config for new router

Unanswered Question
Feb 18th, 2012

I bought a new router I am having trouble configuring.  I am including the config for the new router and the old router that I am currently using.  I replaced my ip address with 99.999.999.99.  I would appreciate any help as to what I am doing wrong I'm not that familiar with networking.

NEW ROUTER
Building configuration...

Current configuration : 4963 bytes
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco861
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
memory-size iomem 10
!
crypto pki trustpoint TP-self-signed-525585330
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-525585330
revocation-check none
rsakeypair TP-self-signed-525585330
!
!
crypto pki certificate chain TP-self-signed-525585330
certificate self-signed 01
  3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 35323535 38353333 30301E17 0D393330 33303130 30303034
  365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4363 72746966 69636174 652D3532 35353835
  33333020 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  9DD3F71D 66FBCBCA 77E853E1 641EB2BE 4A6D97A7 8169081D 8423A7F7 FA3CEF93
  256CE7FC DA15A0DD 8042E40D D90D1DD4 AC666956 533D7B83 5F32D9FD 585F1278
  1718C435 78FE255F CCEE3005 B4422AAA B1AC8317 15BC1BDF 99ECF344 96D69FFD
  EF7CBAC4 94CFD8E9 35A166F4 3B223A84 EDD7642E 0191DCFD 775B8D31 84F7612F
  02030100 01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D
  11041B30 19821763 6973636F 3836312E 796F7572 646F6D61 696E2E63 6F6D301F
  0603551D 23041830 16801471 9DE4ECA9 60650E3F EDA2A0E1 70881C03 964D0830
  1D060355 1D0E0416 0414719D E4ECA060 650E3FED A2A0E170 881C0396 4D08300D
  06092A86 4886F70D 01010405 00038181 00300F37 1DE53839 D5161E12 1B973CAF
  1543141D 77C6B1F7 B8C25FD9 C11D2724 5840F1AF 260B2C44 2367171A D155254A
  7563F1FC ACFE1A85 879D7E56 0DE86DDD 6050D9B2 6CE318B8 CDB31C79 61FC4DC9
  DA080F14 5123D58B 9B47A66A 1DFD173F E5FF8924 B75A2535 2C2F0575 5E665E61
  4D099519 4C7A1875 E979C4B8 C5E64B53 28
   quit
ip source-route
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
   import all
   network 10.10.10.0 255.255.255.248
   default-router 10.10.10.1
   lease 0 2
!
!
ip cef
no ip domain lookup
ip domain name yourdomain.com
!
!
license udi pid CISCO861-K9 sn FTX151500JL
!
!
username admin privilege 15 secret 5 $1$T0..$OCK4MPkiofZWFy.h43X0k1
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address 99.999.999.99 255.255.255.252
duplex auto
speed auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 172.30.254.240 255.255.0.0
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
access-list 23 permit 10.10.10.0 0.0.0.7
no cdp run

!
control-plane
!
alias exec sr show run
alias exec s show ip int br
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE 
PUBLICLY-KNOWN CREDENTIALS

Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
exec-timeout 0 0
logging synchronous
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end

cisco861#

OLD ROUTER

show running-config
Building configuration...

