pinging from my computer, i can not ping the dsl router, only 192.168.1.2. nothing past that. So trying i get nothing when i run sh ip nat translation....

I just noticed something, can you do the following for me and test it again:

interface FastEthernet0/0

no ip nat outside

shutdown

interface FastEthernet0/1

no ip nat outside

interface Vlan1

no ip nat inside

interface FastEthernet0/1

ip nat outside

interface Vlan1

ip nat inside

Regards,

jerry

identical results, from the router i can ping out to the web, but it stops at the router, i can not get my PC to get out.

Now just to go a little deeper...

Right now i am running this in a test environment. I have a actiontec router acting as a dsl modem, which ties into my outside network (so that there is no down time during the day) The DHCP server is still on the outside network, the one i want to move this to.

so currently it goes actionte router 192.168.1.1 to my cisco router 172.16.2.1

there is no dhcp server at the moment, i have my computer set staticly with 172.16.2.45. With this kind of setup one would think this shouldn't change the results, or am i incorrect?

to clear it up, think of a network inside a network, just for test.

hopefully that clears this up a little so you see how i have it.

Hi Jared,

It is fine that you give your PC's static IP address, and your default gateway is fine. From what I see so far, if you cannot ping the Internet from your router, where it is not going through the NAT process, you should check if there is return route back to your 192.168.1.x network since you are testing this.

Do you have a quick diagram of your network so far? Some thing like this will help me

Internet <-> R1 <-> R2 ...

Regards,

jerry

in the end, i want this

http://forums.coloradoracing.net/uploads//post-34-1250517696.jpg

currently thats how its setup, but the router is the linksys.

so i have another router behind all of that, (actiontec router) then i have the cisco router plugged into that. this is just for test, until i can get the cisco router working correctly

Hi Jared,

This is what my understanding of your network is at this point, of course, for testing

Internet <-> DSL_MODEM <-> R1 <-> R2 <-> CISCO_ROUTER <-> PC

I am assuming you are doing NAT at R1 and R2, can you verify it? The reason I am asking is if R2 is not doing NAT, then your R1 need to point a route of 192.168.1.0/24 to R2, and R2 need to point a default route to R1. I am assuming you don't have routing protocol running.

Regards,

jerry

Jerry,

What i think might be my issue, and im not 100% sure but im thinking something with routeing with in the cisco router.

If i plug my laptop into the R2 and get an ip address from the dhcp, i can access the internet with no problems.

once i plug back into the cisco router i lose internet connectivity. Either i do not have the ip addressing setup correctly on the cisco, or something to do with routing from vlan1 to f0/1.

any ideas?

here is the current config as it stands

clock timezone MTN -7

clock summer-time MDT recurring

!

!

!

!

ip cef

no ip domain lookup

multilink bundle-name authenticated

!

!

archive

log config

hidekeys

!

!

!

!

!

interface FastEthernet0/1/0

no cdp enable

!

interface FastEthernet0/1/1

no cdp enable

!

interface FastEthernet0/1/2

no cdp enable

!

interface FastEthernet0/1/3

no cdp enable

!

interface Cable-Modem0/0/0

no ip address

shutdown

no cdp enable

!

interface FastEthernet0/0

no ip address

ip virtual-reassembly

shutdown

duplex auto

speed auto

no cdp enable

!

interface FastEthernet0/1

ip address 192.168.1.2 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

no cdp enable

!

interface Vlan1

ip address 172.16.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly

no mop enabled

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 192.168.1.1

!

!

ip http server

ip nat inside source list 7 interface FastEthernet0/1 overload

!

access-list 7 permit 172.16.2.0 0.0.0.255 log

snmp-server community public RO

!

!

control-plane

!

