4 2013
! NVRAM config last updated at 21:04:40 UTC Wed Mar 27 2013
! NVRAM config last updated at 21:04:40 UTC Wed Mar 27 2013
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname Roger
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$RH.e$bLnsdf2sdfyQssdfsd fsWsdfsdIs dfsdfAgDUg watdSbEA.
enable password 7 143D4asdsdffsd15F59sdf0772 73750107
!
no aaa new-model
no process cpu extended history
no process cpu autoprofile hog
memory-size iomem 10
crypto pki token default removal timeout 0
!
!
no ip source-route
!
!
!
!
!
ip cef
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FTX1702853P
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
switchport access vlan 2
no ip address
no cdp enable
!
interface FastEthernet1
no ip address
shutdown
no cdp enable
!
interface FastEthernet2
no ip address
shutdown
no cdp enable
!
interface FastEthernet3
no ip address
shutdown
no cdp enable
!
interface FastEthernet4
ip address 1.1.1.1 255.255.255.255
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 172.20.0.246 255.255.0.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 172.20.0.0 25 1.1.1.1 25 extendable
ip nat inside source static tcp 172.20.0.0 80 1.1.1.1 80 extendable
ip nat inside source static tcp 172.20.0.0 443 1.1.1.1 443 extendable
!
access-list 1 permit 172.20.0.0 0.0.0.255
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 132F4446sdfsd5E0F5C727A
login
transport input all
!
end
My internal (LAN) ip scheme 172.20.X.X
My internet (outside) ip address is 1.1.1.1 (example)
My internal (LAN) network is plugged into FastEthernet 0
My internet (global) outside is plugged into FastEthernet 4
If I setup my computers default gateway to 172.20.0.246, i am not getting out to the internet. What am i doing wrong?
Here is my config:
Building configuration...
! Last configuration change at 16:47:47 UTC Thu Apr 4 2013
! NVRAM config last updated at 21:04:40 UTC Wed Mar 27 2013
! NVRAM config last updated at 21:04:40 UTC Wed Mar 27 2013
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname Roger
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$RH.e$bLnsdf2sdfyQssdfsd
enable password 7 143D4asdsdffsd15F59sdf0772
!
no aaa new-model
no process cpu extended history
no process cpu autoprofile hog
memory-size iomem 10
crypto pki token default removal timeout 0
!
!
no ip source-route
!
!
!
!
!
ip cef
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FTX1702853P
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
switchport access vlan 2
no ip address
no cdp enable
!
interface FastEthernet1
no ip address
shutdown
no cdp enable
!
interface FastEthernet2
no ip address
shutdown
no cdp enable
!
interface FastEthernet3
no ip address
shutdown
no cdp enable
!
interface FastEthernet4
ip address 1.1.1.1 255.255.255.255
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 172.20.0.246 255.255.0.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 172.20.0.0 25 1.1.1.1 25 extendable
ip nat inside source static tcp 172.20.0.0 80 1.1.1.1 80 extendable
ip nat inside source static tcp 172.20.0.0 443 1.1.1.1 443 extendable
!
access-list 1 permit 172.20.0.0 0.0.0.255
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 132F4446sdfsd5E0F5C727A
login
transport input all
!
end
ASKER
Yes my clients already have an IP addres from an internal DHCP server.
I tried the command:
ip route 0.0.0.0 0.0.0.0 fastethernet4
i get an error:
Default route without gateway, if not a point-to-point interface, may impact performance
I tried the command:
ip route 0.0.0.0 0.0.0.0 fastethernet4
i get an error:
Default route without gateway, if not a point-to-point interface, may impact performance
This is an 881...so that model doesn't have a WAN port as such does it?
Try these commands instead...
ip default-gateway 1.1.1.1 (replace 1.1.1.1 with your external IP)
ip route 0.0.0.0 0.0.0.0 1.1.1.1
See if that works...
As it stands now, from the router can you ping these?
ping 8.8.8.8
ping www.google.com
Do they return replies?
Try these commands instead...
ip default-gateway 1.1.1.1 (replace 1.1.1.1 with your external IP)
ip route 0.0.0.0 0.0.0.0 1.1.1.1
See if that works...
As it stands now, from the router can you ping these?
ping 8.8.8.8
ping www.google.com
Do they return replies?
ASKER
Yes this is an 881 and yes it does have a WAN port (fastethernet 4).
I tried the following commands that you suggested.
ip default-gateway 1.1.1.1 (replace 1.1.1.1 with your external IP)
ip route 0.0.0.0 0.0.0.0 1.1.1.1
the ip default-gateway commmand worked but the ip route command said Incomplete command.
I researched and i think it needs the mask
so i tried:
ip route 0.0.0.0 255.255.0.0 1.1.1.1
then i get this error:
%Invalid next hop address (it's this router)
I tried the following commands that you suggested.
ip default-gateway 1.1.1.1 (replace 1.1.1.1 with your external IP)
ip route 0.0.0.0 0.0.0.0 1.1.1.1
the ip default-gateway commmand worked but the ip route command said Incomplete command.
I researched and i think it needs the mask
so i tried:
ip route 0.0.0.0 255.255.0.0 1.1.1.1
then i get this error:
%Invalid next hop address (it's this router)
ASKER
oh and I cannot ping www.google.com or 8.8.8.8 from router
Yep, that's what I thought(about the ip route command with the ip address at end)
Normally the ip route command takes the 'wan interface' at the end - or the next hop...
Actually that might work - what's the gateway address of your ISP? That's what should be put at end of this command
ip route 0.0.0.0 0.0.0.0 1.1.1.2 - note this should be the gateway from your ISP(should work)
Normally the ip route command takes the 'wan interface' at the end - or the next hop...
Actually that might work - what's the gateway address of your ISP? That's what should be put at end of this command
ip route 0.0.0.0 0.0.0.0 1.1.1.2 - note this should be the gateway from your ISP(should work)
ASKER
should i remove the default-gateway ??
Em...yes, don't think that is needed once you get the route command setup correctly...
So remove default gateway
Try new route command
If it takes without error - ping 8.8.8.8, ping www.google.com - test to see you have connectivity
So remove default gateway
Try new route command
If it takes without error - ping 8.8.8.8, ping www.google.com - test to see you have connectivity
ASKER
ok i removed default gateway
for new route i typed:
ip route 0.0.0.0 255.255.0.0 1.1.1.2
It took it with no errors but i still cannot ping 8.8.8.8
is my subnet mask wrong? the 255.255.0.0 ? that is my internal (LAN) subnet mask
for new route i typed:
ip route 0.0.0.0 255.255.0.0 1.1.1.2
It took it with no errors but i still cannot ping 8.8.8.8
is my subnet mask wrong? the 255.255.0.0 ? that is my internal (LAN) subnet mask
No that is wrong...
ip route 0.0.0.0 0.0.0.0 1.1.1.2
Its 4 zeros, 4 zeros, ISP gateway...
You don't use 255.255.0.0 in there...
ip route 0.0.0.0 0.0.0.0 1.1.1.2
Its 4 zeros, 4 zeros, ISP gateway...
You don't use 255.255.0.0 in there...
ASKER
ok i tried that but still same results. I cannot ping 8.8.8.8
this is what i typed:
ip route 0.0.0.0 0.0.0.0 1.1.1.2
this is what i typed:
ip route 0.0.0.0 0.0.0.0 1.1.1.2
No...sorry I am not getting this across obviously...
1.1.1.2 - this is a dummy ip address - you need to find out what your ISP's default gateway is
For example you listed your running config using 1.1.1.1 as your external WAN ip ok?
I'm basically doing something similar - 1.1.1.2 is my example - you need to get your ISP's default gateway and put it in there...
For some reason your router will not accept the 'ip route 0.0.0.0 0.0.0.0 fastethernet4' command - so we have to use the 'next hop router' address - which in this case is your ISP's default gateway...
When you received your WAN IP address from your ISP they would have provided a few more details with it - one of which is the default gateway - can you find that? Or ask them?
1.1.1.2 - this is a dummy ip address - you need to find out what your ISP's default gateway is
For example you listed your running config using 1.1.1.1 as your external WAN ip ok?
