Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Basic Router Configuration - not outside access

              Working on setting up a basic router.  I have looked at may posts this one    

https://supportforums.cisco.com/message/4111294#4111294 seems to be the closest but do not seem to understand all need to get it working.

From router# prompt -  i can ping 8.8.8.8 and I can ping computer (192.168.25.5) on the inside.  But cannot ping from lan (192.168.25.5) to internet. 

Router#ping 8.8.8.8

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 24/27/36 ms

Router#ping 192.168.25.5

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.25.5, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

joes-Mac-mini:~ joewallace$ ping 192.168.25.1

PING 192.168.25.1 (192.168.25.1): 56 data bytes

64 bytes from 192.168.25.1: icmp_seq=0 ttl=255 time=0.511 ms

64 bytes from 192.168.25.1: icmp_seq=1 ttl=255 time=0.725 ms

64 bytes from 192.168.25.1: icmp_seq=2 ttl=255 time=0.529 ms

^C

--- 192.168.25.1 ping statistics ---

3 packets transmitted, 3 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 0.511/0.588/0.725/0.097 ms

joes-Mac-mini:~ joewallace$

joes-Mac-mini:~ joewallace$ ping 8.8.8.8

PING 8.8.8.8 (8.8.8.8): 56 data bytes

Request timeout for icmp_seq 0

Request timeout for icmp_seq 1

Router#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/27/36 ms

-----------------------------------

Current configuration : 1217 bytes

!

! Last configuration change at 19:04:43 UTC Mon Dec 9 2013

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

!

no aaa new-model

!

ip cef

!

!

!

!

!

!

no ipv6 cef

multilink bundle-name authenticated

!

!

!

license udi pid CISCO1921/K9 sn FGL172625ST

!

!

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description Outside World

ip address 192.168.20.18 255.255.255.0

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

description Internal LAN

ip address 192.168.25.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

ip default-gateway 192.168.25.1

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip route 0.0.0.0 0.0.0.0 192.168.20.1

!

!

!

!

control-plane

!

!

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

login

transport input all

!

scheduler allocate 20000 1000

!

end

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions

Re: Basic Router Configuration - not outside access

Joe,

You need to configure nat for your subnet on the lan. You're missing a couple of lines it seems:

access-list 100 permit ip 192.168.25.0 0.0.0.255 any

ip nat inside source list 100 interface g0/0 overload

And you can remove "ip default-gateway 192.168.25.1". It's only used when routing is disabled, and it's not going to be in your case.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
2 REPLIES

Re: Basic Router Configuration - not outside access

Joe,

You need to configure nat for your subnet on the lan. You're missing a couple of lines it seems:

access-list 100 permit ip 192.168.25.0 0.0.0.255 any

ip nat inside source list 100 interface g0/0 overload

And you can remove "ip default-gateway 192.168.25.1". It's only used when routing is disabled, and it's not going to be in your case.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

Re: Basic Router Configuration - not outside access

Here is the working version of the config.  When I was surfing the forum really wished to see the working version.

Current configuration : 1306 bytes

!

! Last configuration change at 19:39:26 UTC Mon Dec 9 2013

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

!

no aaa new-model

!

ip cef

!

!

!

!

!        

!

no ipv6 cef

multilink bundle-name authenticated

!

!

!

license udi pid CISCO1921/K9 sn FGL172625ST

!

!

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description Outside World

ip address 192.168.20.18 255.255.255.0

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

description Internal LAN

ip address 192.168.25.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source list 100 interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 192.168.20.1

!

access-list 100 permit ip 192.168.25.0 0.0.0.255 any

!

!        

!

control-plane

!

!

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

login

transport input all

!

scheduler allocate 20000 1000

!

end

164
Views
0
Helpful
2
Replies
CreatePlease login to create content