i have an 2600 which a want to use for internet access. I'm so far that i can ping everything from the router it's self but behind my lan i'm not able. The only thing i can ping from my lan is the other network in my lan, my lan default gateway and the ip address my wan interface gets from dhcp.
When i want to ping my wan gateway, mine lan gateway shows up with the notification that the host is unreachable
below is my config:
Current configuration : 979 bytes
service timestamps debug datetime msec
service timestamps log datetime msec
logging queue-limit 100
enable secret xxx
ip name-server 62.xxx.xxx.xxx
description ***** INTERFACE TO INTERNET *****
ip address dhcp
ip nat outside
no ip address
description ***** INTERFACE TO LAN NETWORK *****
ip address 192.168.2.1 255.255.255.0
ip access-group 1 out
ip nat inside
ip nat inside source list 1 interface FastEthernet0/0 overload
no ip http server
ip route 0.0.0.0 0.0.x.x.83.77.1
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 101 permit icmp any any
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
this is a debug ip packet output
NL-RDAM-NRD#debug ip pack
IP packet debugging is on
*Mar 1 01:16:16.243: IP: s=10.8.128.1 (FastEthernet0/0), d=255.255.255.255, len
372, rcvd 2
*Mar 1 01:16:16.379: IP: s=10.8.128.1 (FastEthernet0/0), d=255.255.255.255, len
348, rcvd 2
*Mar 1 01:16:16.383: IP: s=10.8.128.1 (FastEthernet0/0), d=255.255.255.255, len
348, rcvd 2
*Mar 1 01:16:16.515: IP: s=10.8.128.1 (FastEthernet0/0), d=255.255.255.255, len
348, rcvd 2
*Mar 1 01:16:18.327: IP: s=10.8.128.1 (FastEthernet0/0), d=255.255.255.255, len
372, rcvd 2
*Mar 1 01:16:18.879: IP: tableid=0, s=192.168.2.5 (FastEthernet0/1), d=212.83.7
7.1 (FastEthernet0/0), routed via RIB
*Mar 1 01:16:18.879: IP: s=184.108.40.206 (FastEthernet0/1), d=220.127.116.11 (Fast
Ethernet0/0), g=18.104.22.168, len 60, forward
*Mar 1 01:16:18.887: IP: tableid=0, s=22.214.171.124 (FastEthernet0/0), d=192.168.
2.5 (FastEthernet0/1), routed via RIB
*Mar 1 01:16:18.887: IP: s=126.96.36.199 (FastEthernet0/0), d=192.168.2.5 (FastEt
hernet0/1), len 60, access denied
*Mar 1 01:16:18.887: IP: tableid=0, s=188.8.131.52 (local), d=184.108.40.206 (Fas
tEthernet0/0), routed via RIB
*Mar 1 01:16:18.887: IP: s=220.127.116.11 (local), d=18.104.22.168 (FastEthernet0/
0), len 56, sending
i've been troubleshooting for three days and i'm stuck..any help would be appreciated
If i remove the ip access group command then the access-list is not valid. How would i specify an allowed network then...Impleting nat requires an access-list which need to bound to an interface in/out.
thx for the advice but i don't think this will help
The ACL 1, on this case, is being used for the NAT source list. You don't need the access-group 1 out under the interface. Please, do as instructed since you are currently blocking any network but the 192.168.2.0/24 network from returning traffic via that interface.
oke guy's thx for the advice i will give it a try tomorrow cause it's 00:28 am over here and i'm going to bed cause the clock will zooming quickly..lol... ill let u guy's if it solves it.
In a friendly manner, I must tell you that you are assuming too many things for a novice. Please listen to those that have experience, it's always a good thing in life. Then, in your own place, try on your own the things they told you, but listen first :)
Edison summarized perfectly your configuration problem. Good night and have fun with your working nat tomorrow :)
i must say u hit the needle at its top.
I'm a bit stubborn and i know its my weakness. Your totally in ur right cause i had to test it before i made my comment, and not to forget that i came here because i can't solve it myself. So bevilacuqa i own u an excuse...
No need to apologize. Happy to have helped and good luck!
Please remember to rate useful posts using the scrollbox below!
Just a curious question on the configuration for the default route, for discussion.
ip route 0.0.0.0 0.0.0.0 22.214.171.124
Since the WAN interface is DHCP. Will this still work if the IP is dynamically changed?
If NO, what would be a good suggestion?
Feel free to discuss.
well the thing is that when the router gets an IP address via DHCP, no static default route is necessary to configure, as one will be installed automatically.
ur adviced indeed solved my problem. So thank u very much. I wanna rate this discuss bute where's the rate option cause u notice the scrollbox below but i don't c it...
a better solution would be:
"ip route 0.0.0.0 0.0.0.0 dhcp"
This will install a default route based on the gateway recieved from the DHCP server.
Actually this command is necessary only if you want change the default metric for a DHCP route.
Without command, DHCP route is installed by default with metric 0.