I agree with John that a standard access list is better for NAT here. It accomplishes what you need since all that you are checking is the source address.

I believe that the major issue is that I do not see a default route in the config. Perhaps something like this

ip route 0.0.0.0 0.0.0.0 dhcp

There are a couple of things that I might want to clean up, such as why you are disabling cef, the ip NAT pool that you configure but do not use, and access list 100 and dialer list that are not used. But the big issue is the routing issue.

HTH

Rick

hi rick,

i'm not sure if the static route with dhcp as next-hop would be necessary.

the import all on the DHCP config would usually takes care of this.

I will definitely try both of your solutions later today after classes end. Thanks for the input, guys!

John makes an interesting comment about the import all. I wonder if that is sufficient? I see where that helps the clients but was not clear that it would help the router itself. Would the original poster give us the output of show ip route from the router? And tell us if the import all is sufficient to generate a default route for the router?

HTH

Rick

It looks to me like Import all imports optional parameters from the DHCP server. If, the ISP DHCP server is not passing a static default route, then the router will have no routing table except for connected, and will not be able to get any futher than the connected networks.

I think ip route 0.0.0.0 0.0.0.0 dhcp may fix it.

Hi Richard,

As requested, here is a copy of the results of show ip route after connecting to the modem:

Network#sh ip route
Default gateway is 98.202.230.1

Host               Gateway           Last Use    Total Uses  Interface
ICMP redirect cache is empty

I managed to find time to try both ip route 192.168.100.0 0.0.0.255 dchp as well as removing access list 101 and replacing it with a standard access list.

Unfortunately, I still cannot get internet access. Windows Network center is reporting that the network is unidentified and that there is no network access. I am however, able to ping the router's FastEthernet0/1 interface and the computer did lease an IP address from its server.

Could I bother for you to elaborate on what you meant by:

There are a couple of things that I might want to clean up, such as why you are disabling cef, the ip NAT pool that you configure but do not use, and access list 100 and dialer list that are not used. But the big issue is the routing issue.

Thanks for your help and time.

John

hi,

it should be ip route 0.0.0.0 0.0.0.0 dchp and NOT ip route 192.168.100.0 0.0.0.255 dchp.

could you post show ip route and show run from your 2811?

can you ping 8.8.8.8 from the router?

The output of show ip route was very interesting and helpful. When I read the config a bit more carefully I found this which is the real cause of the problem.

no ip routing

With ip routing disabled the router can not forward traffic from your PC. Enable ip routing and it probably will work. If you still have problems with access to internet then post back with fresh output of show ip route.

If you want to find out more about the other aspects of the configuration we can certainly do that. But first lets make sure that we have solved the routing problem.

HTH

Rick

good one rick!

Sorry, I did actually do ip route 0.0.0.0 0.0.0.0 dhcp I just typed the wrong command into the reply. I'll definitely post my current config again later today as well as ping 8.8.8.8. Thank you.

To Richard:

I will enable ip routing. The command is ip routing correct?

And thanks for your help, I look forward to learning more about the configuration.

John

John

Yes the command is ip routing

HTH

Rick

Hi Richard,

I've set ip routing on the router, here are the results of sh ip route after doing so:

Network#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 98.202.230.1 to network 0.0.0.0

     69.0.0.0/32 is subnetted, 1 subnets
S       69.252.216.134 [254/0] via 98.202.230.1, FastEthernet0/0
     98.0.0.0/23 is subnetted, 1 subnets
C       98.202.230.0 is directly connected, FastEthernet0/0
C    192.168.100.0/24 is directly connected, FastEthernet0/1
S*   0.0.0.0/0 [1/0] via 98.202.230.1
Network#

It looks much more correct this way, however, I still have no access to the internet.

For John, here are the results of ping 8.8.8.8:

Network#ping 8.8.8.8

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/51/52 ms
Network#

Everything seems to be fine.

And as requested, here is the current configuration:

---------------------Begin Configuration---------------------

Building configuration...

Current configuration : 2368 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Network
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096
logging console critical
enable secret 5 $1$4FJS$RQUEiWuTaMOAGhVx1O1Du0
enable password 7 046F03070C291D175F40
!
aaa new-model
!
!
aaa authentication login local_auth local
!
!
aaa session-id common
dot11 syslog
no ip source-route
no ip gratuitous-arps
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.100.1
!
ip dhcp pool Network
   import all
   network 192.168.100.0 255.255.255.0
   lease 7
!
!
no ip bootp server
ip domain name Network
login block-for 5 attempts 5 within 1
!
multilink bundle-name authenticated
!
!
voice-card 0
 no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username Admin password 7 1526035D5D7C72252B3B
archive
 log config
  hidekeys
! 
!
!
!
!
!
!
!
interface FastEthernet0/0
 description $ETH-WAN$
 ip address dhcp client-id FastEthernet0/0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 duplex full
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 ip address 192.168.100.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 duplex full
 speed auto
 no mop enabled
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 dhcp
!
!
ip http server
no ip http secure-server
ip nat pool Network 192.168.100.1 192.168.100.254 netmask 255.255.255.0
ip nat inside source list 10 interface FastEthernet0/0 overload
!
!
logging trap debugging
logging facility local2
access-list 10 permit 192.168.100.0 0.0.0.255
access-list 100 permit udp any any eq bootpc
dialer-list 1 protocol ip permit
snmp-server community public RO
no cdp run
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
banner motd ^C Welcome! ^C
!
line con 0
 login authentication local_auth
 transport output telnet
line aux 0
 exec-timeout 15 0
 login authentication local_auth
 transport output telnet
line vty 0 4
 password 7 107D0C1A10051B1F15
 login authentication local_auth
 transport input telnet
!
scheduler allocate 20000 1000
!
end

--------------------End Configuration-------------

What do you guys think? Thanks for all the help so far.

Note: I still have the original configuration on hand if we need to revert. Thanks again.

-John

hi,

your routing table and ping looks good.

add this to your DHCP pool:

ip dhcp pool Network

default-router 192.168.100.1

could you try with a PC behind the router or a LAN switch with the auto obtain IP set? issue an ipconfig /all from DOS prompt and make sure you've got a DNS. if you don't, add dns-server 8.8.8.8 on your DHCP pool.