I'm basically doing something similar - 1.1.1.2 is my example - you need to get your ISP's default gateway and put it in there...
For some reason your router will not accept the 'ip route 0.0.0.0 0.0.0.0 fastethernet4' command - so we have to use the 'next hop router' address - which in this case is your ISP's default gateway...
When you received your WAN IP address from your ISP they would have provided a few more details with it - one of which is the default gateway - can you find that? Or ask them?
ASKER
oh sorry yes i am using my ISP default gateway and it still isnt working. i cannot ping 8.8.8.8
Oh...ok, thanks for the update(I was getting confused!)
Can you ping the ISP gateway then? If you can't ping the gateway then we are missing something...
Can you ping the ISP gateway then? If you can't ping the gateway then we are missing something...
Last thing - are you pinging these from the router? That's what I wanted sorry...not from a client - from the router itself
ping 8.8.8.8
What does this return from the router?
ping 8.8.8.8
What does this return from the router?
ASKER
no i cannot ping the ISP gateway either
ASKER
yes i am ping from the router and no luck... it doesnt work
Right...quick question
I don't see a Dialer interface(on any of the Cisco routers I've worked with I've always had to create a Dialer interface to talk to the ISP)
Did your ISP give you a username/password to connect to their side? If they did then there's another bit of work to do...
From your config you are just assigning your WAN IP to FA0/4 - but if they gave you a username/password for authentication to their side then this isn't correct...
Are you configuring this router straight from command line? No SDM web interface?
I don't see a Dialer interface(on any of the Cisco routers I've worked with I've always had to create a Dialer interface to talk to the ISP)
Did your ISP give you a username/password to connect to their side? If they did then there's another bit of work to do...
From your config you are just assigning your WAN IP to FA0/4 - but if they gave you a username/password for authentication to their side then this isn't correct...
Are you configuring this router straight from command line? No SDM web interface?
ASKER
yes they gave us a username and password in order for us to use the internet
Right, then there is a lot missing from the config...
Have you access to SDM? The gui tool that is used to configure routers? It will be a lot faster to get this working...if not then I'll try to build the config and we can test...
Have you access to SDM? The gui tool that is used to configure routers? It will be a lot faster to get this working...if not then I'll try to build the config and we can test...
if you have username/password for internet, then you need to configure your WAN like this:
interface Fast4
bandwidth <<kbps>>
no ip address
no ip redirects
speed auto
duplex auto
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
no shut
!
interface Dialer1
mtu 1492
bandwidth <<kbps>>
ip address 1.1.1.1 255.255.255.255
ip nat outside
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation ppp
no ip route-cache
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp chap hostname <<username>>
ppp chap password <<password>>
ppp pap sent-username <<username>> password <<password>>
ppp pap refuse
don't forget to change NAT rule
ip nat inside source list 1 interface dialer 1 overload
put default route
ip route 0.0.0.0 0.0.0.0 di 1
interface Fast4
bandwidth <<kbps>>
no ip address
no ip redirects
speed auto
duplex auto
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
no shut
!
interface Dialer1
mtu 1492
bandwidth <<kbps>>
ip address 1.1.1.1 255.255.255.255
ip nat outside
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation ppp
no ip route-cache
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp chap hostname <<username>>
ppp chap password <<password>>
ppp pap sent-username <<username>> password <<password>>
ppp pap refuse
don't forget to change NAT rule
ip nat inside source list 1 interface dialer 1 overload
put default route
ip route 0.0.0.0 0.0.0.0 di 1
ASKER
Sorry i have been gone out of town for a few days. I am back now. I will try these commands today and let you know what i find
ASKER
ok so this is what i have now for a config and i still cannot ping 8.8.8.8 or my ISP default gateway:
Building configuration...
Current configuration : 2057 bytes
!
! Last configuration change at 20:42:53 UTC Mon Apr 8 2013
! NVRAM config last updated at 20:42:55 UTC Mon Apr 8 2013
! NVRAM config last updated at 20:42:55 UTC Mon Apr 8 2013
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Roger
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$RH.e$bLnsdf2sdfyQssdfsd fsWsdfsdIs dfsdfAgDUg watdSbEA.
enable password 7 143D4asdsdffsd15F59sdf0772 73750107
!
no aaa new-model
no process cpu extended history
no process cpu autoprofile hog
memory-size iomem 10
crypto pki token default removal timeout 0
!
