• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 696
  • Last Modified:

Cisco 1841

Hi i configurate Cisco router with config

interface f0/0
int f0/0 
description Outside
 ip address dhcp
 no ip redirects
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface f0/1
 description Inside
 ip address 192.168.3.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!

ip nat inside source list 100 interface f0/0 overload
ip nat inside source static tcp 192.168.3.9 85 interface f0/0 85
!
access-list 1 permit ip 192.168.3.0 0.0.0.255 any
access-list 1 deny   ip any any


access-list 1 permit 192.168.3.0 0.0.0.255 any

access-list 100 permit ip 192.168.3.1 0.0.0.255 any

ip nat pool Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0

ip nat inside source list 100 pool Home overload

ip nat inside source list 100 interface fa0/0 overload

Open in new window


and on my pc i test my internet and it is working for skype but i can not open any page using browser port 80
0
umaxim
Asked:
umaxim
  • 22
  • 17
1 Solution
 
MiftaulCommented:
Your access-lists are not correct.
1 to 99 number are standard access-lists and are unaware of layer4, how could you enter ip and also destination any. Router should have given error.

Can you remove all the access-list and nat entries, like all below.

ip nat inside source list 100 interface f0/0 overload
ip nat inside source static tcp 192.168.3.9 85 interface f0/0 85
access-list 1 permit ip 192.168.3.0 0.0.0.255 any
access-list 1 deny   ip any any
access-list 1 permit 192.168.3.0 0.0.0.255 any
access-list 100 permit ip 192.168.3.1 0.0.0.255 any
ip nat pool Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0
ip nat inside source list 100 pool Home overload
ip nat inside source list 100 interface fa0/0 overload

And enter below

ip nat inside source list 1 interface f0/0 overload
access-list 1 permit 192.168.3.0 0.0.0.255

It should work.
0
 
umaximAuthor Commented:
how i can remove  all the access-list
0
 
MiftaulCommented:
Enter into config term and put a NO before each line to remove them
To enter into config mode, type
Config term
To remove the first line, type
NO ip nat inside source list 100 interface f0/0 overload
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
umaximAuthor Commented:
when i did it is said

Cisco(config)#access-list 1 permit ip 192.168.3.0 0.0.0.255 any
Translating "ip"
                                   ^
% Invalid input detected at '^' marker.
0
 
MiftaulCommented:
Exactly, 1 is a standard access list number and can not understand ip.

Just enter below as i already said. It will work.

access-list 1 permit 192.168.3.0 0.0.0.255
ip nat inside source list 1 interface f0/0 overload
0
 
umaximAuthor Commented:
i got same error on this 3
access-list 1 permit ip 192.168.3.0 0.0.0.255 any
access-list 1 deny   ip any any
access-list 1 permit 192.168.3.0 0.0.0.255 any
0
 
umaximAuthor Commented:
this is my conf file
I did everything you asked me to do. and it is still same problem

Using 1858 out of 196600 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
enable password 7 13061E010803
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool Local
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.1
   dns-server 192.168.3.2 192.168.3.3
!
!
no ip domain lookup
ip domain name flickshine-1841
ip name-server 192.168.3.5
ip name-server 192.168.3.6
!
crypto pki trustpoint TP-self-signed-1811998869
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1811998869
 revocation-check none
 rsakeypair TP-self-signed-1811998869
!
!
crypto pki certificate chain TP-self-signed-1811998869
 certificate self-signed 01 nvram:IOS-Self-Sig#3901.cer
username cisco privilege 15 password 7 121A0C041104
!
!
!
interface FastEthernet0/0
 description Inside
 ip address dhcp
 no ip redirects
 no ip proxy-arp
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description Inside
 ip address 192.168.3.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
ip default-gateway 192.168.3.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat pool Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source list 100 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.3.9 85 interface FastEthernet0/0 85
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 privilege level 15
 transport input telnet ssh
!
scheduler allocate 20000 1000

Cisco#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Cisco(config)#$ool Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0
Cisco(config)#$nside source list 1 interface FastEthernet0/0 overload

Dynamic mapping in use, do you want to delete all entries? [no]: yes
Cisco(config)#$nside source list 100 interface FastEthernet0/0 overload

