Trouble Setting up 851W

Unanswered Question
May 17th, 2008

I'm having trouble accessing the Internet after using SDM to setup my 851W. At this point, I'm just trying to get the wired LAN working.

- DHCP on router

- WAN (FE04) gets DHCP address from cable modem

- Firewall enabled

- Local PC does get DHCP address from router

- Can see everything within LAN

- No WAN access (Internet)

Any help would be appreciated.

Attached is a copy of current config:

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ohassairi Sat, 05/17/2008 - 08:25

1-can you disable the firewall then make a test?

2-can you display the output of show ip route?

Richard Burts Sat, 05/17/2008 - 08:53


When I hear a problem described with symptoms like yours that devices on the LAN can communicate but can not access the Internet my first reaction is to suspect a problem with address translation. But your NAT (actually PAT) looks ok. I believe that there is a different problem and that it is your default route. You have configured this:

ip route FastEthernet4 permanent

a static route pointing to a LAN interface will require that the router ARP for every remote address. And the success of that depends on whether the provider has enabled proxy arp on their router. In you case my guess is that the provider has not enabled proxy arp. One way to check my theory is to see if the router can access any Internet resource (try to access by IP address as well as by name to eliminate the possibility that it is a DNS resolution issue).

I would suggest that you change the default route to this:

ip route dhcp

Give it a try and let us know if it helps.



Richard Burts Sat, 05/17/2008 - 09:02


After posting my response I took another look at your config and I see another issue. I still think that my suggestion about the static default route is valid, but there is another problem which may also be causing your problem. Look at access list 101 which is applied inbound on your outside interface. That access list permits DHCP, permits ping response, it permits time exceeded and host unreachable which would allow traceroute to work. And then it denies everything else.

So I have a slightly different test to suggest. On the router attempt to ping (or traceroute) to some Internet resource (by IP address since a DNS response will not be permitted). If the ping fails then my first suggestion about the static route is the main problem. If the ping succeeds then the default route is working and the main problem is the access list.

Whether you change the static default route, you will certainly have to change the access list before your network will work.



dustin.fennell Sat, 05/17/2008 - 09:28

I want to thank you all for your replies. I ended up getting a TAC incident established. This was the resolution. My ISP controls access by only giving an IP address to the device with the registered MAC address for the WAN connection.

To resolve the issue, I had to command line configure my WAN inteface's mac address.

config interface fastethernet 4 mac-address 0000.0000.0000

Then the router got a WAN IP address and I was able to access th Internet.

I've got my wireless connection setup as well and will continue to mess around with the router. One I get my final config in place, I'll post it to allow the experts to take a look at it to see if I have any major issues that I don't know about.

Thanks! :-)

Richard Burts Sat, 05/17/2008 - 09:35


It is interesting the restriction that the TAC helped you to find and congratulations on getting that part of it resolved.

Have you done anything with access list 101? That will also be a problem that needs to be resolved.




This Discussion