Solved

Cisco 1841

Posted on 2014-01-27
39
647 Views
Last Modified: 2014-02-20
Hi i configurate Cisco router with config

interface f0/0
int f0/0 
description Outside
 ip address dhcp
 no ip redirects
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface f0/1
 description Inside
 ip address 192.168.3.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!

ip nat inside source list 100 interface f0/0 overload
ip nat inside source static tcp 192.168.3.9 85 interface f0/0 85
!
access-list 1 permit ip 192.168.3.0 0.0.0.255 any
access-list 1 deny   ip any any


access-list 1 permit 192.168.3.0 0.0.0.255 any

access-list 100 permit ip 192.168.3.1 0.0.0.255 any

ip nat pool Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0

ip nat inside source list 100 pool Home overload

ip nat inside source list 100 interface fa0/0 overload

Open in new window


and on my pc i test my internet and it is working for skype but i can not open any page using browser port 80
0
Comment
Question by:umaxim
  • 22
  • 17
39 Comments
 
LVL 11

Expert Comment

by:Miftaul
ID: 39812693
Your access-lists are not correct.
1 to 99 number are standard access-lists and are unaware of layer4, how could you enter ip and also destination any. Router should have given error.

Can you remove all the access-list and nat entries, like all below.

ip nat inside source list 100 interface f0/0 overload
ip nat inside source static tcp 192.168.3.9 85 interface f0/0 85
access-list 1 permit ip 192.168.3.0 0.0.0.255 any
access-list 1 deny   ip any any
access-list 1 permit 192.168.3.0 0.0.0.255 any
access-list 100 permit ip 192.168.3.1 0.0.0.255 any
ip nat pool Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0
ip nat inside source list 100 pool Home overload
ip nat inside source list 100 interface fa0/0 overload

And enter below

ip nat inside source list 1 interface f0/0 overload
access-list 1 permit 192.168.3.0 0.0.0.255

It should work.
0
 
LVL 1

Author Comment

by:umaxim
ID: 39812723
how i can remove  all the access-list
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39812750
Enter into config term and put a NO before each line to remove them
To enter into config mode, type
Config term
To remove the first line, type
NO ip nat inside source list 100 interface f0/0 overload
0
 
LVL 1

Author Comment

by:umaxim
ID: 39812760
when i did it is said

Cisco(config)#access-list 1 permit ip 192.168.3.0 0.0.0.255 any
Translating "ip"
                                   ^
% Invalid input detected at '^' marker.
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39812782
Exactly, 1 is a standard access list number and can not understand ip.

Just enter below as i already said. It will work.

access-list 1 permit 192.168.3.0 0.0.0.255
ip nat inside source list 1 interface f0/0 overload
0
 
LVL 1

Author Comment

by:umaxim
ID: 39812792
i got same error on this 3
access-list 1 permit ip 192.168.3.0 0.0.0.255 any
access-list 1 deny   ip any any
access-list 1 permit 192.168.3.0 0.0.0.255 any
0
 
LVL 1

Author Comment

by:umaxim
ID: 39812800
this is my conf file
I did everything you asked me to do. and it is still same problem

Using 1858 out of 196600 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
enable password 7 13061E010803
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool Local
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.1
   dns-server 192.168.3.2 192.168.3.3
!
!
no ip domain lookup
ip domain name flickshine-1841
ip name-server 192.168.3.5
ip name-server 192.168.3.6
!
crypto pki trustpoint TP-self-signed-1811998869
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1811998869
 revocation-check none
 rsakeypair TP-self-signed-1811998869
!
!
crypto pki certificate chain TP-self-signed-1811998869
 certificate self-signed 01 nvram:IOS-Self-Sig#3901.cer
username cisco privilege 15 password 7 121A0C041104
!
!
!
interface FastEthernet0/0
 description Inside
 ip address dhcp
 no ip redirects
 no ip proxy-arp
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description Inside
 ip address 192.168.3.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
ip default-gateway 192.168.3.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat pool Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source list 100 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.3.9 85 interface FastEthernet0/0 85
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 privilege level 15
 transport input telnet ssh
!
scheduler allocate 20000 1000

Cisco#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Cisco(config)#$ool Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0
Cisco(config)#$nside source list 1 interface FastEthernet0/0 overload

Dynamic mapping in use, do you want to delete all entries? [no]: yes
Cisco(config)#$nside source list 100 interface FastEthernet0/0 overload