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

password passwordv

login

!

scheduler allocate 20000 1000

no process cpu extended

no process cpu autoprofile hog

end

Hi Jared,

Can you plug-in your PC into R2 and post the output of ipconfig /all

Regards,

jerry

Jerry,

I've seen you have suggested configuring the default route as

ip route 0.0.0.0 0.0.0.0 f0/1

I would personally avoid configuring routes using only the next-hop interface, if the interface is a multiaccess-type of network like Ethernet here. Configuring the default route like this makes it essentially behave as directly connected network on Fa0/1, resulting in huge ARP traffic for each and every destination IP address of an outgoing packet and large ARP cache. Most importantly, for this route to work, the next router must be running Proxy ARP. If it does not then no ARP replies will be sent, resulting in dropped packets with "encapsulation failed" error in debugs.

This is my personal opinion but please feel free to discuss it!

Best regards,

Peter

Hi Peter,

I am totally agree with your on the default to the next-hop IP instead of interface. I first thought that it is DHCP (read the post in a fly), where the only way to configure a default route is point it to the outgoing interface. Like my home Cable Modem configuration =).

Regards,

jerry

Jerry,

here is the information you requested.

When i plug into R2, here is the information returned by ipconfig /all

ip 192.168.1.3

mask 255.255.255.0

default gateway 192.168.1.1

dhcp server 192.168.1.1

dns servers 192.168.1.1

people who i have shown the config say it should be working, so i guess im just stuck geting my pc to talk outside the cisco router.

I turned on dhcp on it to see if that might have been the problem, and it was not.

i know im missing something, just cant seem to see it...

Hello Jared, Jerry,

I am thinking of one more possibility: maybe the Cisco router needs to obtain its IP address from DHCP, otherwise by whatever security measures, it will be denied access to network (something similar to IP Source Guard).

Jared, can you try to modify your configuration so that your Cisco router tries to obtain its IP configuration via DHCP instead of having it configured statically? You may directly paste the following commands to your configuration.

no ip route 0.0.0.0 0.0.0.0 192.168.1.1

interface Fa0/1

no ip address

ip address dhcp

Please note that I have also suggested removing the default route. The default route will be provided by the DHCP alone - no extra command is necessary for that.

If possible, give it a try and let us know if it worked. Also, if it did not, please include the output of the following commands:

show ip route

show ip int brief

show run int fa0/1

show ip nat translation

show access-list

Thanks!

Best regards,

Peter

Peter,

It pulled an ip address of 192.168.1.4

but i am still unable to get outside on my laptop, it dies at 192.168.1.1 i can not ping it.

here is my findings

qwest-net-rtr#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

172.16.0.0/24 is subnetted, 1 subnets

C 172.16.2.0 is directly connected, Vlan1

C 192.168.1.0/24 is directly connected, FastEthernet0/1

S* 0.0.0.0/0 [254/0] via 192.168.1.1

qwest-net-rtr#sh ip int b

Interface IP-Address OK? Method Status Protocol

FastEthernet0/1/0 unassigned YES unset up down

FastEthernet0/1/1 unassigned YES unset up up

FastEthernet0/1/2 unassigned YES unset down down

FastEthernet0/1/3 unassigned YES unset up down

Cable-Modem0/0/0 unassigned YES NVRAM administratively down down

FastEthernet0/0 unassigned YES manual administratively down down

FastEthernet0/1 192.168.1.4 YES DHCP up up

Vlan1 172.16.2.1 YES manual up up

NVI0 unassigned NO unset up up

qwest-net-rtr#sh run int fa0/1

Building configuration...

Current configuration : 129 bytes

!

interface FastEthernet0/1

ip address dhcp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

no cdp enable

end

nothing shows for sh ip nat trans

west-net-rtr#show access-list

Standard IP access list 7

10 permit 172.16.2.0, wildcard bits 0.0.0.255 log (77 matches)

also here sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

172.16.0.0/24 is subnetted, 1 subnets

C 172.16.2.0 is directly connected, Vlan1

C 192.168.1.0/24 is directly connected, FastEthernet0/1

S* 0.0.0.0/0 [254/0] via 192.168.1.1