umaxim
asked on
Cisco 1841
Hi i configurate Cisco router with config
and on my pc i test my internet and it is working for skype but i can not open any page using browser port 80
interface f0/0
int f0/0
description Outside
ip address dhcp
no ip redirects
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface f0/1
description Inside
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
ip nat inside source list 100 interface f0/0 overload
ip nat inside source static tcp 192.168.3.9 85 interface f0/0 85
!
access-list 1 permit ip 192.168.3.0 0.0.0.255 any
access-list 1 deny ip any any
access-list 1 permit 192.168.3.0 0.0.0.255 any
access-list 100 permit ip 192.168.3.1 0.0.0.255 any
ip nat pool Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0
ip nat inside source list 100 pool Home overload
ip nat inside source list 100 interface fa0/0 overload
and on my pc i test my internet and it is working for skype but i can not open any page using browser port 80
ASKER
how i can remove all the access-list
Enter into config term and put a NO before each line to remove them
To enter into config mode, type
Config term
To remove the first line, type
NO ip nat inside source list 100 interface f0/0 overload
To enter into config mode, type
Config term
To remove the first line, type
NO ip nat inside source list 100 interface f0/0 overload
ASKER
when i did it is said
Cisco(config)#access-list 1 permit ip 192.168.3.0 0.0.0.255 any
Translating "ip"
^
% Invalid input detected at '^' marker.
Cisco(config)#access-list 1 permit ip 192.168.3.0 0.0.0.255 any
Translating "ip"
^
% Invalid input detected at '^' marker.
Exactly, 1 is a standard access list number and can not understand ip.
Just enter below as i already said. It will work.
access-list 1 permit 192.168.3.0 0.0.0.255
ip nat inside source list 1 interface f0/0 overload
Just enter below as i already said. It will work.
access-list 1 permit 192.168.3.0 0.0.0.255
ip nat inside source list 1 interface f0/0 overload
ASKER
i got same error on this 3
access-list 1 permit ip 192.168.3.0 0.0.0.255 any
access-list 1 deny ip any any
access-list 1 permit 192.168.3.0 0.0.0.255 any
access-list 1 permit ip 192.168.3.0 0.0.0.255 any
access-list 1 deny ip any any
access-list 1 permit 192.168.3.0 0.0.0.255 any
ASKER
this is my conf file
I did everything you asked me to do. and it is still same problem
I did everything you asked me to do. and it is still same problem
Using 1858 out of 196600 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
enable password 7 13061E010803
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool Local
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server 192.168.3.2 192.168.3.3
!
!
no ip domain lookup
ip domain name flickshine-1841
ip name-server 192.168.3.5
ip name-server 192.168.3.6
!
crypto pki trustpoint TP-self-signed-1811998869
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1811998869
revocation-check none
rsakeypair TP-self-signed-1811998869
!
!
crypto pki certificate chain TP-self-signed-1811998869
certificate self-signed 01 nvram:IOS-Self-Sig#3901.cer
username cisco privilege 15 password 7 121A0C041104
!
!
!
interface FastEthernet0/0
description Inside
ip address dhcp
no ip redirects
no ip proxy-arp
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
description Inside
ip address 192.168.3.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip default-gateway 192.168.3.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat pool Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source list 100 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.3.9 85 interface FastEthernet0/0 85
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
Cisco#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Cisco(config)#$ool Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0
Cisco(config)#$nside source list 1 interface FastEthernet0/0 overload
Dynamic mapping in use, do you want to delete all entries? [no]: yes
Cisco(config)#$nside source list 100 interface FastEthernet0/0 overload
Dynamic mapping in use, do you want to delete all entries? [no]:
%Error: Dynamic mapping in use, cannot remove
Cisco(config)#$ce static tcp 192.168.3.9 85 interface FastEthernet0/0 85
Cisco(config)#File ../crypto/ssl/src/ssltrspt.c; Line 345 # Assert failed: 'rec- >sent == rec->data.length'
File ../crypto/ssl/src/ssltrspt.c; Line 346 # Assert failed: 'err == 0'
File ../crypto/ssl/src/ssltrspt.c; Line 345 # Assert failed: 'rec->sent == rec-> data.length'
File ../crypto/ssl/src/ssltrspt.c; Line 346 # Assert failed: 'err == 0'
File ../crypto/ssl/src/ssltrspt.c; Line 345 # Assert failed: 'rec->sent == rec-> data.length'
File ../crypto/ssl/src/ssltrspt.c; Line 346 # Assert failed: 'err == 0'
wFile ../crypto/ssl/src/ssltrspt.c; Line 345 # Assert failed: 'rec->sent == rec- >data.length'
File ../crypto/ssl/src/ssltrspt.c; Line 346 # Assert failed: 'err == 0'
File ../crypto/ssl/src/ssltrspt.c; Line 345 # Assert failed: 'rec->sent == rec-> data.length'
File ../crypto/ssl/src/ssltrspt.c; Line 346 # Assert failed: 'err == 0'
File ../crypto/ssl/src/ssltrspt.c; Line 345 # Assert failed: 'rec->sent == rec-> data.length'
File ../crypto/ssl/src/ssltrspt.c; Line 346 # Assert failed: 'err == 0'
r mem
^
% Invalid input detected at '^' marker.
