Solved: Re: Basic Router Configuration - not outside access

joewalvoxbright · ‎12-09-2013

Working on setting up a basic router. I have looked at may posts this one

https://supportforums.cisco.com/message/4111294#4111294 seems to be the closest but do not seem to understand all need to get it working.

From router# prompt - i can ping 8.8.8.8 and I can ping computer (192.168.25.5) on the inside. But cannot ping from lan (192.168.25.5) to internet.

Router#ping 8.8.8.8

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 24/27/36 ms

Router#ping 192.168.25.5

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.25.5, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

joes-Mac-mini:~ joewallace$ ping 192.168.25.1

PING 192.168.25.1 (192.168.25.1): 56 data bytes

64 bytes from 192.168.25.1: icmp_seq=0 ttl=255 time=0.511 ms

64 bytes from 192.168.25.1: icmp_seq=1 ttl=255 time=0.725 ms

64 bytes from 192.168.25.1: icmp_seq=2 ttl=255 time=0.529 ms

^C

--- 192.168.25.1 ping statistics ---

3 packets transmitted, 3 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 0.511/0.588/0.725/0.097 ms

joes-Mac-mini:~ joewallace$

joes-Mac-mini:~ joewallace$ ping 8.8.8.8

PING 8.8.8.8 (8.8.8.8): 56 data bytes

Request timeout for icmp_seq 0

Request timeout for icmp_seq 1

Router#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/27/36 ms

-----------------------------------

Current configuration : 1217 bytes

!

! Last configuration change at 19:04:43 UTC Mon Dec 9 2013

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

no aaa new-model

!

ip cef

!

no ipv6 cef

multilink bundle-name authenticated

!

license udi pid CISCO1921/K9 sn FGL172625ST

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description Outside World

ip address 192.168.20.18 255.255.255.0

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

description Internal LAN

ip address 192.168.25.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

ip default-gateway 192.168.25.1

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip route 0.0.0.0 0.0.0.0 192.168.20.1

!

control-plane

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

login

transport input all

!

scheduler allocate 20000 1000

!

end

John Blakley · ‎12-09-2013

Joe,

You need to configure nat for your subnet on the lan. You're missing a couple of lines it seems:

access-list 100 permit ip 192.168.25.0 0.0.0.255 any

ip nat inside source list 100 interface g0/0 overload

And you can remove "ip default-gateway 192.168.25.1". It's only used when routing is disabled, and it's not going to be in your case.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

View solution in original post

John Blakley · ‎12-09-2013

Joe,

You need to configure nat for your subnet on the lan. You're missing a couple of lines it seems:

access-list 100 permit ip 192.168.25.0 0.0.0.255 any

ip nat inside source list 100 interface g0/0 overload

And you can remove "ip default-gateway 192.168.25.1". It's only used when routing is disabled, and it's not going to be in your case.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

joewalvoxbright · ‎12-09-2013

Here is the working version of the config. When I was surfing the forum really wished to see the working version.

Current configuration : 1306 bytes

!

! Last configuration change at 19:39:26 UTC Mon Dec 9 2013

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

no aaa new-model

!

ip cef

!

no ipv6 cef

multilink bundle-name authenticated

!

license udi pid CISCO1921/K9 sn FGL172625ST

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description Outside World

ip address 192.168.20.18 255.255.255.0

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

description Internal LAN

ip address 192.168.25.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source list 100 interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 192.168.20.1

!

access-list 100 permit ip 192.168.25.0 0.0.0.255 any

!

control-plane

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

login

transport input all

!

scheduler allocate 20000 1000

!

end