Current configuration : 3810 bytes
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname nmm831
!
logging monitor errors
enable secret 5 FAKECHARACTERS
enable password FAKECHARACTERS
!
username admin privilege 15 secret 5 FAKECHARACTERS
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no aaa new-model
ip subnet-zero
no ip domain lookup
!
!
ip cef
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
description Internal Lan$ETH-LAN$$FW_INSIDE$
ip address 172.30.254.240 255.255.0.0
ip access-group 104 in
ip access-group sdm_ethernet0_out out
ip nat inside
!
interface Ethernet1
description ISP$FW_OUTSIDE$
ip address 99.999.999.99 255.255.255.252
ip access-group 105 in
ip access-group sdm_ethernet1_out out
ip verify unicast reverse-path
ip nat outside
duplex auto
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet4
no ip address
shutdown
duplex auto
speed auto
!
ip nat inside source list 100 interface Ethernet1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 99.999.999.98 permanent
ip route 10.4.2.0 255.255.255.0 172.30.254.3
ip route 172.29.0.0 255.255.0.0 172.30.254.254 permanent
ip route 172.31.0.0 255.255.0.0 172.30.254.252 permanent
ip http server
ip http authentication local
ip http secure-server
!
!
ip access-list extended sdm_ethernet0_out
remark SDM_ACL Category=1
permit ip any any
ip access-list extended sdm_ethernet1_out
remark SDM_ACL Category=1
permit ip any any
logging facility local1
logging 172.30.1.3
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip 96.56.206.0 0.0.0.7 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 deny   ip 172.29.254.0 0.0.0.255 any
access-list 101 permit icmp any host 96.56.206.2 echo-reply
access-list 101 permit icmp any host 96.56.206.2 time-exceeded
access-list 101 permit icmp any host 96.56.206.2 unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any log
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip any any
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 deny   ip any any log
access-list 104 remark auto generated by SDM firewall configuration
access-list 104 remark SDM_ACL Category=1
access-list 104 deny   ip 99.999.999.97 0.0.0.3 any
access-list 104 deny   ip host 255.255.255.255 any
access-list 104 deny   ip 127.0.0.0 0.255.255.255 any
access-list 104 permit ip any any
access-list 105 remark auto generated by SDM firewall configuration
access-list 105 remark SDM_ACL Category=1
access-list 105 permit icmp any any
access-list 105 permit ip any any
access-list 105 deny   ip any any log
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
password FAKECHARACTERS
login local
transport input telnet ssh
!
scheduler max-task-time 5000
!
end

nmm831#

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
j.martinezh Sun, 02/19/2012 - 18:44

hi dude, what is the problem ? What do you want to do ?

Sent from Cisco Technical Support iPad App

itsmetaso Sun, 02/19/2012 - 22:00

When I plugged in the new router my internet doesnt work.  I issued the reload command to reboot after i finished the config and it still didnt work.

NkiwaneMG Sun, 02/19/2012 - 22:36

First, what kind of router is this?

Some routers have specified interfaces for the WAN and for the LAN and the LAN interfaces will not work for WAN.

brunhuber_adrian Mon, 02/20/2012 - 07:58

Please check the NAT

You need to implement NAT

conf t

interface FastEthernet4

ip nat outside

interface ethernet 0

ip nat inside

ip nat inside source list 100 interface fast 4 overload

# create acl for NAT

conf t

access-list 100 permit ip 172.30.254.240 0.0.255.255 any

configure the default route

ip route 0.0.0.0 0.0.0.0 99.999.999.98  (your default gateway).

Hope this helps .

itsmetaso Mon, 02/20/2012 - 11:51

thanks.

for the ip nat inside command i do not have an interface ethernet 0.  do i just use fast ethernet 0?  the router wouldn't let me assign an ip address initially to fast ethernet 0 so i assigned it to vlan1.

j.martinezh Mon, 02/20/2012 - 08:08

I agree with Adrian Brunhuber,you have to implement the same NAT rules and ACLs on the new router.

brunhuber_adrian Mon, 02/20/2012 - 12:06

Yes, apply the ip nat inside on the vlan interface. You can also test if nat is working issuing the folosing command
ping 8.8.8.8 source vlan 1  (ping 8.8.8.8 with the source adress of your vlan 1 so you cand verify nat)

itsmetaso Thu, 02/23/2012 - 19:30

I tried the new router today and i got destination host 172.30.254.240 unreachable.  I copied the old config to the new config line by line.  not sure where i'm making the mistake.

itsmetaso Sat, 02/25/2012 - 17:28

thanks

sr
Building configuration...