Cisco(config)#wr mem
^
% Invalid input detected at '^' marker.
Cisco(config)#exit
Cisco#wr mem
Building configuration...
*Jan 27 18:59:51.051: %SYS-5-CONFIG_I: Configured from console by cisco on conso le[OK]
Cisco#show conf
Using 1654 out of 196600 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
enable password 7 13061E010803
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool Local
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server 192.168.3.2 192.168.3.3
!
!
no ip domain lookup
ip domain name flickshine-1841
ip name-server 192.168.3.5
ip name-server 192.168.3.6
!
crypto pki trustpoint TP-self-signed-1811998869
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1811998869
revocation-check none
rsakeypair TP-self-signed-1811998869
!
!
crypto pki certificate chain TP-self-signed-1811998869
certificate self-signed 01 nvram:IOS-Self-Sig#3901.cer
username cisco privilege 15 password 7 121A0C041104
!
!
!
interface FastEthernet0/0
description Inside
ip address dhcp
no ip redirects
no ip proxy-arp
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
description Inside
ip address 192.168.3.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip default-gateway 192.168.3.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 100 interface FastEthernet0/0 overload
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp server 192.168.3.6
end
Cisco#
Cisco#
Cisco#show conf
Using 1654 out of 196600 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
enable password 7 13061E010803
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool Local
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server 192.168.3.2 192.168.3.3
!
!
no ip domain lookup
ip domain name flickshine-1841
ip name-server 192.168.3.5
ip name-server 192.168.3.6
!
crypto pki trustpoint TP-self-signed-1811998869
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1811998869
revocation-check none
rsakeypair TP-self-signed-1811998869
!
!
crypto pki certificate chain TP-self-signed-1811998869
certificate self-signed 01 nvram:IOS-Self-Sig#3901.cer
username cisco privilege 15 password 7 121A0C041104
!
!
!
interface FastEthernet0/0
description Inside
ip address dhcp
no ip redirects
no ip proxy-arp
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
description Inside
ip address 192.168.3.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip default-gateway 192.168.3.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 100 interface FastEthernet0/0 overload
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp server 192.168.3.6
end
Cisco#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Cisco(config)#$nside source list 100 interface FastEthernet0/0 overload
Dynamic mapping in use, do you want to delete all entries? [no]: ip nat inside s ource list 100 interface FastEthernet0/0 overload
% Please answer 'yes' or 'no'.
Dynamic mapping in use, do you want to delete all entries? [no]:
%Error: Dynamic mapping in use, cannot remove
Cisco(config)#exit
Cisco#wr mem
Building configuration...
*Jan 27 19:00:32.107: %SYS-5-CONFIG_I: Configured from console by cisco on conso le[OK]
Cisco#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Cisco(config)#ip nat inside source list 100 interface f0/0 overload
%Dynamic mapping in use, cannot change
Cisco(config)#ip nat inside source list 100 interface f0/0 overload
%Dynamic mapping in use, cannot change
Cisco(config)#ip nat inside source list 100 interface f0/0 overload
%Dynamic mapping in use, cannot change
Cisco(config)#ip nat inside source list 100 interface f0/0 overload
%Dynamic mapping in use, cannot change
Cisco(config)#
*Jan 27 19:01:12.015: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern et0/0, changed state to down
*Jan 27 19:01:12.015: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern et0/1, changed state to downno ip nat inside source list 100 interface f0/0 over load
Dynamic mapping in use, do you want to delete all entries? [no]: yes
Cisco(config)#ip nat inside source list 100 interface f0/0 overload
Cisco(config)#$de source static tcp 192.168.3.9 85 interface f0/0 85
Cisco(config)#no access-list 1 permit ip 192.168.3.0 0.0.0.255 any
Cisco(config)#access-list 1 permit ip 192.168.3.0 0.0.0.255 any
Translating "ip"
^
% Invalid input detected at '^' marker.
Cisco(config)#access-list 1 deny ip any any
Translating "ip"
^
% Invalid input detected at '^' marker.
Cisco(config)#access-list 1 permit 192.168.3.0 0.0.0.255 any
^
% Invalid input detected at '^' marker.
Cisco(config)#access-list 100 permit ip 192.168.3.1 0.0.0.255 any
Cisco(config)#$ Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0
Cisco(config)#ip nat inside source list 100 pool Home overload
Cisco(config)#ip nat inside source list 100 interface fa0/0 overload
Cisco(config)#ip nat inside source list 1 interface f0/0 overload
Cisco(config)#access-list 1 permit 192.168.3.0 0.0.0.255
Cisco(config)#access-list 1 permit ip 192.168.3.0 0.0.0.255 any
Translating "ip"
^
% Invalid input detected at '^' marker.
Cisco(config)#access-list 100 permit ip 192.168.3.1 0.0.0.255 any
Cisco(config)#
*Jan 27 19:03:44.487: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern et0/1, changed state to up
*Jan 27 19:03:52.487: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthern et0/0, changed state to up
Cisco(config)#exit
Cisco#show conf
*Jan 27 19:04:28.651: %SYS-5-CONFIG_I: Configured from console by cisco on conso le
Using 1654 out of 196600 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
enable password 7 13061E010803
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool Local
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server 192.168.3.2 192.168.3.3
!
!
no ip domain lookup
ip domain name flickshine-1841
ip name-server 192.168.3.5
ip name-server 192.168.3.6
!
crypto pki trustpoint TP-self-signed-1811998869
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1811998869
revocation-check none
rsakeypair TP-self-signed-1811998869
!
!
crypto pki certificate chain TP-self-signed-1811998869
certificate self-signed 01 nvram:IOS-Self-Sig#3901.cer
username cisco privilege 15 password 7 121A0C041104
!
!
!
interface FastEthernet0/0
description Inside
ip address dhcp
no ip redirects
no ip proxy-arp
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
description Inside
ip address 192.168.3.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip default-gateway 192.168.3.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 100 interface FastEthernet0/0 overload
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp server 192.168.3.6
end
Cisco#
Cisco#access-list 1 permit 192.168.3.0 0.0.0.255
^
% Invalid input detected at '^' marker.
Cisco#wr mem
Building configuration...
[OK]
Cisco#ping google.com
Translating "google.com"
% Unrecognized host or address, or protocol not running.
Cisco#show conf
Using 1953 out of 196600 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Cisco
!
boot-start-marker
boot-end-marker
!
enable password 7 13061E010803
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool Local
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server 192.168.3.2 192.168.3.3
!
!
no ip domain lookup
ip domain name flickshine-1841
ip name-server 192.168.3.5
ip name-server 192.168.3.6
!
crypto pki trustpoint TP-self-signed-1811998869
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1811998869
revocation-check none
rsakeypair TP-self-signed-1811998869
!
!
crypto pki certificate chain TP-self-signed-1811998869
certificate self-signed 01 nvram:IOS-Self-Sig#3901.cer
username cisco privilege 15 password 7 121A0C041104
!
!
!
interface FastEthernet0/0
description Inside
ip address dhcp
no ip redirects
no ip proxy-arp
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
description Inside
ip address 192.168.3.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip default-gateway 192.168.3.1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat pool Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source list 100 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.3.9 85 interface FastEthernet0/0 85
!
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 100 permit ip 192.168.3.0 0.0.0.255 any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp server 192.168.3.6
end
All these three lines are wrong syntax. The parameters are for extended accesslist which starts with number 100.
Please follow what i said, once it works, we will explain you the configuration errors.
Please follow what i said, once it works, we will explain you the configuration errors.
ASKER
ok if i will reset my router to defaul can you give me some direction how to configurate if from the begining maybe it will be more easy
ASKER
can you give me some advice how to configuration write way dhcp so it will work with your access-list
Do the following command and then try to remove the lines.
Clear ip nat trans
Clear ip nat trans
You dont need to reset, its just few lines that needs removed.
Only three configuration needed here.
1. Enter interface ip and set them nat inside or outside.
2. create the dhcp pool
3 configure acl and ip nat inside source
Only three configuration needed here.
1. Enter interface ip and set them nat inside or outside.
2. create the dhcp pool
3 configure acl and ip nat inside source
ASKER
ok i created everything you asked me and this is my file
Using 1211 out of 196600 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool Local
network 192.168.10.0 255.255.255.0
default-router 192.168.3.1
dns-server 192.168.3.2 192.168.3.3
domain-name pc.lan
!
!
!
!
!
!
!
interface FastEthernet0/0
description Outside
ip address dhcp
no ip redirects
no ip proxy-arp
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
description Inside
ip address 192.168.3.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
!
ip http server
no ip http secure-server
ip nat pool Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source list 100 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.3.9 85 interface FastEthernet0/0 85
!
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 100 permit ip 192.168.3.0 0.0.0.255 any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end
ASKER
but the internet is still not working.
Your dhcp pool is wrong, network 192.168.10.0 255.255.255.0
Interface connecting lan is 192.168.3.0 so the dhcp pool should be 192.168.3.0 255.255.255.0
Interface connecting lan is 192.168.3.0 so the dhcp pool should be 192.168.3.0 255.255.255.0
ASKER
Using 1210 out of 196600 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool Local
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server 192.168.3.2 192.168.3.3
domain-name pc.lan
!
!
!
!
!
!
!
interface FastEthernet0/0
description Outside
ip address dhcp
no ip redirects
no ip proxy-arp
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
description Inside
ip address 192.168.3.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
!
ip http server
no ip http secure-server
ip nat pool Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source list 100 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.3.9 85 interface FastEthernet0/0 85
!
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 100 permit ip 192.168.3.0 0.0.0.255 any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end
You should exclude three addresses from dhcp, using
Ip dhcp exclude 192.168.3.1 192.168.3.3
Few acl lines are redundant, but it should work.
Ip dhcp exclude 192.168.3.1 192.168.3.3
Few acl lines are redundant, but it should work.
ASKER
i did but now i can not connect skype and web togerger
ASKER
I try to ping google.com on my router and it is said all 5 packages are missing
Can you add below,
Ip route 0.0.0.0 0.0.0.0 fa0/0
Also remove below lines,
Ip nat inside source list 100 interface FastEthernet0/0 overload
ip nat pool Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0
Ip route 0.0.0.0 0.0.0.0 fa0/0
Also remove below lines,
Ip nat inside source list 100 interface FastEthernet0/0 overload
ip nat pool Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0
Can you check the ip address of the pc and also run a tracert to google and give the output.
ASKER
the ip of computer is 192.168.3.12
on tracer it is gave me error unknown host google.com
on tracer it is gave me error unknown host google.com
Ping to google.com from within the router will fail, because no dns is configured on the router. How will the name resolve to ip. If you want set it with below config
ip name-server 8.8.8.8
Alternatively ping a public ip like 8.8.8.8
ip name-server 8.8.8.8
Alternatively ping a public ip like 8.8.8.8
ASKER
new conf
Using 1108 out of 196600 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.3.1 192.168.3.3
!
ip dhcp pool Home
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
!
!
!
!
!
!
!
interface FastEthernet0/0
description Outside
ip address dhcp
no ip redirects
no ip proxy-arp
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
description Inside
ip address 192.168.3.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.3.9 85 interface FastEthernet0/0 85
!
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 100 permit ip 192.168.3.0 0.0.0.255 any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end
ASKER
skype is working again
My friend, in you dhcp pool, you said your dns is dns-server 192.168.3.2 192.168.3.3. Your pcs are pointed to dns, 192.168.3.2 192.168.3.3. I think these dns are not working.
