iMac and 2800 router problems

Unanswered Question
Mar 12th, 2010
User Badges:

I have a 2800 router that works just fine with about 50 PCs and 1 other Mac. When I connect the new iMac 27" to my network I can't get to the internet. It shows all the correct addresses and can see everything on my LAN, but can't see out past the router. If I put a cheap netgear router between the iMac and the 2800 and double NAT, I can get to the internet. What could be wrong with the router, or iMac? Could there be a firmware update for the router? All of the updates for the iMac have been applied, and it's running 10.2.6. Any ideas? Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Javier Henderson Tue, 03/16/2010 - 08:12
User Badges:
  • Cisco Employee,

Richard,


I assume you meant OS X 10.6.2


When you have your iMac connected to the 2800, does it show a default gateway in its routing table?


Run this command on a terminal session on the iMac:


netstat -rn


and see if there is an entry that states "default" with the IP address of your router.


For example:


% netstat -rn
Routing tables


Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
default            192.168.1.1       UGSc       147238        0     en0

rutegg Tue, 03/16/2010 - 11:55
User Badges:

Yes, i ment OS X 10.6.2.


When I run the netstat -rn the gateway is shown, and it is the correct address for the router.


To get the system running and working on my network I have it conntect to a wireless router that routes through the 2800 to get her internet access, and have the wired connection on a static manual ip without the gateway address. It lets me see our internal network and gives us internet access for now.


I appreciate your help. Any other ideas?

Javier Henderson Tue, 03/16/2010 - 11:59
User Badges:
  • Cisco Employee,

With the iMac not connected to the wireless network and after verifying that the default route points to the 2800, can you do a traceroute to some address on the Internet and post the results here?

rutegg Fri, 03/19/2010 - 10:16
User Badges:

Sorry it took so long to get back in here. I tried the traceroute and it failed. I can ping other computers and I can ping the router.  Any other ideas or things to try?

Javier Henderson Fri, 03/19/2010 - 10:17
User Badges:
  • Cisco Employee,

What do you mean by "it failed"?


Can you please post the output of the traceroute?

Javier Henderson Fri, 03/19/2010 - 10:49
User Badges:
  • Cisco Employee,

Try tracerouting to an IP address rather than a hostname.


For example, traceroute  157.166.226.26

rutegg Fri, 03/19/2010 - 13:18
User Badges:

Not sure if you saw my reply, so I'lll post it again.


Rose-Horenskys-iMac:~ rosehorensky$ traceroute  157.166.226.26

traceroute to 157.166.226.26  (157.166.226.26), 64 hops max, 52 byte packets

1  192.168.1.221 (192.168.1.221)  1.226 ms  0.879 ms  0.745 ms

2  * * *

3  * * *

4  * * *

5  * * *

6  * * *

7  * * *

8  * * *

9  * * *

10  * * *

11  * * *

12  * * *

13  * * *

14  * * *

^C

rutegg Fri, 03/19/2010 - 11:27
User Badges:

Yes, I turn off the air card, and turn on dhcp on the wired for each of the tests. With the air card on, everything works just fine. Here are the results from using the ip for cnn.com. I stopped it after 14 hop tried.


/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

Rose-Horenskys-iMac:~ rosehorensky$ traceroute 15.166.226.26

traceroute to 15.166.226.26 (15.166.226.26), 64 hops max, 52 byte packets

1  192.168.1.221 (192.168.1.221)  0.985 ms  1.026 ms  0.818 ms

2  * * *

3  * * *

4  * * *

5  * * *

6  * * *

7  * * *

8  * * *

9  * * *

10  * * *

11  * * *

12  * * *

13  * * *

14  * * *

^C


rutegg Fri, 03/19/2010 - 11:50
User Badges:

Sorry, I mistyped on my traceroute, but have the same results.




