Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
397
Views
0
Helpful
2
Replies

Cisco 891W router: can't get WAN to connect (simple broadband setup)

ValleyITPC
Level 1
Level 1

‎11-05-2014 07:49 AM - edited ‎03-07-2019 09:23 PM

Hello.  I am working with a I believe very simple setup here, yet I can't seem to get a connection working.  I have a 891W router, IOS 15.2.  I have 6 such routers deployed at other sites, all with the same ISP and type of static IP cable modem setup, and they all work.  It is only this one that doesn't.  I have compared settings between this and some of the other routers, and am convinced I am doing everything properly.  However I must be missing something else this would work.

 

The gig0 interface is set up fine, it has the proper ipv4 address and mask, it is part of the ip nat outside and zone-member security outside groups.  no shut is done - each time I unplug the CAT6 cable from the port it registers line and protocol up/down status.

 

I have a policy map and class map structure set up for an INSIDE-OUTSIDE access list which simply inspects all traffic from all LAN IP's to the outside world, with a route-map set up for NAT functions specifying the interface in question (gig0) and the overload parameter.

 

But still I am not strong on Cisco knowledge.  I don't have ping enabled to function to/from the router itself and am not sure how to.  So my only way to test connectivity is to ping through the router (from LAN to WAN), but I get nothing.  I can ping from a host on LAN to the gig0 int WAN IP address, but cannot ping past htat to the ISP's next hop, DNS servers, nor 8.8.8.8.

 

It has been a while, but how do I look at logs perhaps to see where the failure might be?  zone firewall logs, and so forth.  I used to know but completed forget now.  I would post a running config except it would take so long to filter the private data, that for now all I am looking to ask is ho to view logs that indicate traffic failure (or firewall logs showing drops), and how to properly enable ping in the zone firewall to ping FROM the router, but I am not wanting to ping TO the router from anywhere, though I suppose one has to enable the echo replies somehow too.

 

Thank you, sorry for the long post.

Labels:
0 Helpful
2 Replies 2

John Blakley
VIP Alumni
VIP Alumni

‎11-05-2014 08:46 AM

Can you post your config? What I would do personally is get just the basics configured and forget about ZBFW for now. Put the address on the wan/lan sides, configure nat, and see if that works...if it doesn't, you have some issue with the ISP or your connection to the modem.

HTH, John *** Please rate all useful posts ***
0 Helpful

ValleyITPC
Level 1
Level 1
In response to John Blakley

‎11-05-2014 09:14 AM

That makes perfect sense.  I worked until about 2AM on that last night so got a bit of tunnel vision boh then and when I made my post, but for sure I will do what you said.  Might be a day or two before I get back to this as it's a side project but I will reply here as soon as I get that done.  I might as well hold off posting the config since I'll be removing all the zbfw stuff anyway for this testing.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card