Dynamic mapping in use, do you want to delete all entries? [no]:
%Error: Dynamic mapping in use, cannot remove
Cisco(config)#$ce static tcp 192.168.3.9 85 interface FastEthernet0/0 85
Cisco(config)#File ../crypto/ssl/src/ssltrspt.c; Line 345 # Assert failed: 'rec-                                                                                                                                                             >sent == rec->data.length'
File ../crypto/ssl/src/ssltrspt.c; Line 346 # Assert failed: 'err == 0'
File ../crypto/ssl/src/ssltrspt.c; Line 345 # Assert failed: 'rec->sent == rec->                                                                                                                                                             data.length'
File ../crypto/ssl/src/ssltrspt.c; Line 346 # Assert failed: 'err == 0'
File ../crypto/ssl/src/ssltrspt.c; Line 345 # Assert failed: 'rec->sent == rec->                                                                                                                                                             data.length'
File ../crypto/ssl/src/ssltrspt.c; Line 346 # Assert failed: 'err == 0'
wFile ../crypto/ssl/src/ssltrspt.c; Line 345 # Assert failed: 'rec->sent == rec-                                                                                                                                                             >data.length'
File ../crypto/ssl/src/ssltrspt.c; Line 346 # Assert failed: 'err == 0'
File ../crypto/ssl/src/ssltrspt.c; Line 345 # Assert failed: 'rec->sent == rec->                                                                                                                                                             data.length'
File ../crypto/ssl/src/ssltrspt.c; Line 346 # Assert failed: 'err == 0'
File ../crypto/ssl/src/ssltrspt.c; Line 345 # Assert failed: 'rec->sent == rec->                                                                                                                                                             data.length'
File ../crypto/ssl/src/ssltrspt.c; Line 346 # Assert failed: 'err == 0'
r mem
                 ^
% Invalid input detected at '^' marker.

Cisco(config)#wr mem
                 ^
% Invalid input detected at '^' marker.

Cisco(config)#exit
Cisco#wr mem
Building configuration...

*Jan 27 18:59:51.051: %SYS-5-CONFIG_I: Configured from console by cisco on conso                                                                                                                                                             le[OK]
Cisco#show conf
Using 1654 out of 196600 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
enable password 7 13061E010803
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool Local
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.1
   dns-server 192.168.3.2 192.168.3.3
!
!
no ip domain lookup
ip domain name flickshine-1841
ip name-server 192.168.3.5
ip name-server 192.168.3.6
!
crypto pki trustpoint TP-self-signed-1811998869
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1811998869
 revocation-check none
 rsakeypair TP-self-signed-1811998869
!
!
crypto pki certificate chain TP-self-signed-1811998869
 certificate self-signed 01 nvram:IOS-Self-Sig#3901.cer
username cisco privilege 15 password 7 121A0C041104
!
!
!
interface FastEthernet0/0
 description Inside
 ip address dhcp
 no ip redirects
 no ip proxy-arp
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description Inside
 ip address 192.168.3.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
ip default-gateway 192.168.3.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 100 interface FastEthernet0/0 overload
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 privilege level 15
 transport input telnet ssh
!
scheduler allocate 20000 1000
ntp server 192.168.3.6
end

Cisco#
Cisco#
Cisco#show conf
Using 1654 out of 196600 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
enable password 7 13061E010803
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool Local
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.1
   dns-server 192.168.3.2 192.168.3.3
!
!
no ip domain lookup
ip domain name flickshine-1841
ip name-server 192.168.3.5
ip name-server 192.168.3.6
!
crypto pki trustpoint TP-self-signed-1811998869
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1811998869
 revocation-check none
 rsakeypair TP-self-signed-1811998869
!
!
crypto pki certificate chain TP-self-signed-1811998869
 certificate self-signed 01 nvram:IOS-Self-Sig#3901.cer
username cisco privilege 15 password 7 121A0C041104
!
!
!
interface FastEthernet0/0
 description Inside
 ip address dhcp
 no ip redirects
 no ip proxy-arp
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description Inside
 ip address 192.168.3.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
ip default-gateway 192.168.3.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 100 interface FastEthernet0/0 overload
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 privilege level 15
 transport input telnet ssh
!
scheduler allocate 20000 1000
ntp server 192.168.3.6
end

Cisco#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Cisco(config)#$nside source list 100 interface FastEthernet0/0 overload

Dynamic mapping in use, do you want to delete all entries? [no]: ip nat inside s                                                                                                                                                             ource list 100 interface FastEthernet0/0 overload
% Please answer 'yes' or 'no'.