Current configuration : 7564 bytes
!
! Last configuration change at 02:59:29 UTC Thu Mar 4 1993 by admin
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco861
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
memory-size iomem 10
!
crypto pki trustpoint TP-self-signed-535585330
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-535585330
revocation-check none
rsakeypair TP-self-signed-535585330
!
!
crypto pki certificate chain TP-self-signed-535585330
certificate self-signed 01
  3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 35323535 38353333 30301E17 0D393330 33303130 30303034
  365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D3365 72746966 69636174 652D3532 35353835
  33333030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  9DD3F71D 66FBCBCA 77E853E1 641EB2BE 4A6D97A7 8169081D 8423A7F7 FA3CEF93
  256CE7FC DA15A0DD 8042E40D D90s1DD4 AC666956 533D7B83 5F32D9FD 585F1278
  1718C435 78FE255F CCEE3005 B4522AAA B1AC8317 15BC1BDF 99ECF344 96D69FFD
  EF7CBAC4 94CFD8E9 35A166F4 3B223A84 EDD7642E 0191DCFD 775B8D31 84F7612F
  02030100 01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D
  11041B30 19821763 6973636F 3836312E 796F7572 646F6D61 696E2E63 6F6D301F
  0603551D 23041830 16801471 9DE4ECA0 6065033F EDA2A0E1 70881C03 964D0830
  1D060355 1D0E0416 0414719D E4ECA060 650E3FED A2A0E170 881C0396 4D08300D
  06092A86 4886F70D 01010405 00038181 00300F37 1DEf3839 D5161E12 1B973CAF
  1543141D 77C6B1F7 B8C25FD9 C11D2724 5840F1AF 260B2C44 2367171A D155254A
  7563F1FC ACFE1A85 879D7E56 0DE86DDD 6050D9B2 6CE318B8 CDB31C79 61FC4DC9
  DA080F14 5123D58B 9B47A66A 1DFD173F E5FF8924 B75A2535 2C2F0575 5E665E61
  4D099519 4C7A1875 E979C4B8 C5E64B53 28
   quit
ip source-route
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
   import all
   network 10.10.10.0 255.255.255.248
   default-router 10.10.10.1
   lease 0 2
!
!
ip cef
no ip domain lookup
ip domain name yourdomain.com
!
!
license udi pid CISCO861-K9 sn FTX151500JL
!
!
username admin privilege 15 secret 5 $1$T0..$OCxxxxxxxxxfZWFy.h43X0k1
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address 99.999.999.99 255.255.255.252
ip access-group 105 in
ip access-group sdm_ethernet1_out out
ip verify unicast reverse-path
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 172.30.254.240 255.255.0.0
ip access-group 104 in
ip access-group sdm_ethernet0_out out
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 100 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 99.999.999.98 permanent
ip route 10.4.2.0 255.255.255.0 172.30.254.3
ip route 172.29.0.0 255.255.0.0 172.30.254.254 permanent
ip route 172.31.0.0 255.255.0.0 172.30.254.252 permanent
!
ip access-list extended sdm_ethernet0_out
remark SDM_ACL Category=1
permit ip any any
ip access-list extended sdm_ethernet1_out
remark SDM_ACL Category=1
permit ip any any
!
logging facility local1
logging 172.30.1.3
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip 96.56.206.0 0.0.0.7 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 deny   ip 172.29.254.0 0.0.0.255 any
access-list 101 permit icmp any host 96.56.206.2 echo-reply
access-list 101 permit icmp any host 96.56.206.2 time-exceeded
access-list 101 permit icmp any host 96.56.206.2 unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any log
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip any any
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 deny   ip any any log
access-list 104 remark auto generated by SDM firewall configuration
access-list 104 remark SDM_ACL Category=1
access-list 104 deny   ip 99.999.999.97 0.0.0.3 any
access-list 104 deny   ip host 255.255.255.255 any
access-list 104 deny   ip 127.0.0.0 0.255.255.255 any
access-list 104 permit ip any any
access-list 105 remark auto generated by SDM firewall configuration
access-list 105 remark SDM_ACL Category=1
access-list 105 permit icmp any any
access-list 105 permit ip any any
access-list 105 deny   ip any any log
no cdp run

!
control-plane
!
alias exec sr show run
alias exec s show ip int br
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username privilege 15 secret 0

Replace and with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE 
PUBLICLY-KNOWN CREDENTIALS

Here are the Cisco IOS commands.

username   privilege 15 secret 0
no username cisco

Replace and with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
exec-timeout 0 0
logging synchronous
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end

cisco861#

jdance@greenwich.com Sat, 02/25/2012 - 17:55

On the router enable "debug ip nat" and try browse something.  Do you get any output from the debug logging?

viswamin Sun, 02/26/2012 - 04:48

Just curious.