!
no ip source-route
!
!
!
!
!
ip cef
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FTX1702853P
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
switchport access vlan 2
no ip address
no cdp enable
!
interface FastEthernet1
no ip address
shutdown
no cdp enable
!
interface FastEthernet2
no ip address
shutdown
no cdp enable
!
interface FastEthernet3
no ip address
shutdown
no cdp enable
!
interface FastEthernet4
no ip address
no ip redirects
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
pppoe-client dial-pool-number 1
no cdp enable
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 172.20.0.246 255.255.0.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer1
mtu 1492
ip address 1.1.1.1 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
encapsulation ppp
no ip route-cache
dialer pool 1
dialer-group 1
ppp chap hostname Juneau
ppp chap password 7 011D0901534760A0Faa03
ppp pap sent-username Juneau password 7 04550403022045345345542
ppp pap refuse
no cdp enable
!
interface Dialer12
no ip address
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 1 permit 172.20.0.0 0.0.0.255
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 132F44465443E0FCCF5C727A
login
transport input all
!
end
Building configuration...
Current configuration : 2057 bytes
!
! Last configuration change at 20:42:53 UTC Mon Apr 8 2013
! NVRAM config last updated at 20:42:55 UTC Mon Apr 8 2013
! NVRAM config last updated at 20:42:55 UTC Mon Apr 8 2013
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Roger
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$RH.e$bLnsdf2sdfyQssdfsd
enable password 7 143D4asdsdffsd15F59sdf0772
!
no aaa new-model
no process cpu extended history
no process cpu autoprofile hog
memory-size iomem 10
crypto pki token default removal timeout 0
!
!
no ip source-route
!
!
!
!
!
ip cef
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FTX1702853P
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
switchport access vlan 2
no ip address
no cdp enable
!
interface FastEthernet1
no ip address
shutdown
no cdp enable
!
interface FastEthernet2
no ip address
shutdown
no cdp enable
!
interface FastEthernet3
no ip address
shutdown
no cdp enable
!
interface FastEthernet4
no ip address
no ip redirects
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
pppoe-client dial-pool-number 1
no cdp enable
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 172.20.0.246 255.255.0.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer1
mtu 1492
ip address 1.1.1.1 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
encapsulation ppp
no ip route-cache
dialer pool 1
dialer-group 1
ppp chap hostname Juneau
ppp chap password 7 011D0901534760A0Faa03
ppp pap sent-username Juneau password 7 04550403022045345345542
ppp pap refuse
no cdp enable
!
interface Dialer12
no ip address
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 1 permit 172.20.0.0 0.0.0.255
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 132F44465443E0FCCF5C727A
login
transport input all
!
end
ASKER
i cant even ping my 1.1.1.1 address from my ISP
I have doubt on public ip given by your ISP provider..
can you ping/trace your ISP side IP from outside?
go to:
http://whatismyipaddress.com/
put the IP provided by your ISP and check it..ping, trace.
also can you show me your arp?
can you ping/trace your ISP side IP from outside?
go to:
http://whatismyipaddress.com/
put the IP provided by your ISP and check it..ping, trace.
also can you show me your arp?
Couple of questions...
Have you asked your ISP about your setup? I mean have then said its a PPPOE connection? Normally on a PPPOE type dialer setup you don't specify the ip address in the config, its provided by this line
interface Dialer1
mtu 1492
ip address negociated
Where in the config above you have
ip address 1.1.1.1 255.255.255.248
On all connections I've ever setup from Cisco routers with PPPOE the Dialer interface didn't have the IP specified...again not saying this isn't correct - but can you get clarification from your ISP as to how the setup should be?
Ask them if you assign the static ip to your WAN interface - or if its a PPPOE type connection where you provide the username/password and the ip is supplied as part of the handshake...