Dynamic mapping in use, do you want to delete all entries? [no]:
%Error: Dynamic mapping in use, cannot remove
Cisco(config)#exit
Cisco#wr mem
Building configuration...

*Jan 27 19:00:32.107: %SYS-5-CONFIG_I: Configured from console by cisco on conso                                                                                                                                                             le[OK]
Cisco#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Cisco(config)#ip nat inside source list 100 interface f0/0 overload
%Dynamic mapping in use, cannot change
Cisco(config)#ip nat inside source list 100 interface f0/0 overload
%Dynamic mapping in use, cannot change
Cisco(config)#ip nat inside source list 100 interface f0/0 overload
%Dynamic mapping in use, cannot change
Cisco(config)#ip nat inside source list 100 interface f0/0 overload
%Dynamic mapping in use, cannot change
Cisco(config)#
*Jan 27 19:01:12.015: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern                                                                                                                                                             et0/0, changed state to down
*Jan 27 19:01:12.015: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern                                                                                                                                                             et0/1, changed state to downno ip nat inside source list 100 interface f0/0 over                                                                                                                                                             load

Dynamic mapping in use, do you want to delete all entries? [no]: yes
Cisco(config)#ip nat inside source list 100 interface f0/0 overload
Cisco(config)#$de source static tcp 192.168.3.9 85 interface f0/0 85
Cisco(config)#no access-list 1 permit ip 192.168.3.0 0.0.0.255 any
Cisco(config)#access-list 1 permit ip 192.168.3.0 0.0.0.255 any
Translating "ip"
                                   ^
% Invalid input detected at '^' marker.

Cisco(config)#access-list 1 deny   ip any any
Translating "ip"
                                   ^
% Invalid input detected at '^' marker.

Cisco(config)#access-list 1 permit 192.168.3.0 0.0.0.255 any
                                                         ^
% Invalid input detected at '^' marker.

Cisco(config)#access-list 100 permit ip 192.168.3.1 0.0.0.255 any
Cisco(config)#$ Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0
Cisco(config)#ip nat inside source list 100 pool Home overload
Cisco(config)#ip nat inside source list 100 interface fa0/0 overload
Cisco(config)#ip nat inside source list 1 interface f0/0 overload
Cisco(config)#access-list 1 permit 192.168.3.0 0.0.0.255
Cisco(config)#access-list 1 permit ip 192.168.3.0 0.0.0.255 any
Translating "ip"
                                   ^
% Invalid input detected at '^' marker.

Cisco(config)#access-list 100 permit ip 192.168.3.1 0.0.0.255 any
Cisco(config)#
*Jan 27 19:03:44.487: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern                                                                                                                                                             et0/1, changed state to up
*Jan 27 19:03:52.487: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern                                                                                                                                                             et0/0, changed state to up
Cisco(config)#exit
Cisco#show conf
*Jan 27 19:04:28.651: %SYS-5-CONFIG_I: Configured from console by cisco on conso                                                                                                                                                             le
Using 1654 out of 196600 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
enable password 7 13061E010803
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool Local
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.1
   dns-server 192.168.3.2 192.168.3.3
!
!
no ip domain lookup
ip domain name flickshine-1841
ip name-server 192.168.3.5
ip name-server 192.168.3.6
!
crypto pki trustpoint TP-self-signed-1811998869
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1811998869
 revocation-check none
 rsakeypair TP-self-signed-1811998869
!
!
crypto pki certificate chain TP-self-signed-1811998869
 certificate self-signed 01 nvram:IOS-Self-Sig#3901.cer
username cisco privilege 15 password 7 121A0C041104
!
!
!
interface FastEthernet0/0
 description Inside
 ip address dhcp
 no ip redirects
 no ip proxy-arp
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description Inside
 ip address 192.168.3.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
ip default-gateway 192.168.3.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 100 interface FastEthernet0/0 overload
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 privilege level 15
 transport input telnet ssh
!
scheduler allocate 20000 1000
ntp server 192.168.3.6
end

Cisco#
Cisco#access-list 1 permit 192.168.3.0 0.0.0.255
             ^
% Invalid input detected at '^' marker.

Cisco#wr mem
Building configuration...
[OK]
Cisco#ping google.com
Translating "google.com"
% Unrecognized host or address, or protocol not running.

Cisco#show conf
Using 1953 out of 196600 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
enable password 7 13061E010803
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool Local
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.1
   dns-server 192.168.3.2 192.168.3.3
!
!
no ip domain lookup
ip domain name flickshine-1841
ip name-server 192.168.3.5
ip name-server 192.168.3.6
!
crypto pki trustpoint TP-self-signed-1811998869
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1811998869
 revocation-check none
 rsakeypair TP-self-signed-1811998869
!
!
crypto pki certificate chain TP-self-signed-1811998869
 certificate self-signed 01 nvram:IOS-Self-Sig#3901.cer
username cisco privilege 15 password 7 121A0C041104
!
!
!
interface FastEthernet0/0
 description Inside
 ip address dhcp
 no ip redirects
 no ip proxy-arp
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description Inside
 ip address 192.168.3.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
ip default-gateway 192.168.3.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat pool Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source list 100 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.3.9 85 interface FastEthernet0/0 85
!
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 100 permit ip 192.168.3.0 0.0.0.255 any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 privilege level 15
 transport input telnet ssh
!
scheduler allocate 20000 1000
ntp server 192.168.3.6
end

Open in new window

0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39812805
All these three lines are wrong syntax. The parameters are for extended accesslist which starts with number 100.

Please follow what i said, once it works,  we will explain you the configuration errors.
0
 
LVL 1

Author Comment

by:umaxim
ID: 39812812
ok if i will reset my router to defaul can you give me some direction how to configurate if from the begining maybe it will be more easy
0
 
LVL 1

Author Comment

by:umaxim
ID: 39812821
can you give me some advice how to configuration write way dhcp so it will work with your access-list
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39812823
Do the following command and then try to remove the lines.
Clear ip nat trans
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39812831
You dont need to reset, its just few lines that needs removed.

Only three configuration needed here.

1. Enter interface ip and set them nat inside or outside.
2. create the dhcp pool
3 configure acl and ip nat inside source
0
 
LVL 1

Author Comment

by:umaxim
ID: 39812855
ok i created everything you asked me and this is my file

Using 1211 out of 196600 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool Local
   network 192.168.10.0 255.255.255.0
   default-router 192.168.3.1
   dns-server 192.168.3.2 192.168.3.3
   domain-name pc.lan
!
!
!
!
!
!
!
interface FastEthernet0/0
 description Outside
 ip address dhcp
 no ip redirects
 no ip proxy-arp
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description Inside
 ip address 192.168.3.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
!
ip http server
no ip http secure-server
ip nat pool Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source list 100 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.3.9 85 interface FastEthernet0/0 85
!
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 100 permit ip 192.168.3.0 0.0.0.255 any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 login
!
scheduler allocate 20000 1000
end

Open in new window

0
 
LVL 1

Author Comment

by:umaxim
ID: 39812859
but the internet is still not working.
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39812883
Your dhcp pool is wrong, network 192.168.10.0 255.255.255.0
Interface connecting lan is 192.168.3.0 so the dhcp pool should be 192.168.3.0 255.255.255.0
0
 
LVL 1

Author Comment

by:umaxim
ID: 39812896
Using 1210 out of 196600 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool Local
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.1
   dns-server 192.168.3.2 192.168.3.3
   domain-name pc.lan
!
!
!
!
!
!
!
interface FastEthernet0/0
 description Outside
 ip address dhcp
 no ip redirects
 no ip proxy-arp
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description Inside
 ip address 192.168.3.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
!
ip http server
no ip http secure-server
ip nat pool Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source list 100 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.3.9 85 interface FastEthernet0/0 85
!
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 100 permit ip 192.168.3.0 0.0.0.255 any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 login
!
scheduler allocate 20000 1000
end

Open in new window

0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39812905
You should exclude three addresses from dhcp, using

Ip dhcp exclude 192.168.3.1 192.168.3.3

Few acl lines are redundant, but it should work.
0
 
LVL 1

Author Comment

by:umaxim
ID: 39812912
i did but now i can not connect skype and web togerger
0
 
LVL 1

Author Comment

by:umaxim
ID: 39812920
I try to ping google.com on my router and it is said all 5 packages are missing
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 11

Expert Comment

by:Miftaul
ID: 39812926
Can you add below,

Ip route 0.0.0.0 0.0.0.0 fa0/0

Also remove below lines,
Ip nat inside source list 100 interface FastEthernet0/0 overload
ip nat pool Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39812931
Can you check the ip address of the pc and also run a tracert to google and give the output.
0
 
