Configuring Cisco 1700 for cable modem (can't ping out from lan PC )

Unanswered Question
Jun 27th, 2008

Here is what I can and can't do with my current config:

1) I can ping from the console cable on my router, to 4.2.2.2 and pinging google.com

2) I can't ping out from my LAN PC with a static ip set, or dhcp in my config set.

2A) I can ping the router 192.168.1.1 from my lan PC

2B) I can ping the IP address assigned by my ISP from my LAN PC

2C) Pinging 4.2.2.2 from my LAN pc fails

3A) Adding ip nat outside on the outside nic prevents me pinging 4.2.2.2 from the router.

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

enable secret 5 <password here>

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

!

!

ip dhcp excluded-address 192.168.1.1 192.168.1.179

!

ip dhcp pool 192.168.1.0/24

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

!

ip cef

ip audit po max-events 100

!

!

username <usernamehere> privilege 15 password 7 <password here>

!

!

!

!

!

!

interface Ethernet0

ip address dhcp

full-duplex

!

interface FastEthernet0

ip address 192.168.1.1 255.255.255.0

ip nat inside

speed 100

full-duplex

no cdp enable

!

ip classless

ip route 0.0.0.0 0.0.0.0 Ethernet0

ip http server

ip http authentication local

ip http secure-server

!

!

!

!

!

line con 0

password 7 <password>

login

line aux 0

password 7 <password>

login

line vty 0 4

password 7 <password>

login

transport input telnet ssh

!

end

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Fri, 06/27/2008 - 15:48

Chris

The immediate problem is that you are not translating addresses from the FastEthernet interface. So when you PC attempts to ping to the outside world the source address of the packet is 192.168.1.x and nothing in your ISP or the outside world knows how to route to that address.

To fix this you need to configure ip nat outside on interface ethernet0. And you need to configure address translation. It might look something like this:

access-list 15 permit 192.168.1.0 0.0.0.255

ip nat inside source list 15 interface FastEthernet0 overload

While it is not so much of a problem I will suggest a change in your static route. When you point a static route at an outbound interface as you have done it forces the router to ARP for every destination address and this causes the router to work harder and consume more memory. It would be better to configure it like ip route 0.0.0.0 0.0.0.0 dhcp

HTH

Rick

chrish346 Sun, 06/29/2008 - 08:42

Thanks rick... so I added those four lines, and here is my new running config below, however I still don't have luck as the same thing seems to be happening. Did I configure this running config correctly?

My PC's can ping the address of the interface that my ISP gives me, but nothing outside on the internet (4.2.2.2 or google.com)

Thanks so much for your help!!

Thanks rick, so here is what I did ... , I added 3 lines:

and my new running config gives me the same results as before, i can ping outside the internet from the console of my router, just not any PC's inside the lan:

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

enable secret 5

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

!

!

ip dhcp excluded-address 192.168.1.1 192.168.1.179

!

ip dhcp pool 192.168.1.0/24

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

!

ip cef

ip audit po max-events 100

!

!

username privilege 15 password 7

!

interface Ethernet0

ip address dhcp

full-duplex

ip nat ouside

access-list 15 permit 192.168.1.0 0.0.0.255

ip nat inside source list 15 interface FastEthernet 0 overload

!

interface FastEthernet0

ip address 192.168.1.1 255.255.255.0

ip nat inside

speed 100

full-duplex

no cdp enable

!

ip classless

ip route 0.0.0.0 0.0.0.0 dhcp

ip http server

ip http authentication local

ip http secure-server

!

!

line con 0

password 7

login

line aux 0

password 7

login

line vty 0 4

password 7

login

transport input telnet ssh

!

end

Richard Burts Mon, 06/30/2008 - 08:35

Chris

There was a problem in the suggestion that I gave you - for which I apologize. I referenced the wrong interface in the translation command. Remove this:

ip nat inside source list 15 interface FastEthernet 0 overload

and insert this:

ip nat inside source list 15 interface Ethernet 0 overload

and it should work better.

Give it a try and see if it fixes the problem.

HTH

Rick

Actions

This Discussion