Have you asked your ISP about your setup? I mean have then said its a PPPOE connection? Normally on a PPPOE type dialer setup you don't specify the ip address in the config, its provided by this line
interface Dialer1
mtu 1492
ip address negociated
Where in the config above you have
ip address 1.1.1.1 255.255.255.248
On all connections I've ever setup from Cisco routers with PPPOE the Dialer interface didn't have the IP specified...again not saying this isn't correct - but can you get clarification from your ISP as to how the setup should be?
Ask them if you assign the static ip to your WAN interface - or if its a PPPOE type connection where you provide the username/password and the ip is supplied as part of the handshake...
smckeown777
static or dynamic IP alloction is ISP product rule..
it doesn't means if it is dialer/pppoe then it shud be negotiated (dynamic IP).
in many cases I had issue with dynamic IP due to static cryptos thus I requested ISP to give me fix IP on same set-up and they did it for me.
static or dynamic IP alloction is ISP product rule..
it doesn't means if it is dialer/pppoe then it shud be negotiated (dynamic IP).
in many cases I had issue with dynamic IP due to static cryptos thus I requested ISP to give me fix IP on same set-up and they did it for me.
Ok, no problem @guptasan...I was just trying to be sure since if we have this info(i.e. do you assign ip static to interface or no) then we can get to the root cause quicker...but thanks for the update...
Can you see anything else wrong with the config? Next thing I'd be doing is PPPOE debug messages...as we need to determine if the pppoe session is even connecting...
Can you see anything else wrong with the config? Next thing I'd be doing is PPPOE debug messages...as we need to determine if the pppoe session is even connecting...
I requested author to give us arp details and also sh user
also check the public IP are activated in INTERNET ??
also check the public IP are activated in INTERNET ??
ASKER
ok i talked with my ISP and they gave me the wrong IP addresses so i put in the new ones and now i still cannot ping out with this configuration. If i put back my old configuration i can ping 8.8.8.8 from the router. I can also ping my default gateway and www.google.com. What isnt working is i still cannot get out to the internet from my machine. I put my laptop default gateway to 172.20.0.246 (which is interface 0)
This is the config that I currently have that works with pinging from the router:
Building configuration...
Current configuration : 1855 bytes
!
! Last configuration change at 17:15:52 UTC Tue Apr 9 2013
! NVRAM config last updated at 17:16:55 UTC Tue Apr 9 2013
! NVRAM config last updated at 17:16:55 UTC Tue Apr 9 2013
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Roger
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$RH.e$bLn2yQWIAAAGgDEFUg watdSbEA.
enable password 7 143D415EGF5907728977375010 7
!
no aaa new-model
no process cpu extended history
no process cpu autoprofile hog
memory-size iomem 10
crypto pki token default removal timeout 0
!
!
no ip source-route
!
!
!
!
!
ip cef
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FTX1702853P
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
switchport access vlan 2
no ip address
no cdp enable
!
interface FastEthernet1
no ip address
shutdown
no cdp enable
!
interface FastEthernet2
no ip address
shutdown
no cdp enable
!
interface FastEthernet3
no ip address
shutdown
no cdp enable
!
interface FastEthernet4
ip address 216.56.60.50 255.255.255.255
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 172.20.0.246 255.255.0.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 172.20.0.0 25 216.56.60.50 25 extendable
ip nat inside source static tcp 172.20.0.0 80 216.56.60.50 80 extendable
ip nat inside source static tcp 172.20.0.0 443 216.56.60.50 443 extendable
ip route 0.0.0.0 0.0.0.0 216.56.60.50
!
access-list 1 permit 172.20.0.0 0.0.0.255
no cdp run
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 132F444898E65Esadf0F5C727A
login
transport input all
!
end
This is the config that I currently have that works with pinging from the router:
Building configuration...
Current configuration : 1855 bytes
!
! Last configuration change at 17:15:52 UTC Tue Apr 9 2013
! NVRAM config last updated at 17:16:55 UTC Tue Apr 9 2013
! NVRAM config last updated at 17:16:55 UTC Tue Apr 9 2013
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Roger
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$RH.e$bLn2yQWIAAAGgDEFUg
enable password 7 143D415EGF5907728977375010
!
no aaa new-model
no process cpu extended history
no process cpu autoprofile hog
memory-size iomem 10
crypto pki token default removal timeout 0
!