Dynamic mapping in use, do you want to delete all entries? [no]:
%Error: Dynamic mapping in use, cannot remove
Cisco(config)#$ce static tcp 192.168.3.9 85 interface FastEthernet0/0 85
Cisco(config)#File ../crypto/ssl/src/ssltrspt.c; Line 345 # Assert failed: 'rec-                                                                                                                                                             >sent == rec->data.length'
File ../crypto/ssl/src/ssltrspt.c; Line 346 # Assert failed: 'err == 0'
File ../crypto/ssl/src/ssltrspt.c; Line 345 # Assert failed: 'rec->sent == rec->                                                                                                                                                             data.length'
File ../crypto/ssl/src/ssltrspt.c; Line 346 # Assert failed: 'err == 0'
File ../crypto/ssl/src/ssltrspt.c; Line 345 # Assert failed: 'rec->sent == rec->                                                                                                                                                             data.length'
File ../crypto/ssl/src/ssltrspt.c; Line 346 # Assert failed: 'err == 0'
wFile ../crypto/ssl/src/ssltrspt.c; Line 345 # Assert failed: 'rec->sent == rec-                                                                                                                                                             >data.length'
File ../crypto/ssl/src/ssltrspt.c; Line 346 # Assert failed: 'err == 0'
File ../crypto/ssl/src/ssltrspt.c; Line 345 # Assert failed: 'rec->sent == rec->                                                                                                                                                             data.length'
File ../crypto/ssl/src/ssltrspt.c; Line 346 # Assert failed: 'err == 0'
File ../crypto/ssl/src/ssltrspt.c; Line 345 # Assert failed: 'rec->sent == rec->                                                                                                                                                             data.length'
File ../crypto/ssl/src/ssltrspt.c; Line 346 # Assert failed: 'err == 0'
r mem
                 ^
% Invalid input detected at '^' marker.

Cisco(config)#wr mem
                 ^
% Invalid input detected at '^' marker.

Cisco(config)#exit
Cisco#wr mem
Building configuration...

*Jan 27 18:59:51.051: %SYS-5-CONFIG_I: Configured from console by cisco on conso                                                                                                                                                             le[OK]
Cisco#show conf
Using 1654 out of 196600 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
enable password 7 13061E010803
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool Local
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.1
   dns-server 192.168.3.2 192.168.3.3
!
!
no ip domain lookup
ip domain name flickshine-1841
ip name-server 192.168.3.5
ip name-server 192.168.3.6
!
crypto pki trustpoint TP-self-signed-1811998869
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1811998869
 revocation-check none
 rsakeypair TP-self-signed-1811998869
!
!
crypto pki certificate chain TP-self-signed-1811998869
 certificate self-signed 01 nvram:IOS-Self-Sig#3901.cer
username cisco privilege 15 password 7 121A0C041104
!
!
!
interface FastEthernet0/0
 description Inside
 ip address dhcp
 no ip redirects
 no ip proxy-arp
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description Inside
 ip address 192.168.3.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
ip default-gateway 192.168.3.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 100 interface FastEthernet0/0 overload
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 privilege level 15
 transport input telnet ssh
!
scheduler allocate 20000 1000
ntp server 192.168.3.6
end

Cisco#
Cisco#
Cisco#show conf
Using 1654 out of 196600 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
enable password 7 13061E010803
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool Local
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.1
   dns-server 192.168.3.2 192.168.3.3
!
!
no ip domain lookup
ip domain name flickshine-1841
ip name-server 192.168.3.5
ip name-server 192.168.3.6
!
crypto pki trustpoint TP-self-signed-1811998869
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1811998869
 revocation-check none
 rsakeypair TP-self-signed-1811998869
!
!
crypto pki certificate chain TP-self-signed-1811998869
 certificate self-signed 01 nvram:IOS-Self-Sig#3901.cer
username cisco privilege 15 password 7 121A0C041104
!
!
!
interface FastEthernet0/0
 description Inside
 ip address dhcp
 no ip redirects
 no ip proxy-arp
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description Inside
 ip address 192.168.3.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
ip default-gateway 192.168.3.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 100 interface FastEthernet0/0 overload
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 privilege level 15
 transport input telnet ssh
!
scheduler allocate 20000 1000
ntp server 192.168.3.6
end

Cisco#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Cisco(config)#$nside source list 100 interface FastEthernet0/0 overload

Dynamic mapping in use, do you want to delete all entries? [no]: ip nat inside s                                                                                                                                                             ource list 100 interface FastEthernet0/0 overload
% Please answer 'yes' or 'no'.

