not able to access internet through 2811

Unanswered Question
Jul 17th, 2007

on our network there is a soho router which provided by our ISP

and we have Cisco2800 series which is supposed to route us through Soho out to the internet

int fastethernet0/0 our local ip address

int fastethernet0/1 is public ip address

proper nat is configured

and

2 name servers id addresses are added

but still no luck accessing the internet

any clue

any help?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
haifazakr Tue, 07/17/2007 - 04:52

my cisco 2811 configuration is the following

Router#sh run

Building configuration...

Current configuration : 1286 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

no logging buffered

!

no aaa new-model

!

resource policy

!

ip subnet-zero

!

!

ip cef

!

!

ip name-server 192.168.10.244

ip name-server 62.***.***.***

!

!

!

!

interface FastEthernet0/0

description $ETH-LAN$

ip address 192.168.***.*** 255.255.0.0

ip nat inside

duplex auto

speed auto

!

interface FastEthernet0/1

description $ETH-LAN$

ip address 62.***.***.*** 255.255.255.248

ip nat outside

duplex auto

speed auto

!

interface ATM0/0/0

no ip address

shutdown

no atm ilmi-keepalive

dsl equipment-type CPE

dsl operating-mode GSHDSL symmetric annex A

dsl linerate AUTO

!

ip classless

ip route 0.0.0.0 0.0.0.0 62.***.***.*** permanent

!

ip http server

ip http authentication local

ip nat inside source list 2 interface FastEthernet0/0 overload

!

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 62.240.33.0 0.0.0.7

access-list 2 remark SDM_ACL Category=2

access-list 2 permit 192.168.0.0 0.0.255.255

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet

!

scheduler allocate 20000 1000

!

thank you in advance

Jon Marshall Tue, 07/17/2007 - 05:03

Hi

Change

ip nat inside source list 2 interface FastEthernet0/0 overload

to

ip nat inside source list 2 interface FastEthernet0/1 overload

HTH

Jon

haifazakr Tue, 07/17/2007 - 05:12

dear jon

:D

you are the best

thank you

tiny one

the internet accessing is a bit slow how to make it faster and for you knowlowdge i am connectcted to cisco2811 then to soho (isp provided router)

thank you so much

regard

NB may i get you email address please

are_khatri Tue, 07/17/2007 - 05:11

change the configuration of:

ip nat inside source list 2 interface FastEthernet0/0 overload

to

ip nat inside source list 2 interface FastEthernet0/1 overload

as your outside interface is fe0/1 not 0/0.

Rate if it helps

haifazakr Tue, 07/17/2007 - 05:22

thank you mr khatri

really appreciated

i was wondering why the internet access is kind of slow

may you direct me please

thank you any way

spremkumar Tue, 07/17/2007 - 05:27

Hi

How are you measuring the performance of the internet access ?

do you have any tool being used out there to check out the same ?

did you check up the utilisation with reference to the bandwidth subscribed from your SP ?

regds

haifazakr Wed, 07/18/2007 - 00:29

hello mr kumar

sorry being late i had to leave yesterday

>How are you measuring the performance of the internet access ?

it does seem to me slow in terms of 2 m adsl line and only my pc is connected to this public ip address and cisco2811 right now

>do you have any tool being used out there to check out the same ?

no if u know about any good one i'll be very thankful

NB serving the net still a bit slow

Regards

spremkumar Wed, 07/18/2007 - 01:20

Hi

You can verify the speed on 2 interfaces one is on your LAN (fastethernet interface) and also on your WAN (which gets u connected to the outside world)...

You can make use of some freeware tools to monitor the same..

http://www.paessler.com/prtg

Also the best possible test would be doing simultaneous downloads with only pc from multiple sites and check the performance of the link as well as the maximum usage either directly on the interface or with the tool..

regds

haifazakr Wed, 07/18/2007 - 05:21

Sir

i 've downloaded ( PRTG Traffic Grapher 6.1.0.756 Setup (Freeware and Trial only).exe)

and i was watching the traffic on cisco2811 i've noticed that the (Traffice bandwith in )is so small (fluctuating between 10 and 20 kb/second) while (Traffice bandwith out)reaches 250 kb/second

i've tried to download softwares from different sites but still the bandwith sooo low

any hint?

waiting for your reply

thank you so much

spremkumar Wed, 07/18/2007 - 20:23

Hi

Can you revert the bandwidth subscribed from your isp ?

Also can you change the load interval under the interfaces to 30 Seconds and check.

You can also directly log on to the router and check for the interface utilisation.

Have you tried downloading files ? whats the the total speed getting displayed during the download process ? and also is there any variations been observed to the average download speed and the speed gettig displayed once the download is completed..

regds

haifazakr Thu, 07/19/2007 - 02:06

hello sir

i am going to reconstruct our network because we have so slow access and there are some week points we have to eliminate them so i would be very thankful if you could give me a hand

the problems are :

1- in the drwing attached to this post our

major week point is the ISA server which goes off and on many times and, this server is our main gateway for all workstations and servers in the HQ and branch offices

2- the SOHO ISP Router will be replaced with cisco 2811

now u may refer to the attached drawing and give me some suggestions(speciall about routing and default gate-way)

very appreciated your kind redirections

thank you

Attachment: 
spremkumar Thu, 07/19/2007 - 02:53

Hi

Simple network architecture would be pointing all the default gateway of all the servers to the respective zones configured in the firewall.

And in the firewall make sure that you have certain policies to allow connections from outside world.

Also now you have simple router/firewall concept your firewall's outside interface can be made pointing towards the lan interface of the router which will be the default gateway for the same.

And you have the router with enhanced filtering ACL's applied to allow matching to the connections permitted in the firewall.

BTW what kinda addressing being used in LAN ?

Is that belongs to public ip space or private address space ??

regds

haifazakr Sun, 07/22/2007 - 03:52

thank you mr kumar you really in help

may be this is the final question

is my network secure with only pix 506e?? or do i need anther layer of protection

thank you again

spremkumar Sun, 07/22/2007 - 19:15

Hi

In general you can have a PIX firewall which is more than enough on the security prespective but if you have some multihoming/policy routing or any other routing protocol requirement (which i feel is not there in ur case) you can go for a router which can take care of the same..

regds

haifazakr Tue, 08/07/2007 - 00:46

sir

how are you doing?

i am having problem with surfcontrol web filter which is :

my web filter has been configured to block the chatting sites and it works fine for most of my users but still few of them in the head office and branch offices are able to bypass the filter and chat freely

and advice?

and if you have no idea about it

would you please tell me how to do this with pix506e

thank you

Actions

This Discussion