/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

Rose-Horenskys-iMac:~ rosehorensky$ traceroute 157.166.226.26

traceroute to 157.166.226.26 (157.166.226.26), 64 hops max, 52 byte packets

1  192.168.1.221 (192.168.1.221)  1.226 ms  0.879 ms  0.745 ms

2  * * *

3  * * *

4  * * *

5  * * *

6  * * *

7  * * *

8  * * *

9  * * *

10  * * *

11  * * *

12  * * *

13  * * *

14  * * *

^C

andrewswanson Fri, 03/19/2010 - 14:10
User Badges:
  • Silver, 250 points or more

can you ping external IP addresses? try a ping to 4.2.2.2 - if that responds try a traceroute to 4.2.2.2 with the -n flag

rutegg Mon, 03/22/2010 - 08:10
User Badges:

No, can't ping to anything outside the local network, even dns addresses. I can't see beyond the Cisco router using the wired adapter. Don't give up guys. There has to be some crazy reason for this. Any idea what the packets look like coming from the iMac? Does Snow Leopard do something new and fancy or strange?

andrewswanson Mon, 03/22/2010 - 08:33
User Badges:
  • Silver, 250 points or more

can you post the config of the 2800?

rutegg Mon, 03/22/2010 - 08:54
User Badges:

Current configuration : 5992 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname UGL_ROUTER
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
ip inspect name Internet tcp
ip inspect name Internet udp
ip inspect name Internet cuseeme
ip inspect name Internet ftp
ip inspect name Internet h323
ip inspect name Internet rcmd
ip inspect name Internet realaudio
ip inspect name Internet streamworks
ip inspect name Internet vdolive
ip inspect name Internet sqlnet
ip inspect name Internet tftp
ip inspect name Internet http java-list 90
no ip dhcp use vrf connected
!
!
no ip ips deny-action ips-interface
no ip domain lookup
ip domain name yourdomain.com
ip name-server 129.250.35.250
!
!
!
crypto pki trustpoint TP-self-signed-2927018261
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2927018261
revocation-check none
rsakeypair TP-self-signed-2927018261
!
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key xpnts.1999 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set TRANSFORM esp-des esp-md5-hmac
!
crypto dynamic-map DYNAMAP 10
set transform-set TRANSFORM
match address 115
!
!
crypto map CRYPTOMAP 10 ipsec-isakmp dynamic DYNAMAP
!
!
!
interface FastEthernet0/0
ip address 24.38.10.66 255.255.255.192
ip access-group 104 in
ip inspect Internet out
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map CRYPTOMAP
!
interface FastEthernet0/1
ip address 192.168.1.201 255.255.255.0 secondary
ip address 192.168.1.221 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip local pool VPNPOOL 192.168.200.1 192.168.200.50
ip classless
ip route 0.0.0.0 0.0.0.0 24.38.10.65
!
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source route-map NONAT interface FastEthernet0/0 overload
ip nat inside source static 192.168.1.7 24.38.10.69
ip nat inside source static tcp 192.168.1.225 20 24.38.10.70 20 extendable
ip nat inside source static tcp 192.168.1.225 21 24.38.10.70 21 extendable
ip nat inside source static tcp 192.168.1.222 1723 24.38.10.70 1723 extendable
ip nat inside source static 192.168.1.2 24.38.10.74
!
access-list 90 permit any
access-list 101 deny   ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 104 permit ahp any any
access-list 104 permit esp any any
access-list 104 permit udp any any eq isakmp
access-list 104 permit gre any any
access-list 104 remark Allow for Return of ICMP Packets
access-list 104 permit icmp any any
access-list 104 remark Allow VPN Traffic
access-list 104 permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 104 permit tcp any host 24.38.10.69 eq 9080
access-list 104 permit tcp any host 24.38.10.74 eq smtp
access-list 104 permit tcp any host 24.38.10.70 eq ftp
access-list 104 permit tcp any host 24.38.10.70 eq 1723
access-list 104 permit tcp any host 24.38.10.74 eq pop3
access-list 115 permit ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 115 permit ip 192.168.1.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 115 deny   ip 192.168.1.0 0.0.0.255 any
access-list 120 deny   ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 120 deny   ip 192.168.1.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 120 permit ip 192.168.1.0 0.0.0.255 any
route-map NONAT permit 10
match ip address 120
!
!
!
control-plane
!
!
banner motd ^CC


****************************************************************************
* This is a private computer/communication facility. Access to it for any  *
* reason must be specifically authorized.   System personnel will/may      *
* monitor for unauthorized activity.  Anyone using this system expressly   *
* consents to such monitoring.  Your continued access, if unauthorized,    *
* may result in criminal and/or civil proceedings.                         *
****************************************************************************
^C
!
scheduler allocate 20000 1000
!
end

Actions

This Discussion