Hi all
I have a Cisco 831 that im going to use as a firewall (correct k9 software version of course). This is going to be linked to a speedtouch router that belongs to the ISP. The speedtouch is the connected to the ADSL line.
In a normal scenario, the speedtouch (10.0.0.138) gets a DHCP address from the ISP and assigns it to the laptop and away you go. In my setup the speedtouch gets a DHCP and assigns it to the INTERNET (e1) interface of the 831 (10.0.0.X/24) This works.
In my config (below) i assign an IP to interface e0 (192.168.1.254) and this then dishes out a DHCP address to my laptop (192.168.1.X/24) This works.
I have a NAT statement that overloads the 192.168.1.1 or whatever the DHCP address is, behind the e1 interface (10.0.0.X/24). This works.
From the 831 router i can then ping its own e0 interface (192.268.1.254) and the speedtouch router (10.0.0.138)
From the laptop i can ping the 831 e0 interface (192.268.1.254) but i cant ping the speedtouch (10.0.0.138) or the DHCP address the speedtouch has given the INTERNET (e1) interface (10.0.0.x)
I then tried to ping a web address from the laptop, to see if DNS was working. ping bbc.co.uk It resolves the name but no reply. I can see the NAT translations going through if i do "show ip nat trans"
inside global inside local outside local outside global
icmp 10.0.0.2 192.168.1.1 212.58.224.131 212.58.224.131
Im confused as to why this isnt working. its looking like a NAT issue but im not the best with Cisco so any help would be appreciated.
Here is the very basic config.
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
xxxxx
!
no aaa new-model
ip subnet-zero
no ip source-route
ip tcp synwait-time 10
ip domain name lan
ip dhcp excluded-address 192.168.1.254
!
ip dhcp pool CLIENT
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
dns-server 192.168.1.254
lease 0 3
!
!
no ip bootp server
ip cef
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
no crypto isakmp enable
!
!
!
interface Ethernet0
ip address 192.168.1.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
no cdp enable
hold-queue 100 out
!
interface Ethernet1
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
duplex full
no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet1
no ip http server
no ip http secure-server
ip dns server
ip nat inside source list 101 interface Ethernet1 overload
!
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any log
no cdp run
!
control-plane
!
!
line con 0
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
password 7 13021A13085D093927
login
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
!
end
I have a Cisco 831 that im going to use as a firewall (correct k9 software version of course). This is going to be linked to a speedtouch router that belongs to the ISP. The speedtouch is the connected to the ADSL line.
In a normal scenario, the speedtouch (10.0.0.138) gets a DHCP address from the ISP and assigns it to the laptop and away you go. In my setup the speedtouch gets a DHCP and assigns it to the INTERNET (e1) interface of the 831 (10.0.0.X/24) This works.
In my config (below) i assign an IP to interface e0 (192.168.1.254) and this then dishes out a DHCP address to my laptop (192.168.1.X/24) This works.
I have a NAT statement that overloads the 192.168.1.1 or whatever the DHCP address is, behind the e1 interface (10.0.0.X/24). This works.
From the 831 router i can then ping its own e0 interface (192.268.1.254) and the speedtouch router (10.0.0.138)
From the laptop i can ping the 831 e0 interface (192.268.1.254) but i cant ping the speedtouch (10.0.0.138) or the DHCP address the speedtouch has given the INTERNET (e1) interface (10.0.0.x)
I then tried to ping a web address from the laptop, to see if DNS was working. ping bbc.co.uk It resolves the name but no reply. I can see the NAT translations going through if i do "show ip nat trans"
inside global inside local outside local outside global
icmp 10.0.0.2 192.168.1.1 212.58.224.131 212.58.224.131
Im confused as to why this isnt working. its looking like a NAT issue but im not the best with Cisco so any help would be appreciated.
Here is the very basic config.
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
xxxxx
!
no aaa new-model
ip subnet-zero
no ip source-route
ip tcp synwait-time 10
ip domain name lan
ip dhcp excluded-address 192.168.1.254
!
ip dhcp pool CLIENT
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
dns-server 192.168.1.254
lease 0 3
!
!
no ip bootp server
ip cef
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
no crypto isakmp enable
!
!
!
interface Ethernet0
ip address 192.168.1.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
no cdp enable
hold-queue 100 out
!
interface Ethernet1
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
duplex full
no cdp enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet1
no ip http server
no ip http secure-server
ip dns server
ip nat inside source list 101 interface Ethernet1 overload
!
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any log
no cdp run
!
control-plane
!
!
line con 0
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
password 7 13021A13085D093927
login
transport preferred all
transport input all
transport output all
!
scheduler max-task-time 5000
!
end