I hope the interface fa4 is connected to the outside world. But is the IP configured correctly?? or is it just a typo??

interface FastEthernet4

ip address 99.999.999.99 255.255.255.252

ip access-group 105 in

ip access-group sdm_ethernet1_out out

ip verify unicast reverse-path

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

-Vijay

itsmetaso Tue, 02/28/2012 - 07:06

I purposefully put all 9's to cover my ip address. I put 99.999.999.98 for one of the ip route statements b/c the original config has my current ip address -1 and 99.999.999.97 for one of the remark statements b/c on the orignal it has my ip-2

itsmetaso Tue, 02/28/2012 - 07:03

I haven't tried it yet.  I have users who are here real early and some who do leave until late and I cant disconnect my current router until the office is empty.  I will probably have to come in on the weekend to try.

jdance@greenwich.com Tue, 02/28/2012 - 07:12

You don't have to have an internet connection to try it, just connect a host to FA0 - FA3 and configure a valid ip address, make sure the port you connect to is on vlan 1, enable the debug, and attempt to ping something on the outside.  The debug should hopefully show nat translations taking place, even though the ping will be unsuccessful.

itsmetaso Thu, 03/01/2012 - 14:27

I see on the consol IP NAT Debugging is on.  I pinged yahoo.com and I didnt see anything else after IP NAT Debugging is on

jdance@greenwich.com Thu, 03/01/2012 - 19:26

Ok.  I don't see some of the basics in the rest of this conversation so lets start with them.

What is the IP address, subnet mask, and default gateway of the PC connected to FA0-FA3?

From that PC, can you ping 172.30.254.240?

-Jason

itsmetaso Fri, 03/02/2012 - 06:46

From that pc i can't ping 172.30.254.240 i get request timed out.

PC is using:

IP -> 172.30.4.21

Subnet mask -> 255.255.255.0

Default Gateway -> 172.30.254.3

NkiwaneMG Fri, 03/02/2012 - 06:53

How come your Default Gateway and the PC ip are in different subnets?

Maybe you should change your subnet mask ont he PC to 255.255.0.0

jdance@greenwich.com Fri, 03/02/2012 - 06:58

According to the config you posted, you will need to set your PC details to:

IP -> 172.30.4.21

Subnet mask -> 255.255.0.0 <=CHANGED!

Default Gateway -> 172.30.254.240 <=CHANGED!

Please make these changes on the PC, verify that you can ping 172.30.254.240, and then repeat the debug nat + ping outside host test.

-Jason

itsmetaso Fri, 03/02/2012 - 08:37

I am now getting Reply from 172.30.254.240: Destination host unreachable. This is the same message i got when i temporarily swapped the new router in. On my office pc my current ipconfig shows:

default gateway: 172.30.254.3

subnet mask: 255.255.0.0

I'm gonna do a new show running config on my current 831 router not sure why the gateway doesnt match

itsmetaso Fri, 03/02/2012 - 11:34

When I ping 172.30.254.240 from my office computer I get a response.  I think that is the ip address of the switch that my current router is connected to. the description reads: description Internal Lan$ETH-LAN$$FW_INSIDE$

from the running config. 

jdance@greenwich.com Fri, 03/02/2012 - 11:40

Correct.  The default gateway on your office PC is set to 172.30.254.240, correct?

If so, thats what you need to change the default gateway on the PC connected to the new router.  Don't forget to correct the subnet mask on this computer also, it needs to match the mask assigned to vlan 1 on the new router.

jdance@greenwich.com Fri, 03/02/2012 - 12:37

That diagram helps a lot!