Dynamic mapping in use, do you want to delete all entries? [no]:
%Error: Dynamic mapping in use, cannot remove
Cisco(config)#exit
Cisco#wr mem
Building configuration...

*Jan 27 19:00:32.107: %SYS-5-CONFIG_I: Configured from console by cisco on conso                                                                                                                                                             le[OK]
Cisco#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Cisco(config)#ip nat inside source list 100 interface f0/0 overload
%Dynamic mapping in use, cannot change
Cisco(config)#ip nat inside source list 100 interface f0/0 overload
%Dynamic mapping in use, cannot change
Cisco(config)#ip nat inside source list 100 interface f0/0 overload
%Dynamic mapping in use, cannot change
Cisco(config)#ip nat inside source list 100 interface f0/0 overload
%Dynamic mapping in use, cannot change
Cisco(config)#
*Jan 27 19:01:12.015: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern                                                                                                                                                             et0/0, changed state to down
*Jan 27 19:01:12.015: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern                                                                                                                                                             et0/1, changed state to downno ip nat inside source list 100 interface f0/0 over                                                                                                                                                             load

Dynamic mapping in use, do you want to delete all entries? [no]: yes
Cisco(config)#ip nat inside source list 100 interface f0/0 overload
Cisco(config)#$de source static tcp 192.168.3.9 85 interface f0/0 85
Cisco(config)#no access-list 1 permit ip 192.168.3.0 0.0.0.255 any
Cisco(config)#access-list 1 permit ip 192.168.3.0 0.0.0.255 any
Translating "ip"
                                   ^
% Invalid input detected at '^' marker.

Cisco(config)#access-list 1 deny   ip any any
Translating "ip"
                                   ^
% Invalid input detected at '^' marker.

Cisco(config)#access-list 1 permit 192.168.3.0 0.0.0.255 any
                                                         ^
% Invalid input detected at '^' marker.

Cisco(config)#access-list 100 permit ip 192.168.3.1 0.0.0.255 any
Cisco(config)#$ Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0
Cisco(config)#ip nat inside source list 100 pool Home overload
Cisco(config)#ip nat inside source list 100 interface fa0/0 overload
Cisco(config)#ip nat inside source list 1 interface f0/0 overload
Cisco(config)#access-list 1 permit 192.168.3.0 0.0.0.255
Cisco(config)#access-list 1 permit ip 192.168.3.0 0.0.0.255 any
Translating "ip"
                                   ^
% Invalid input detected at '^' marker.

Cisco(config)#access-list 100 permit ip 192.168.3.1 0.0.0.255 any
Cisco(config)#
*Jan 27 19:03:44.487: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern                                                                                                                                                             et0/1, changed state to up
*Jan 27 19:03:52.487: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern                                                                                                                                                             et0/0, changed state to up
Cisco(config)#exit
Cisco#show conf
*Jan 27 19:04:28.651: %SYS-5-CONFIG_I: Configured from console by cisco on conso                                                                                                                                                             le
Using 1654 out of 196600 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
enable password 7 13061E010803
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool Local
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.1
   dns-server 192.168.3.2 192.168.3.3
!
!
no ip domain lookup
ip domain name flickshine-1841
ip name-server 192.168.3.5
ip name-server 192.168.3.6
!
crypto pki trustpoint TP-self-signed-1811998869
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1811998869
 revocation-check none
 rsakeypair TP-self-signed-1811998869
!
!
crypto pki certificate chain TP-self-signed-1811998869
 certificate self-signed 01 nvram:IOS-Self-Sig#3901.cer
username cisco privilege 15 password 7 121A0C041104
!
!
!
interface FastEthernet0/0
 description Inside
 ip address dhcp
 no ip redirects
 no ip proxy-arp
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description Inside
 ip address 192.168.3.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
ip default-gateway 192.168.3.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 100 interface FastEthernet0/0 overload
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 privilege level 15
 transport input telnet ssh
!
scheduler allocate 20000 1000
ntp server 192.168.3.6
end

Cisco#
Cisco#access-list 1 permit 192.168.3.0 0.0.0.255
             ^
% Invalid input detected at '^' marker.