!
no ip source-route
!
!
!
!
!
ip cef
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FTX1702853P
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
switchport access vlan 2
no ip address
no cdp enable
!
interface FastEthernet1
no ip address
shutdown
no cdp enable
!
interface FastEthernet2
no ip address
shutdown
no cdp enable
!
interface FastEthernet3
no ip address
shutdown
no cdp enable
!
interface FastEthernet4
ip address 216.56.60.50 255.255.255.255
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 172.20.0.246 255.255.0.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 172.20.0.0 25 216.56.60.50 25 extendable
ip nat inside source static tcp 172.20.0.0 80 216.56.60.50 80 extendable
ip nat inside source static tcp 172.20.0.0 443 216.56.60.50 443 extendable
ip route 0.0.0.0 0.0.0.0 216.56.60.50
!
access-list 1 permit 172.20.0.0 0.0.0.255
no cdp run
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 132F444898E65Esadf0F5C727A
login
transport input all
!
end
ok so your ISP gave to /32 IP and this is correct.
see:
Pinging 216.56.60.50 with 32 bytes of data:
Reply from 216.56.60.50: bytes=32 time=343ms TTL=243
Reply from 216.56.60.50: bytes=32 time=301ms TTL=243
Reply from 216.56.60.50: bytes=32 time=299ms TTL=244
now do like this
int loopback 100
ip address 216.56.60.50 255.255.255.255
in fa4
ip unnumbered lo100
ip route 0.0.0.0 0.0.0.0 lo100
also change nat
ip nat inside source list 1 interface lo100 overload
see:
Pinging 216.56.60.50 with 32 bytes of data:
Reply from 216.56.60.50: bytes=32 time=343ms TTL=243
Reply from 216.56.60.50: bytes=32 time=301ms TTL=243
Reply from 216.56.60.50: bytes=32 time=299ms TTL=244
now do like this
int loopback 100
ip address 216.56.60.50 255.255.255.255
in fa4
ip unnumbered lo100
ip route 0.0.0.0 0.0.0.0 lo100
also change nat
ip nat inside source list 1 interface lo100 overload
ASKER
when typing
int faste4
ip unnumbered loopback 100
i get this error:
Point-to-point (non-multi-access) interfaces only
i guess i dont understand why i cant have my interface4 to be my outside ip address 216.56.60.50. why are you having me remove that from int fast 4 and adding it to loopback 100 inteface?
int faste4
ip unnumbered loopback 100
i get this error:
Point-to-point (non-multi-access) interfaces only
i guess i dont understand why i cant have my interface4 to be my outside ip address 216.56.60.50. why are you having me remove that from int fast 4 and adding it to loopback 100 inteface?
i talked with my ISP and they gave me the wrong IP addresses so i put in the new ones and now i still cannot ping out with this configuration. If i put back my old configuration i can ping 8.8.8.8 from the router. I can also ping my default gateway and www.google.com. What isnt working is i still cannot get out to the internet from my machine. I put my laptop default gateway to 172.20.0.246 (which is interface 0)
Ok, so that sounds good - you have connectivity to the outside...
Are you assigning ip manually on laptop?
What does this command show on the router when you are trying to ping 8.8.8.8 from your laptop?
sh ip nat tr
Ok, so that sounds good - you have connectivity to the outside...
Are you assigning ip manually on laptop?
What does this command show on the router when you are trying to ping 8.8.8.8 from your laptop?
sh ip nat tr
ASKER
yes my static IP on my laptop is setup to 172.20.1.16. Then I got to thinking that i would try 172.20.0.X number and then i could get to the internet. I think i need to add 172.20.1.X to my access list as permit in order to use the 172.20.1.X ip address, correct?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok, sounds good.. Yes that worked. I can now access the internet from my laptop. Thank you so much for your help.
ASKER
This expert was really great to work with. Thank you so much for your help!
This command line is also missing
ip route 0.0.0.0 0.0.0.0 Fastethernet4