Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Can't ping internet from AIM-CUE

Hello, installed AIM-CUE with 2.3.4 into 2691 with CME.

- From the router's CLI I can ping CUE.

- From the CUE's CLI I can ping router and all of the local LAN.

- I can access the CUE's web GUI from the LAN without any problem.

- I CAN'T ping any internet IPs from the CUE, so NTP does not work.

I think I have been going around in circles for the last few hours, please help:

show run: (took out the obviously non related configs)

no aaa new-model

memory-size iomem 15

no ip source-route

ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.168.30 192.168.168.255

ip dhcp excluded-address 192.168.169.200 192.168.169.255

!

ip dhcp pool voice

network 192.168.169.0 255.255.255.0

default-router 192.168.169.254

dns-server 208.67.222.222 208.67.220.220

option 150 ip 192.168.169.254

!

ip dhcp pool data

network 192.168.168.0 255.255.255.0

default-router 192.168.168.254

dns-server 208.67.222.222 208.67.220.220

!

!

no ip bootp server

no ip domain lookup

ip name-server 208.67.222.222

ip name-server 208.67.220.220

!

multilink bundle-name authenticated

!

!

interface ATM0/0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0/0.35 point-to-point

bandwidth 320

no ip redirects

no ip unreachables

no ip proxy-arp

no snmp trap link-status

pvc 0/35

vbr-nrt 320 320

tx-ring-limit 3

service-policy output ADSL

max-reserved-bandwidth 100

pppoe-client dial-pool-number 1

!

!

interface FastEthernet0/0

description LAN Interface

ip address 192.168.168.254 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

no ip mroute-cache

duplex auto

speed auto

no mop enabled

!

interface FastEthernet0/0.20

encapsulation dot1Q 20

ip address 192.168.169.254 255.255.255.0

ip helper-address 192.168.168.254

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

no ip mroute-cache

!

interface Service-Engine0/0

ip unnumbered FastEthernet0/0.20

service-module ip address 192.168.169.253 255.255.255.0

service-module ip default-gateway 192.168.169.254

!

interface FastEthernet0/1

shutdown

!

interface Dialer1

description ADSL Dialer Interface

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication pap callin

ppp pap sent-username ******************* password 7 ***********************

ppp ipcp dns request

ppp ipcp route default

!

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 192.168.169.253 255.255.255.255 Service-Engine0/0

!

!

ip http server

ip http authentication local

no ip http secure-server

ip http path flash:

ip nat inside source list 1 interface Dialer1 overload

ip nat inside source static tcp 192.168.168.202 80 99.138.112.54 80 extendable

ip nat inside source static tcp 192.168.168.202 5721 99.138.112.54 5721 extendable

!

access-list 1 permit 192.168.0.0 0.0.255.255

dialer-list 1 protocol ip permit

! !

telephony-service

ip source-address 192.168.169.254 port 2000

show ip route:

Gateway of last resort is a.b.113.254 to network 0.0.0.0

a.0.0.0/32 is subnetted, 2 subnets

C a.b.113.254 is directly connected, Dialer1

C a.b.112.54 is directly connected, Dialer1

C 192.168.168.0/24 is directly connected, FastEthernet0/0

192.168.169.0/24 is variably subnetted, 2 subnets, 2 masks

S 192.168.169.253/32 is directly connected, Service-Engine0/0

C 192.168.169.0/24 is directly connected, FastEthernet0/0.20

S* 0.0.0.0/0 [1/0] via a.b.113.254

is directly connected, Dialer1

Thanks.

3 REPLIES
Hall of Fame Super Gold

Re: Can't ping internet from AIM-CUE

Hi, int se0/0 should have ip nat inside.

But, if it's just for ntp, configure the router with ntp and make the cue reference to it.

Also remember to put an access-list blocking SIP and H323 on the internet interface else you can be subject to toll fraud.

Hope this helps, please rate post if it does!

Community Member

Re: Can't ping internet from AIM-CUE

Thank you! That did it. I completely overlooked the nat!

Can you give me an example on the SIP/H323 blocking?

I really appreciate the help!

Hall of Fame Super Gold

Re: Can't ping internet from AIM-CUE

Good to know it helped. A simple access list can be like:

access-list 100 deny udp any any eq 5060

access-list 100 deny tcp any any eq 5060

access-list 100 deny tcp any any eq 1720

access-list 100 permit ip any any

interface dialer0

ip access-group 100 in

Thanks for the nice rating and good luck!

668
Views
5
Helpful
3
Replies
CreatePlease to create content