Cisco#wr mem
Building configuration...
[OK]
Cisco#ping google.com
Translating "google.com"
% Unrecognized host or address, or protocol not running.

Cisco#show conf
Using 1953 out of 196600 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
enable password 7 13061E010803
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool Local
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.1
   dns-server 192.168.3.2 192.168.3.3
!
!
no ip domain lookup
ip domain name flickshine-1841
ip name-server 192.168.3.5
ip name-server 192.168.3.6
!
crypto pki trustpoint TP-self-signed-1811998869
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1811998869
 revocation-check none
 rsakeypair TP-self-signed-1811998869
!
!
crypto pki certificate chain TP-self-signed-1811998869
 certificate self-signed 01 nvram:IOS-Self-Sig#3901.cer
username cisco privilege 15 password 7 121A0C041104
!
!
!
interface FastEthernet0/0
 description Inside
 ip address dhcp
 no ip redirects
 no ip proxy-arp
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description Inside
 ip address 192.168.3.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
ip default-gateway 192.168.3.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat pool Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source list 100 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.3.9 85 interface FastEthernet0/0 85
!
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 100 permit ip 192.168.3.0 0.0.0.255 any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 privilege level 15
 transport input telnet ssh
!
scheduler allocate 20000 1000
ntp server 192.168.3.6
end

Open in new window

0
 
MiftaulCommented:
All these three lines are wrong syntax. The parameters are for extended accesslist which starts with number 100.

Please follow what i said, once it works,  we will explain you the configuration errors.
0
 
umaximAuthor Commented:
ok if i will reset my router to defaul can you give me some direction how to configurate if from the begining maybe it will be more easy
0
 
umaximAuthor Commented:
can you give me some advice how to configuration write way dhcp so it will work with your access-list
0
 
MiftaulCommented:
Do the following command and then try to remove the lines.
Clear ip nat trans
0
 
MiftaulCommented:
You dont need to reset, its just few lines that needs removed.

Only three configuration needed here.

1. Enter interface ip and set them nat inside or outside.
2. create the dhcp pool
3 configure acl and ip nat inside source
0
 
umaximAuthor Commented:
ok i created everything you asked me and this is my file

Using 1211 out of 196600 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool Local
   network 192.168.10.0 255.255.255.0
   default-router 192.168.3.1
   dns-server 192.168.3.2 192.168.3.3
   domain-name pc.lan
!
!
!
!
!
!
!
interface FastEthernet0/0
 description Outside
 ip address dhcp
 no ip redirects
 no ip proxy-arp
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description Inside
 ip address 192.168.3.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
!
ip http server
no ip http secure-server
ip nat pool Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source list 100 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.3.9 85 interface FastEthernet0/0 85
!
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 100 permit ip 192.168.3.0 0.0.0.255 any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 login
!
scheduler allocate 20000 1000
end

Open in new window

0
 
umaximAuthor Commented:
but the internet is still not working.
0
 
MiftaulCommented:
Your dhcp pool is wrong, network 192.168.10.0 255.255.255.0
Interface connecting lan is 192.168.3.0 so the dhcp pool should be 192.168.3.0 255.255.255.0
0
 
umaximAuthor Commented:
Using 1210 out of 196600 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool Local
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.1
   dns-server 192.168.3.2 192.168.3.3
   domain-name pc.lan
!
!
!
!
!
!
!
interface FastEthernet0/0
 description Outside
 ip address dhcp
 no ip redirects
 no ip proxy-arp
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description Inside
 ip address 192.168.3.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
!
ip http server
no ip http secure-server
ip nat pool Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source list 100 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.3.9 85 interface FastEthernet0/0 85
!
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 100 permit ip 192.168.3.0 0.0.0.255 any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 login
!
scheduler allocate 20000 1000
end

Open in new window

0
 
MiftaulCommented:
You should exclude three addresses from dhcp, using

Ip dhcp exclude 192.168.3.1 192.168.3.3

Few acl lines are redundant, but it should work.
0
 
umaximAuthor Commented:
i did but now i can not connect skype and web togerger
0
 
umaximAuthor Commented:
I try to ping google.com on my router and it is said all 5 packages are missing
0
 
MiftaulCommented:
Can you add below,

Ip route 0.0.0.0 0.0.0.0 fa0/0

Also remove below lines,
Ip nat inside source list 100 interface FastEthernet0/0 overload
ip nat pool Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0
0
 
