Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
926
Views
5
Helpful
3
Replies

Can't ping internet from AIM-CUE

gabe
Level 1
Level 1

‎03-22-2008 06:19 PM - edited ‎03-15-2019 09:35 AM

Hello, installed AIM-CUE with 2.3.4 into 2691 with CME.

- From the router's CLI I can ping CUE.

- From the CUE's CLI I can ping router and all of the local LAN.

- I can access the CUE's web GUI from the LAN without any problem.

- I CAN'T ping any internet IPs from the CUE, so NTP does not work.

I think I have been going around in circles for the last few hours, please help:

show run: (took out the obviously non related configs)

no aaa new-model

memory-size iomem 15

no ip source-route

ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.168.30 192.168.168.255

ip dhcp excluded-address 192.168.169.200 192.168.169.255

!

ip dhcp pool voice

network 192.168.169.0 255.255.255.0

default-router 192.168.169.254

dns-server 208.67.222.222 208.67.220.220

option 150 ip 192.168.169.254

!

ip dhcp pool data

network 192.168.168.0 255.255.255.0

default-router 192.168.168.254

dns-server 208.67.222.222 208.67.220.220

!

!

no ip bootp server

no ip domain lookup

ip name-server 208.67.222.222

ip name-server 208.67.220.220

!

multilink bundle-name authenticated

!

!

interface ATM0/0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0/0.35 point-to-point

bandwidth 320

no ip redirects

no ip unreachables

no ip proxy-arp

no snmp trap link-status

pvc 0/35

vbr-nrt 320 320

tx-ring-limit 3

service-policy output ADSL

max-reserved-bandwidth 100

pppoe-client dial-pool-number 1

!

!

interface FastEthernet0/0

description LAN Interface

ip address 192.168.168.254 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

no ip mroute-cache

duplex auto

speed auto

no mop enabled

!

interface FastEthernet0/0.20

encapsulation dot1Q 20

ip address 192.168.169.254 255.255.255.0

ip helper-address 192.168.168.254

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

no ip mroute-cache

!

interface Service-Engine0/0

ip unnumbered FastEthernet0/0.20

service-module ip address 192.168.169.253 255.255.255.0

service-module ip default-gateway 192.168.169.254

!

interface FastEthernet0/1

shutdown

!

interface Dialer1

description ADSL Dialer Interface

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication pap callin

ppp pap sent-username ******************* password 7 ***********************

ppp ipcp dns request

ppp ipcp route default

!

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 192.168.169.253 255.255.255.255 Service-Engine0/0

!

!

ip http server

ip http authentication local

no ip http secure-server

ip http path flash:

ip nat inside source list 1 interface Dialer1 overload

ip nat inside source static tcp 192.168.168.202 80 99.138.112.54 80 extendable

ip nat inside source static tcp 192.168.168.202 5721 99.138.112.54 5721 extendable

!

access-list 1 permit 192.168.0.0 0.0.255.255

dialer-list 1 protocol ip permit

! !

telephony-service

ip source-address 192.168.169.254 port 2000

show ip route:

Gateway of last resort is a.b.113.254 to network 0.0.0.0

a.0.0.0/32 is subnetted, 2 subnets

C a.b.113.254 is directly connected, Dialer1

C a.b.112.54 is directly connected, Dialer1

C 192.168.168.0/24 is directly connected, FastEthernet0/0

192.168.169.0/24 is variably subnetted, 2 subnets, 2 masks

S 192.168.169.253/32 is directly connected, Service-Engine0/0

C 192.168.169.0/24 is directly connected, FastEthernet0/0.20

S* 0.0.0.0/0 [1/0] via a.b.113.254

is directly connected, Dialer1

Thanks.

Labels:
0 Helpful
3 Replies 3

paolo bevilacqua
Hall of Fame
Hall of Fame

‎03-22-2008 06:27 PM

Hi, int se0/0 should have ip nat inside.

But, if it's just for ntp, configure the router with ntp and make the cue reference to it.

Also remember to put an access-list blocking SIP and H323 on the internet interface else you can be subject to toll fraud.

Hope this helps, please rate post if it does!

gabe
Level 1
Level 1
In response to paolo bevilacqua

‎03-22-2008 06:40 PM

Thank you! That did it. I completely overlooked the nat!

Can you give me an example on the SIP/H323 blocking?

I really appreciate the help!

0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame
In response to gabe

‎03-23-2008 11:23 AM

Good to know it helped. A simple access list can be like:

access-list 100 deny udp any any eq 5060

access-list 100 deny tcp any any eq 5060

access-list 100 deny tcp any any eq 1720

access-list 100 permit ip any any

interface dialer0

ip access-group 100 in

Thanks for the nice rating and good luck!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents