Help With Router Configuration (1841 ISR)

O

outbreakm

Weaksauce
Joined
Jul 29, 2007
Messages
119
I cant get any computers on the network to connect to the internet. Each computer is getting an IP address, DNS server etc.. Please take a look at my config.



Building configuration...

Current configuration : 1120 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.2 192.168.0.10
!
ip dhcp pool LAN
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 65.24.0.168 64.24.0.169
lease infinite
!
!
!
!
!
!
interface FastEthernet0/0
description Wan interface
ip address 75.80.*.* 255.255.240.0
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
description Lan Interface
ip address 192.168.0.1 255.255.255.0
ip nat outside
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
ip http server
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
end
 
Well I changed int fa0/1 to ip nat inside but still cant connect to the internet.

Building configuration...

Current configuration : 1120 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.2 192.168.0.10
!
ip dhcp pool LAN
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 65.24.0.168 64.24.0.169
lease infinite
!
!
!
!
!
!
interface FastEthernet0/0
description Wan interface
ip address 75.80.*.* 255.255.240.0
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
description Lan Interface
ip address 192.168.0.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
ip http server
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
end
 
This is what I have for client using the 1841 with firewall feature set. It works:

ip nat inside source list ICH-LAN interface FastEthernet0/1 overload
!
ip access-list extended ICH-LAN
remark SDM_ACL Category=2
permit ip 192.168.64.0 0.0.0.255 any


I think you need to change the access list to extended or something.

 
I usually use pools, something like this:
ip nat pool Guest x.x.x.x x.x.x.x prefix-length 29
ip nat inside source list GuestNat pool Guest overload

interface FastEthernet0/1.50
description Guest Wireless Vlan$FW_INSIDE$
encapsulation dot1Q 50
ip address 10.50.0.1 255.255.255.128
no ip redirects
no ip proxy-arp
ip virtual-reassembly
ip nat inside
 
What kind of broadband connection are you using? For some reason, I feel like I should be seeing a demand-dial interface here, and that is what NAT overloading should be configured on.
 
BakedA|aska said:
What kind of broadband connection are you using? For some reason, I feel like I should be seeing a demand-dial interface here, and that is what NAT overloading should be configured on.
Click to expand...
Its basic cable internet from time warner.
 
There are usually 2 things that can go wrong in these scenario's . Routing or NAT.

Since we are using a single static route we can check routing by seeing if we can ping the next hop and some internet site like 4.2.2.2. Try using the next hop address instead of the interface.

If that is working and you can't ping that same address with an internal user then it may be NAT. Check the nat translation table with "show ip nat trans". Take a look at this link for NAT overloading.

http://www.cisco.com/warp/public/556/12.html#topic5

Something else to check is to make sure you are getting the correct dhcp scope and that address is included in the NAT overload
 
change 0.0.0.0 route to point out serial interface

change to overload on serial

that should fix it, pending you have DNS servers configured.
 
UnrealRage said:
change 0.0.0.0 route to point out serial interface

change to overload on serial

that should fix it, pending you have DNS servers configured.
Click to expand...

I believe the OP said he had a DSL line, suggesting it was plugged into Fa0/0 (description WAN interface) so I don't think setting up anything for the non-existant serial interface will help much there . . . . . :D
 
Got it to work. Changed the IP address on the WAN interface to dhcp and got rid of the dns server and put "import all"
 
You must log in or register to reply here.
Back
Top