12-09-2013 11:27 AM - edited 03-04-2019 09:48 PM
Working on setting up a basic router. I have looked at may posts this one
https://supportforums.cisco.com/message/4111294#4111294 seems to be the closest but do not seem to understand all need to get it working.
From router# prompt - i can ping 8.8.8.8 and I can ping computer (192.168.25.5) on the inside. But cannot ping from lan (192.168.25.5) to internet.
Router#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/27/36 ms
Router#ping 192.168.25.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.25.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
joes-Mac-mini:~ joewallace$ ping 192.168.25.1
PING 192.168.25.1 (192.168.25.1): 56 data bytes
64 bytes from 192.168.25.1: icmp_seq=0 ttl=255 time=0.511 ms
64 bytes from 192.168.25.1: icmp_seq=1 ttl=255 time=0.725 ms
64 bytes from 192.168.25.1: icmp_seq=2 ttl=255 time=0.529 ms
^C
--- 192.168.25.1 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.511/0.588/0.725/0.097 ms
joes-Mac-mini:~ joewallace$
joes-Mac-mini:~ joewallace$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Router#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/27/36 ms
-----------------------------------
Current configuration : 1217 bytes
!
! Last configuration change at 19:04:43 UTC Mon Dec 9 2013
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip cef
!
!
!
!
!
!
no ipv6 cef
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FGL172625ST
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description Outside World
ip address 192.168.20.18 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description Internal LAN
ip address 192.168.25.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
ip default-gateway 192.168.25.1
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.20.1
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
!
end
Solved! Go to Solution.
12-09-2013 11:34 AM
Joe,
You need to configure nat for your subnet on the lan. You're missing a couple of lines it seems:
access-list 100 permit ip 192.168.25.0 0.0.0.255 any
ip nat inside source list 100 interface g0/0 overload
And you can remove "ip default-gateway 192.168.25.1". It's only used when routing is disabled, and it's not going to be in your case.
HTH,
John
*** Please rate all useful posts ***
12-09-2013 11:34 AM
Joe,
You need to configure nat for your subnet on the lan. You're missing a couple of lines it seems:
access-list 100 permit ip 192.168.25.0 0.0.0.255 any
ip nat inside source list 100 interface g0/0 overload
And you can remove "ip default-gateway 192.168.25.1". It's only used when routing is disabled, and it's not going to be in your case.
HTH,
John
*** Please rate all useful posts ***
12-09-2013 11:56 AM
Here is the working version of the config. When I was surfing the forum really wished to see the working version.
Current configuration : 1306 bytes
!
! Last configuration change at 19:39:26 UTC Mon Dec 9 2013
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip cef
!
!
!
!
!
!
no ipv6 cef
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FGL172625ST
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description Outside World
ip address 192.168.20.18 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description Internal LAN
ip address 192.168.25.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 100 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.20.1
!
access-list 100 permit ip 192.168.25.0 0.0.0.255 any
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
!
end
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: