Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

831 Router cannot connect to the Internet.

Hello,

I purchased new 831 router. I know my way around Cisco, so I decided to program it myself. For some reason I cannot connect to the Internet. Can you please help me with this?

The following is the configuration of my router. Can you see anything wrong?

Router#sh run
Building configuration...

Current configuration : 3379 bytes
!
version 12.4
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
clock timezone CST -6
clock summer-time CDT recurring
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.150
ip dhcp excluded-address 192.168.0.200 192.168.0.255
!
ip dhcp pool CLIENT
   import all
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.1
   dns-server 8.8.8.8 8.8.4.4
   lease 0 1
!
!
ip cef
no ip domain lookup
ip inspect name IPFW tcp
ip inspect name IPFW udp
ip inspect name IPFW cuseeme
ip inspect name IPFW ftp
ip inspect name IPFW tftp
ip inspect name IPFW rcmd
ip inspect name IPFW realaudio
ip inspect name IPFW smtp
ip inspect name IPFW h323
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
username cisco privilege 15 secret 5 $1$.PGD$oO8q1na6Wp3iYle/ei7ci0
!
!
!
!
!
!
interface Ethernet0
 description LAN switch ports on inside interface
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 no cdp enable
 hold-queue 32 in
!
interface Ethernet1
 description WAN interface to ISP using DHCP
 ip address dhcp client-id Ethernet1
 ip access-group IPFW-ACL in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip inspect IPFW out
 ip virtual-reassembly
 duplex auto
 no cdp enable
!
interface Ethernet2
 no ip address
 shutdown
!
interface FastEthernet1
 duplex auto
 speed auto
!
interface FastEthernet2
 duplex auto
 speed auto
!
interface FastEthernet3
 duplex auto
 speed auto
!
interface FastEthernet4
 duplex auto
 speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http max-connections 4
ip http timeout-policy idle 600 life 86400 requests 10000
!
ip nat inside source list 102 interface Ethernet1 overload
ip nat inside source static tcp 192.168.0.5 3389 interface Ethernet1 3389
!
!
ip access-list extended IPFW-ACL
 permit icmp any any administratively-prohibited
 permit icmp any any echo-reply
 permit icmp any any packet-too-big
 permit icmp any any time-exceeded
 permit icmp any any traceroute
 deny   ip any any
access-list 23 permit 192.168.0.0 0.0.0.255
!
!
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router Web Setup (CRWS) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco".

Please change these publicly known initial credentials using CRWS or the IOS CLI.
Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use.

For more information about CRWS please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/en/US/products/sw/netmgtsw/ps2076/prod_troubleshooting_guide09186a0080132c3c.html
-----------------------------------------------------------------------
^C
!
line con 0
 exec-timeout 120 0
 login local
 no modem enable
 stopbits 1
line aux 0
line vty 0 4
 access-class 23 in
 exec-timeout 120 0
 login local
!
scheduler max-task-time 5000
ntp logging
end

Router#

Thank you for your time.

 

3 REPLIES

What is the state of the E1

What is the state of the E1 interface?
Can you get a valid IP address from ISP DHCP?

If all is ok, try to remove the "ip access-group IPFW-ACL in" from WAN.
In this ACL there is a "deny   ip any any"  that blocks all traffic.

Regards.

Community Member

Thank you for your reply. I

Thank you for your reply. I removed as much as I could from that interface. Now it looks like this:

interface Ethernet1
 description WAN interface to ISP using DHCP
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 no cdp enable

I checked and the interface is up and it has public IP address: Ethernet1 is up, line protocol is up.

I can ping internet from router, but I cannot do it from workstation that is directly connected to the router and has IP address assigned by the router.

In additions, I discovered that if I try to ping by name from the router, it cannot resolve the name. I can ping by IP, but not by the name.

Any other ideas?

Thank you.

Community Member

I was able to make it work.

I was able to make it work. In the end, I had to configure "permit ip any any" on the firewall.

116
Views
0
Helpful
3
Replies
CreatePlease to create content