router behide ISP

[mrttn]

Hi,

I am trying to config a router that sits behind my ISP.

from the router, I can hit the outside world. however, I can't hit the outside world from LAN side. I also can't hit the LAN (172.16.10.22 a pc that connects to int fas0/1)

I get error when add 0.0.0.0 0.0.0.0 76.185.174.189

76.185.174.189 is the IP picked up from the ISP.

below is the router config.

please help.


Router#sh run
Building configuration...

Current configuration : 1215 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
!
username tam privilege 15 password 0 tam
ip subnet-zero
!
!
ip name-server 4.2.2.2
ip dhcp excluded-address 172.16.10.1 172.16.10.21
!
ip dhcp pool inside
import all
network 172.16.10.0 255.255.255.0
default-router 76.185.174.189
dns-server 209.18.47.61
--More--  !
!
bridge irb
!
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.16.10.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 172.16.20.1 255.255.255.0
ip nat inside
shutdown
duplex auto
speed auto
--More--  !
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto

!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 172.185.160.1
ip http server
ip http authentication local
--More--  !
bridge 1 protocol ieee
!
line con 0
line aux 0
line vty 0 4
privilege level 15
password tam
login
!
end

 

[cisconooblet]

Where is your list 1?

Statement:

ip nat inside source list 1 interface FastEthernet0/0 overload


Where is the access list referenced?




In your default route statement:

I get error when add 0.0.0.0 0.0.0.0 76.185.174.189

Is 76.185.174.189 your next hop address (isp's address) or your router's FE0/0 address? Should be next hop address.

Did you remove the other default route? (172.185.160.1) I don't see it being needed.




Your DHCP pool is wrong:

default-router 76.185.174.189

should be : default-router 172.16.10.1



CCNA, BCNE, Security+, Network +

 

[mrttn]

I can remove ip nat inside source list 1 interface FastEthernet0/0 overload and worry about access-list later.

76.185.174.189 is the ip got from isp. If I were to connect my pc directly to the ips router (bypass my router) i get 76.185.174.189/19 and gateway is 76.185.x.x

76.185.174.189 is the ip of fa0/0.

correction ... I get error when add 0.0.0.0 0.0.0.0 76.185.174.189 (the correct ip was 76.185.x.x ...this is the isp gateway ip) the error was something about invalid hop)

I thought the gateway for my pc is the isp's ip.... no?

if change my dhcp pool default router to 172.16.10.1 (which how i had it initially and didn't work) how would the router know (hop) from 172.16.10.1 to 76.185.x.x (ips gateway) ? thanks

 

[dgrizzard]

1) Your ip route command should be:
ip route 0.0.0.0 0.0.0.0 <IP address of ISP gateway>

2) The default-router command is what your router is telling your PCs to set as their gateway, this should be YOUR router not the ISP. When traffic hits your router from a PC bound for the internet it will use the above ip route command to forward the traffic on to your ISP.

3) when you say "add 0.0.0.0 0.0.0.0 76.185.174.189" are you typing this into the router? This would not be a valid command.

 

[dgrizzard]

4) You need to have NAT setup or your PCs will not get out to the internet.Just create an access list like below...

access-list 10 permit 172.16.20.0 0.0.0.255

That should make your NAT work now.

 

[dgrizzard]

Oops, just change access-list 10 to access-list 1 otherwise change your nat command to look at list 10.

 

[cisconooblet]

I thought the gateway for my pc is the isp's ip.... no?

No. The gateway for your pc is the router lan interface.



if change my dhcp pool default router to 172.16.10.1 (which how i had it initially and didn't work) how would the router know (hop) from 172.16.10.1 to 76.185.x.x (ips gateway) ? thanks

172.16.10.0 is directly connected.
76.185.x.x is directly connected.
It knows the way out because your default route tells it the next hop. ip route 0.0.0.0 0.0.0.0 "isp ip address here"



I can remove ip nat inside source list 1 interface FastEthernet0/0 overload and worry about access-list later.

Just create your access list 1


CCNA, BCNE, Security+, Network +

 

[mrttn]

thanks for all the responses.

i'll try them out tonight and update the outcome.

 

[mrttn]

it's working and blow is the config.

one thing though, I get error when do --ip route 0.0.0.0 0.0.0.0 76.185.174.189 (isp ip) the error said invalid hop and the ip is this router.

thanks all for helping.


!
ip name-server 4.2.2.2
ip dhcp excluded-address 172.16.10.1 172.16.10.21
!
ip dhcp pool inside
import all
network 172.16.10.0 255.255.255.0
default-router 172.16.10.1
dns-server 209.18.47.61
!
!
bridge irb
!
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.16.10.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet1/0
ip address 172.16.20.1 255.255.255.0
ip nat inside
shutdown
duplex auto
speed auto
!
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
!
ring-speed 16
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 172.185.160.1
ip http server
ip http authentication local
!
access-list 1 permit 172.16.0.0 0.0.255.255
bridge 1 protocol ieee
!
line con 0
line aux 0
line vty 0 4
privilege level 15
password 7 <removed>
!
end

 

[mrttn]

1 more thing....

here's what my ip address and gateway

ipv4 172.16.10.22
mask 255.255.255.0
default gateway 76.185.160.1 <<<<<------------ so it's using the gateway if the isp.

 

[cisconooblet]

show ip route" please

CCNA, BCNE, Security+, Network +

 

[dgrizzard]

If your ISP gateway is the .1 then your command would be...

ip route 0.0.0.0 0.0.0.0 76.185.174.1