Please help with NAT for cisco 2621 1

[cisco99999]

Hi guys,

I have a cisco 2621 and my goal is trying to get it to work for my small simple home network so all computers behind router can get on internet but it doesn't work like the way i want. I also have a static public ips. Here is my map network:

Internet -->modem-->cisco 2621-->switch-->computers

I can ping yahoo, google from my router:
============
Router#ping gmail.com

Translating "gmail.com"...domain server (255.255.255.255) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 64.233.161.83, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 56/62/80 ms
============


But still can't get my computer behind this router to go online. my computer is getting local ip just fine and here is ipconfig /all of my computer:

=============
Physical Address. . . . . . . . . : 00-1D-33-87-68-60
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 10.10.0.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.0.1
DHCP Server . . . . . . . . . . . : 10.10.0.1
DNS Servers . . . . . . . . . . . : 209.98.98.98
208.42.42.42
==============

I can ping my cisco router from computer just fine and vice versa.


Here is my running-config of my router:
==============
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 10.10.0.1 10.10.0.3
!
ip dhcp pool mypool
network 10.10.0.0 255.255.255.0
dns-server 209.98.98.98 208.42.42.42
default-router 10.10.0.1
lease 7
!
!
interface FastEthernet0/0
ip address 209.98.109.69 255.255.255.192
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.10.0.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!

ip nat inside source list 7 pool no-overload
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 209.98.109.75
!
!
access-list 7 permit 10.0.0.0 0.0.0.104
access-list 101 permit tcp 10.10.0.0 0.0.0.255 any eq www
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

==============


Sorry for the long post but feel free to correct my running-config if it's wrong. Thanks.

 

[Minue]

Hi
It's your access-list that is killing the connection.Try turning it off for troubleshooting,and see how it goes!
If that's the problem,then you must add:

"access-list 101 permit udp any any"

To be more precise that would be eq "DNS" for the name resolution.

Regards

 

[cisco99999]

I took off all access-list and try it but my computer still doesn't work. I also add "access-list 101 permit udp any any" but still no result either.

 

[burtsbees]

no ip nat inside source list 7 pool no-overload
no access-list 7
access-list 111 permit ip 10.10.0.0 0.0.0.255 any
ip nat inside source list 111 int fa0/0 overload

You will not get out to the internet without specifying an IP address or an interface in your NAT statement.

Also, is the MODEM in bridge mode?

Burt

 

[cisco99999]

Thanks for the hints, it works now.

I believe the MODEM is in bridge mode. It's forwarding the public static IPs.

By the way, I don't really understand those 2 lines:

access-list 111 permit ip 10.10.0.0 0.0.0.255 any
ip nat inside source list 111 int fa0/0 overload

And what is different between 'ip nat inside source list 1 int fa0/0 overload' and 'ip nat inside source list 111 int fa0/0 overload' ?

Thanks alot

 

[burtsbees]

Well...
"ip nat inside source list 1 int fa0/0 overload" will NAT the address pool defined in acl 1, and
"ip nat inside source list 111 int fa0/0 overload" will NAT the addresses defined in acl 111.

Burt