LVL 1

Author Comment

by:umaxim
ID: 39812944
the ip of computer is 192.168.3.12

on tracer it is gave me error unknown host google.com
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39812946
Ping to google.com from within the router will fail, because no dns is configured on the router. How will the name resolve to ip. If you want set it with below config
ip name-server 8.8.8.8
Alternatively ping a public ip like 8.8.8.8
0
 
LVL 1

Author Comment

by:umaxim
ID: 39812949
new conf

Using 1108 out of 196600 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.3.1 192.168.3.3
!
ip dhcp pool Home
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.1
!
!
!
!
!
!
!
interface FastEthernet0/0
 description Outside
 ip address dhcp
 no ip redirects
 no ip proxy-arp
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description Inside
 ip address 192.168.3.1 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.3.9 85 interface FastEthernet0/0 85
!
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 100 permit ip 192.168.3.0 0.0.0.255 any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 login
!
scheduler allocate 20000 1000
end

Open in new window

0
 
LVL 1

Author Comment

by:umaxim
ID: 39812951
skype is working again
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39812956
My friend, in you dhcp pool, you said your dns is dns-server 192.168.3.2 192.168.3.3. Your pcs are pointed to dns, 192.168.3.2 192.168.3.3. I think these dns are not working.

When you ping a fqdn, the name needs to be resolved to ip. Thats the problem now.

Either set the dns in dhcp pool, or manually change the pc dns to something working dns like 8.8.8.8

Can you ping 8.8.8.8 from pc and see what it says.
0
 
LVL 1

Author Comment

by:umaxim
ID: 39812957
i add ip name-server 8.8.8.8
and it is stil same problem
0
 
LVL 1

Author Comment

by:umaxim
ID: 39812960
how i can set dns ?
0
 
LVL 1

Author Comment

by:umaxim
ID: 39812970
i see i set dns on my pc and it begin to work but how i can set dns on my router so it used internal dns not like open dns. Or how to set default dns for it like Open dns
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39812975
After you set ip name server, are you pinging 8.8.8.8 from within the router.
Can you do the following command on pc to give us the output.
Ipconfig /all

Also please ping 8.8.8.8 from pc
0
 
LVL 1

Author Comment

by:umaxim
ID: 39812981
ok i ping it is working. I add opendns.com on my computer and it is begin to work. How i understand my router did not give me any dns. So question how i can assign him some dns ?
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39812982
To set an internal dns server, you need to have a dns server configured. But its ok to use 8.8.8.8 as your dns if you dont have a dns server.

Many people are using google 8.8.8.8 as dns, its good. Not much security issue.
0
 
LVL 1

Author Comment

by:umaxim
ID: 39812990
ok but can i assing it in my router so when some one bring his laptop or pc he do not need to enter dns in network configuration like standart dns
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39813000
My friend, your pc gets configuration from the dhcp pool configuration in the router. If you want to set the dns on your pc set, add that to the dhcp pool.
There are many public free dns server that are good like 8.8.8.8 or 4.2.2.2. Set them in your dhcp pool in router.

ip dhcp pool Local
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.1
   dns-server 8.8.8.8
   domain-name pc.lan
0
 
LVL 1

Author Comment

by:umaxim
ID: 39813002
it is working thank you
0
 
LVL 1

Author Comment

by:umaxim
ID: 39813006
one more question if i will need to configurate my int f0/0 on static ip like my provider will provide me today.

How i can assign ip address, mask, and route for my static ip.
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39813042
When you get a static ip from yoir isp, you only need to change a single line on Fa0/0
Under interface FastEthernet0/0, change the following line

 ip address dhcp

To

Ip address a.a.a.a b.b.b.b c.c.c.c

A.a.a.a = the ip isp gives you
B.b.b.v= the subnet mask isp says
C.c.c.c = default gateway to isp
0
 
LVL 1

Author Comment

by:umaxim
ID: 39813059
i test and it  gime me error


Router(config-if)#ip address 192.168.1.20 255.255.255.0 192.168.1.1
                                                        ^
% Invalid input detected at '^' marker.
0
 
LVL 11

Accepted Solution

by:
Miftaul earned 500 total points
ID: 39813075
You are doing nat on fa0/0, the interface ip is in use. To change the ip, disconnect the cable, do a "clear ip nat trans". Also do a "no ip addr dhcp"
Then enter "ip address 192.168.1.20 255.255.255.0 192.168.1.1"
 the syntax is correct, it definitely will work.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now