When you ping a fqdn, the name needs to be resolved to ip. Thats the problem now.
Either set the dns in dhcp pool, or manually change the pc dns to something working dns like 8.8.8.8
Can you ping 8.8.8.8 from pc and see what it says.
When you ping a fqdn, the name needs to be resolved to ip. Thats the problem now.
Either set the dns in dhcp pool, or manually change the pc dns to something working dns like 8.8.8.8
Can you ping 8.8.8.8 from pc and see what it says.
ASKER
i add ip name-server 8.8.8.8
and it is stil same problem
and it is stil same problem
ASKER
how i can set dns ?
ASKER
i see i set dns on my pc and it begin to work but how i can set dns on my router so it used internal dns not like open dns. Or how to set default dns for it like Open dns
After you set ip name server, are you pinging 8.8.8.8 from within the router.
Can you do the following command on pc to give us the output.
Ipconfig /all
Also please ping 8.8.8.8 from pc
Can you do the following command on pc to give us the output.
Ipconfig /all
Also please ping 8.8.8.8 from pc
ASKER
ok i ping it is working. I add opendns.com on my computer and it is begin to work. How i understand my router did not give me any dns. So question how i can assign him some dns ?
To set an internal dns server, you need to have a dns server configured. But its ok to use 8.8.8.8 as your dns if you dont have a dns server.
Many people are using google 8.8.8.8 as dns, its good. Not much security issue.
Many people are using google 8.8.8.8 as dns, its good. Not much security issue.
ASKER
ok but can i assing it in my router so when some one bring his laptop or pc he do not need to enter dns in network configuration like standart dns
My friend, your pc gets configuration from the dhcp pool configuration in the router. If you want to set the dns on your pc set, add that to the dhcp pool.
There are many public free dns server that are good like 8.8.8.8 or 4.2.2.2. Set them in your dhcp pool in router.
ip dhcp pool Local
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server 8.8.8.8
domain-name pc.lan
There are many public free dns server that are good like 8.8.8.8 or 4.2.2.2. Set them in your dhcp pool in router.
ip dhcp pool Local
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server 8.8.8.8
domain-name pc.lan
ASKER
it is working thank you
ASKER
one more question if i will need to configurate my int f0/0 on static ip like my provider will provide me today.
How i can assign ip address, mask, and route for my static ip.
How i can assign ip address, mask, and route for my static ip.
When you get a static ip from yoir isp, you only need to change a single line on Fa0/0
Under interface FastEthernet0/0, change the following line
ip address dhcp
To
Ip address a.a.a.a b.b.b.b c.c.c.c
A.a.a.a = the ip isp gives you
B.b.b.v= the subnet mask isp says
C.c.c.c = default gateway to isp
Under interface FastEthernet0/0, change the following line
ip address dhcp
To
Ip address a.a.a.a b.b.b.b c.c.c.c
A.a.a.a = the ip isp gives you
B.b.b.v= the subnet mask isp says
C.c.c.c = default gateway to isp
ASKER
i test and it gime me error
Router(config-if)#ip address 192.168.1.20 255.255.255.0 192.168.1.1
^
% Invalid input detected at '^' marker.
Router(config-if)#ip address 192.168.1.20 255.255.255.0 192.168.1.1
^
% Invalid input detected at '^' marker.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
1 to 99 number are standard access-lists and are unaware of layer4, how could you enter ip and also destination any. Router should have given error.
Can you remove all the access-list and nat entries, like all below.
ip nat inside source list 100 interface f0/0 overload
ip nat inside source static tcp 192.168.3.9 85 interface f0/0 85
access-list 1 permit ip 192.168.3.0 0.0.0.255 any
access-list 1 deny ip any any
access-list 1 permit 192.168.3.0 0.0.0.255 any
access-list 100 permit ip 192.168.3.1 0.0.0.255 any
ip nat pool Home 192.168.3.3 192.168.3.255 netmask 255.255.255.0
ip nat inside source list 100 pool Home overload
ip nat inside source list 100 interface fa0/0 overload
And enter below
ip nat inside source list 1 interface f0/0 overload
access-list 1 permit 192.168.3.0 0.0.0.255
It should work.