MiftaulCommented:
Can you check the ip address of the pc and also run a tracert to google and give the output.
0
 
umaximAuthor Commented:
the ip of computer is 192.168.3.12

on tracer it is gave me error unknown host google.com
0
 
MiftaulCommented:
Ping to google.com from within the router will fail, because no dns is configured on the router. How will the name resolve to ip. If you want set it with below config
ip name-server 8.8.8.8
Alternatively ping a public ip like 8.8.8.8
0
 
umaximAuthor Commented:
new conf

Using 1108 out of 196600 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.3.1 192.168.3.3
!
ip dhcp pool Home
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.1
!
!
!
!
!
!
!
interface FastEthernet0/0
 description Outside
 ip address dhcp
 no ip redirects
 no ip proxy-arp
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description Inside
 ip address 192.168.3.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.3.9 85 interface FastEthernet0/0 85
!
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 100 permit ip 192.168.3.0 0.0.0.255 any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 login
!
scheduler allocate 20000 1000
end

Open in new window

0
 
umaximAuthor Commented:
skype is working again
0
 
MiftaulCommented:
My friend, in you dhcp pool, you said your dns is dns-server 192.168.3.2 192.168.3.3. Your pcs are pointed to dns, 192.168.3.2 192.168.3.3. I think these dns are not working.

When you ping a fqdn, the name needs to be resolved to ip. Thats the problem now.

Either set the dns in dhcp pool, or manually change the pc dns to something working dns like 8.8.8.8

Can you ping 8.8.8.8 from pc and see what it says.
0
 
umaximAuthor Commented:
i add ip name-server 8.8.8.8
and it is stil same problem
0
 
umaximAuthor Commented:
how i can set dns ?
0
 
umaximAuthor Commented:
i see i set dns on my pc and it begin to work but how i can set dns on my router so it used internal dns not like open dns. Or how to set default dns for it like Open dns
0
 
MiftaulCommented:
After you set ip name server, are you pinging 8.8.8.8 from within the router.
Can you do the following command on pc to give us the output.
Ipconfig /all

Also please ping 8.8.8.8 from pc
0
 
umaximAuthor Commented:
ok i ping it is working. I add opendns.com on my computer and it is begin to work. How i understand my router did not give me any dns. So question how i can assign him some dns ?
0
 
MiftaulCommented:
To set an internal dns server, you need to have a dns server configured. But its ok to use 8.8.8.8 as your dns if you dont have a dns server.

Many people are using google 8.8.8.8 as dns, its good. Not much security issue.
0
 
umaximAuthor Commented:
ok but can i assing it in my router so when some one bring his laptop or pc he do not need to enter dns in network configuration like standart dns
0
 
MiftaulCommented:
My friend, your pc gets configuration from the dhcp pool configuration in the router. If you want to set the dns on your pc set, add that to the dhcp pool.
There are many public free dns server that are good like 8.8.8.8 or 4.2.2.2. Set them in your dhcp pool in router.

ip dhcp pool Local
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.1
   dns-server 8.8.8.8
   domain-name pc.lan
0
 
umaximAuthor Commented:
it is working thank you
0
 
umaximAuthor Commented:
one more question if i will need to configurate my int f0/0 on static ip like my provider will provide me today.

How i can assign ip address, mask, and route for my static ip.
0
 
MiftaulCommented:
When you get a static ip from yoir isp, you only need to change a single line on Fa0/0
Under interface FastEthernet0/0, change the following line

 ip address dhcp

To

Ip address a.a.a.a b.b.b.b c.c.c.c

A.a.a.a = the ip isp gives you
B.b.b.v= the subnet mask isp says
C.c.c.c = default gateway to isp
0
 
umaximAuthor Commented:
i test and it  gime me error


Router(config-if)#ip address 192.168.1.20 255.255.255.0 192.168.1.1
                                                        ^
% Invalid input detected at '^' marker.
0
 
MiftaulCommented:
You are doing nat on fa0/0, the interface ip is in use. To change the ip, disconnect the cable, do a "clear ip nat trans". Also do a "no ip addr dhcp"
Then enter "ip address 192.168.1.20 255.255.255.0 192.168.1.1"
 the syntax is correct, it definitely will work.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 22
  • 17
Tackle projects and never again get stuck behind a technical roadblock.
Join Now