1. Connect a PC to FA0 on the new router.

2. Change its IP, subnet mask and gateway on that PC to

     IP -> 172.30.4.21

     Subnet mask -> 255.255.0.0

     Default Gateway -> 172.30.254.240

3. Successfully ping 172.30.254.240

4. Connect to the router from a PC using a Cisco serial cable onto the console port and launch a terminal session.  If this is not available and you are using telnet or ssh to enter commands, make sure you enable "terminal monitor" at the # prompt.

5. Type this command on the new router at the # prompt: "debut ip nat"

6. Ping 8.8.8.8 from the PC. 

Do you get any output on the terminal/telnet/ssh session?  If not, which step do you get to?

-Jason

itsmetaso Fri, 03/02/2012 - 12:47

I will try but for step 4 am I using my current router and how do i disable the debug ip nat once done?

itsmetaso Fri, 03/02/2012 - 12:55

I wasn't just wanted to make sure I understood all will be done on the new router will try it now.

itsmetaso Fri, 03/02/2012 - 13:08

Got up to the final step I did the ping 8.8.8.8 from the pc and it replied back destination host unreachable.  I did not get output on the hyperterminal window just reads IP NAT debugging is on

jdance@greenwich.com Mon, 03/05/2012 - 19:06

I'm not 100% sure about this, but I think the outside interface (FA4) might need to be up and online for nat to start working.  Could you please plug FA4 into a small switch or hub so the interface is up?

Also, could you please post the outputs of the following commands?:

show ip interface brief

show ip nat translation

-Jason

itsmetaso Tue, 03/06/2012 - 07:54

I plugged in FA4 into a switch.

cisco861#show ip interface brief
Any interface listed with OK? value "NO" does not have a valid configuration

Interface                  IP-Address      OK? Method Status                Prot
ocol
FastEthernet0              unassigned      YES unset  up                    up

FastEthernet1              unassigned      YES unset  down                  down

FastEthernet2              unassigned      YES unset  down                  down

FastEthernet3              unassigned      YES unset  down                  down

FastEthernet4              99.999.999.99   YES NVRAM  up                    up

NVI0                       unassigned      NO  unset  up                    up

Vlan1                      172.30.254.240  YES NVRAM  up                    up

When I typed show ip nat translation nothing happened.

Tracert 8.8.8.8 gave me the same results as before.

jdance@greenwich.com Thu, 03/08/2012 - 19:56

Ok, perhaps the "ip any any" in access-list 100 is causing the issue.  Lets try this:

access-list 5 permit 172.30.0.0 0.0.255.255

no ip nat inside source list 100 interface FastEthernet4 overload

ip nat inside source list 7 interface FastEthernet4 overload

-Jason

itsmetaso Fri, 03/09/2012 - 12:23

after i put the last line i got:

*Mar 20 23:27:50.725: ipnat_add_dynamic_cfg_common: id 2, flag 5, range 0

*Mar 20 23:27:50.725: id 2, flags 0, domain 0, lookup 0, aclnum 7, aclname 7, ma

pname  idb 0x83EB2B10 *Mar 20 23:27:50.725: ipnat_add_dynamic_cfg_common: id 2, flag 5, range 0
*Mar 20 23:27:50.725: id 2, flags 0, domain 0, lookup 0, aclnum 7, aclname 7, ma
pname  idb 0x83EB2B10

then i pinged 8.8.8.8 and got the same message as before

itsmetaso Thu, 03/15/2012 - 09:05

What if I start from the beginning and copy the running config from the 831 to the 861 you think that would help.  I guess I would have to mod it a bit to change the interface names?

Actions

Login or Register to take actions

This Discussion

Posted February 18, 2012 at 1:46 PM
Stats:
Replies:46 Avg. Rating:
Views:1660 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 14,997
2 8,150
3 7,725
4 7,083
5 6,727
Rank Username Points
175
84
80
59
55