Dear Lejoe,

Thanks very much for your time! Its well appreciated.

Please find below, my new config. I have done exactly as you directed.

!

interface Dialer1

ip address negotiated

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

ppp chap hostname xxxxxxxxxxxxxx

ppp chap password 0 xxxxxxxxxxx

ppp pap sent-username xxxxxxxx

ppp ipcp dns request

ppp ipcp route default

ppp ipcp address accept

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer1

!

!

ip http server

ip http authentication local

ip http secure-server

ip nat inside source list 100 interface Dialer1 overload

!

access-list 100 permit ip 192.168.0.0 0.0.0.255 any

dialer-list 1 protocol ip permit

!

Question:

1) As you can see in the above config, do I need the following on the dialer 1 interface?

dialer pool 1

ppp ipcp route default

ppp ipcp address accept

Or I should delete them.

2) Why using Access-list 100 and not Access-list 1.

Regards,

Law

Hi Law,

1) As you can see in the above config, do I need the following on the dialer 1 interface?

dialer pool 1

ppp ipcp route default

ppp ipcp address accept

Yes you need all the above in your dialer interface configuration. Since you're automatically inserting a dynamic default route through IPCP negotiations (ppp ipcp route default), remove the line

ip route 0.0.0.0 0.0.0.0 Dialer1

2) Why using Access-list 100 and not Access-list 1.

For specifying the traffic (internal LAN range) that will NATed, an extended access-list is used. Extended access-list begins from 100, which can deny or permit packets based on source and destination address, port numbers and upper layer protocols allows greater control and flexibility. Please note that this number (100) is referenced in the statement

ip nat inside source list 100 interface Dialer1 overload

A standard access-list which begins at 1, allows only to permit or deny based on source address or the entire TCP/IP protocol suite. We could also use a standard access-list to specify the NAT traffic, but I mostly prefer extended ACLs because of the control.

HTH

Lejoe

Thanks Lejoe,

I have the following interface on the router:

interface FastEthernet0/0

description LAN Interface

ip address 192.168.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

Question:

1) If I should connect a PC configure for 192.168.2.2/24,to the above interface, will I be able to brouse the internet?

2) Do I have to configure an internal DNS on the router to be able to brouse the net fron my internal pcs?

3) Does it mean that the two commands below are same, hence I should remove one?

ppp ipcp route default

ip route 0.0.0.0 0.0.0.0 Dialer1

Thanks a miilion

1) If I should connect a PC configure for 192.168.2.2/24,to the above interface, will I be able to brouse the internet?

No, since are you're not running DHCP, you'll have to configure default gateway and DNS on the PC before you can browse.

default gateway : 192.168.2.1/24

DNS Server : ISP obtained

2) Do I have to configure an internal DNS on the router to be able to brouse the net fron my internal pcs?

Yes, DNS is required. You can configure DNS address the same as that you obtain from your ISP on the PCs.

3) Does it mean that the two commands below are same, hence I should remove one?

(obtains default route dynamically through ppp/ipcp negotiations)

ppp ipcp route default

(statically setting a default route)

ip route 0.0.0.0 0.0.0.0 Dialer1

You can remove either of the above lines.

HTH

Lejoe

Thanks Lejoe,

Finally I can ping the internet from my router (i.e ping www.yahoo.com). But I can NOT browse from my internal network, which is connected to the interface f0/0

Please do I need a static NATing? or what can I do to be able to browse the net from my LAN?

Below is my running config:

interface FastEthernet0/0

description LAN Interface

ip address 192.168.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet0/2/0

switchport access vlan 2

!

interface FastEthernet0/2/1

switchport access vlan 3

!

interface FastEthernet0/2/2

switchport access vlan 4

!

interface FastEthernet0/2/3

switchport access vlan 5

!

interface ATM0/1/0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

pvc 0/38

dialer pool-member 1

protocol ppp dialer

!

!

interface Dot11Radio0/3/0

no ip address

!

encryption mode ciphers aes-ccm

!

ssid xxxx

!

speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0

54.0

channel 2412

station-role root

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 spanning-disabled

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

!

interface Vlan1

no ip address

!

interface Vlan2

description USER VLAN

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Vlan3

description SERVER VLAN

ip address 192.168.3.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Vlan4

description TRAINING VLAN

ip address 192.168.4.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Vlan5

description DMZ VLAN

ip address 192.168.5.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Dialer1

ip address negotiated

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

ppp chap hostname xxx

ppp chap password 0 xxxx

ppp pap sent-username xxxx

ppp ipcp dns request

ppp ipcp address accept

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer1

!

!

ip http server

ip http authentication local

ip http secure-server

ip nat inside source list 100 interface Dialer1 overload

!

access-list 100 permit ip 192.168.0.0 0.0.0.255 any

dialer-list 1 protocol ip permit

!

!

!

!

!

!

control-plane

!

!

!

!

!

!

!

!

gateway

timer receive-rtp 1200

!

!

!

line con 0

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet ssh

!

scheduler allocate 20000 1000

!

end

Law

Hello Law,

you may need to add manually the ISP DNS server on your PC LAN settings.

I see that you are not using DHCP so the PC has to be configured manually with a default gateway = 192.168.1.1 and with a DNS server.

Hope to help

Giuseppe

I have got a DHCP/DNS server on my LAN.

I have configuremy PC with static IP and using 192.168.2.1 as my GW. Yet I cannot browse the net.

May be I need to configure an IP NAT Pool (name), using my the IP Addreses that my ISP gave to me.......I don't know.

Thanks

i think f0/0 belongs to vlan1. why you don't give the IP address 192.168.2.1 to vlan1 instead of f0/0

Hi Law,

The issue of browsing is merely related to DNS. You have already configured NAting on the router, so most of your configuration on the router is correct.

Since you said you run an internal DHCP/DNS server, what I would suggest is

On one of your computers in the internal LAN, get details such as default gateway, DNS.

1) Verify the default gateway is indeed the f0/0 int of the router

2) Verify the DNS server is the address of the internal server

3) Ping the default gateway and DNS server

4) Verify the DNS server, which might be mostly configured as a forwarder is correctly forwarding name resolution queries to a public DNS server.

HTH

Lejoe

Thank you all for all your efforts in helping to solve my problem. However I have tried all your suggestions but no luck yet.

Below is my "sh ip route" when connecting the router to the internet:

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 217.47.30.74 to network 0.0.0.0

81.0.0.0/32 is subnetted, 1 subnets

C 81.135.169.26 is directly connected, Dialer1

217.47.30.0/32 is subnetted, 1 subnets

C 217.47.30.74 is directly connected, Dialer1

C 192.168.2.0/24 is directly connected, FastEthernet0/0

S* 0.0.0.0/0 [1/0] via 217.47.30.74

is directly connected, Dialer1

Again I can ping the internet from the router but I cannot browse the net (from my PC) whenever I connect to the f0/0 interface.

Hi Law,

Please host the output of the following commands

show host

show running-config

HTH

Lejoe

Hi,

The show host, will show you the address of the name-server. Use this address as the dns server on your PC and try if things work.

HTH

Lejoe

Thanks Lejoe,

#sh hosts

Default domain is not set

Name/address lookup uses domain service

Name servers are 255.255.255.255

Codes: UN - unknown, EX - expired, OK - OK, ?? - revalidate

temp - temporary, perm - permanent

NA - Not Applicable None - Not defined

Host Port Flags Age Type Address(es)

As you can see above, nothing is shown in the "sh host" command.

Question:

Do I need to configure a static name-servers (of my ISP) on the router?

Also attached is the running-config.

Thanks