Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

iMac and 2800 router problems

I have a 2800 router that works just fine with about 50 PCs and 1 other Mac. When I connect the new iMac 27" to my network I can't get to the internet. It shows all the correct addresses and can see everything on my LAN, but can't see out past the router. If I put a cheap netgear router between the iMac and the 2800 and double NAT, I can get to the internet. What could be wrong with the router, or iMac? Could there be a firmware update for the router? All of the updates for the iMac have been applied, and it's running 10.2.6. Any ideas? Thanks.

15 REPLIES
Cisco Employee

Re: iMac and 2800 router problems

Richard,

I assume you meant OS X 10.6.2

When you have your iMac connected to the 2800, does it show a default gateway in its routing table?

Run this command on a terminal session on the iMac:

netstat -rn

and see if there is an entry that states "default" with the IP address of your router.


For example:

% netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
default            192.168.1.1       UGSc       147238        0     en0

New Member

Re: iMac and 2800 router problems

Yes, i ment OS X 10.6.2.

When I run the netstat -rn the gateway is shown, and it is the correct address for the router.

To get the system running and working on my network I have it conntect to a wireless router that routes through the 2800 to get her internet access, and have the wired connection on a static manual ip without the gateway address. It lets me see our internal network and gives us internet access for now.

I appreciate your help. Any other ideas?

Cisco Employee

Re: iMac and 2800 router problems

With the iMac not connected to the wireless network and after verifying that the default route points to the 2800, can you do a traceroute to some address on the Internet and post the results here?

New Member

Re: iMac and 2800 router problems

Sorry it took so long to get back in here. I tried the traceroute and it failed. I can ping other computers and I can ping the router.  Any other ideas or things to try?

Cisco Employee

Re: iMac and 2800 router problems

What do you mean by "it failed"?


Can you please post the output of the traceroute?

New Member

Re: iMac and 2800 router problems

Traceroute: unknown host www.cnn.com

Cisco Employee

Re: iMac and 2800 router problems

Try tracerouting to an IP address rather than a hostname.

For example, traceroute  157.166.226.26

New Member

Re: iMac and 2800 router problems

Not sure if you saw my reply, so I'lll post it again.

Rose-Horenskys-iMac:~ rosehorensky$ traceroute  157.166.226.26

traceroute to 157.166.226.26  (157.166.226.26), 64 hops max, 52 byte packets

1  192.168.1.221 (192.168.1.221)  1.226 ms  0.879 ms  0.745 ms

2  * * *

3  * * *

4  * * *

5  * * *

6  * * *

7  * * *

8  * * *

9  * * *

10  * * *

11  * * *

12  * * *

13  * * *

14  * * *

^C

New Member

Re: iMac and 2800 router problems

Make sure the Airport wireless card is turned off.

New Member

Re: iMac and 2800 router problems

Yes, I turn off the air card, and turn on dhcp on the wired for each of the tests. With the air card on, everything works just fine. Here are the results from using the ip for cnn.com. I stopped it after 14 hop tried.

Rose-Horenskys-iMac:~ rosehorensky$ traceroute 15.166.226.26

traceroute to 15.166.226.26 (15.166.226.26), 64 hops max, 52 byte packets

1  192.168.1.221 (192.168.1.221)  0.985 ms  1.026 ms  0.818 ms

2  * * *

3  * * *

4  * * *

5  * * *

6  * * *

7  * * *

8  * * *

9  * * *

10  * * *

11  * * *

12  * * *

13  * * *

14  * * *

^C

New Member

Re: iMac and 2800 router problems

Sorry, I mistyped on my traceroute, but have the same results.


Rose-Horenskys-iMac:~ rosehorensky$ traceroute 157.166.226.26

traceroute to 157.166.226.26 (157.166.226.26), 64 hops max, 52 byte packets

1  192.168.1.221 (192.168.1.221)  1.226 ms  0.879 ms  0.745 ms

2  * * *

3  * * *

4  * * *

5  * * *

6  * * *

7  * * *

8  * * *

9  * * *

10  * * *

11  * * *

12  * * *

13  * * *

14  * * *

^C

Re: iMac and 2800 router problems

can you ping external IP addresses? try a ping to 4.2.2.2 - if that responds try a traceroute to 4.2.2.2 with the -n flag

New Member

Re: iMac and 2800 router problems

No, can't ping to anything outside the local network, even dns addresses. I can't see beyond the Cisco router using the wired adapter. Don't give up guys. There has to be some crazy reason for this. Any idea what the packets look like coming from the iMac? Does Snow Leopard do something new and fancy or strange?

Re: iMac and 2800 router problems

can you post the config of the 2800?

New Member

Re: iMac and 2800 router problems

Current configuration : 5992 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname UGL_ROUTER
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
ip inspect name Internet tcp
ip inspect name Internet udp
ip inspect name Internet cuseeme
ip inspect name Internet ftp
ip inspect name Internet h323
ip inspect name Internet rcmd
ip inspect name Internet realaudio
ip inspect name Internet streamworks
ip inspect name Internet vdolive
ip inspect name Internet sqlnet
ip inspect name Internet tftp
ip inspect name Internet http java-list 90
no ip dhcp use vrf connected
!
!
no ip ips deny-action ips-interface
no ip domain lookup
ip domain name yourdomain.com
ip name-server 129.250.35.250
!
!
!
crypto pki trustpoint TP-self-signed-2927018261
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2927018261
revocation-check none
rsakeypair TP-self-signed-2927018261
!
!
!
!
crypto isakmp policy 1
hash md5
authentication pre-share
crypto isakmp key xpnts.1999 address 0.0.0.0 0.0.0.0
!
!
crypto ipsec transform-set TRANSFORM esp-des esp-md5-hmac
!
crypto dynamic-map DYNAMAP 10
set transform-set TRANSFORM
match address 115
!
!
crypto map CRYPTOMAP 10 ipsec-isakmp dynamic DYNAMAP
!
!
!
interface FastEthernet0/0
ip address 24.38.10.66 255.255.255.192
ip access-group 104 in
ip inspect Internet out
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map CRYPTOMAP
!
interface FastEthernet0/1
ip address 192.168.1.201 255.255.255.0 secondary
ip address 192.168.1.221 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip local pool VPNPOOL 192.168.200.1 192.168.200.50
ip classless
ip route 0.0.0.0 0.0.0.0 24.38.10.65
!
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source route-map NONAT interface FastEthernet0/0 overload
ip nat inside source static 192.168.1.7 24.38.10.69
ip nat inside source static tcp 192.168.1.225 20 24.38.10.70 20 extendable
ip nat inside source static tcp 192.168.1.225 21 24.38.10.70 21 extendable
ip nat inside source static tcp 192.168.1.222 1723 24.38.10.70 1723 extendable
ip nat inside source static 192.168.1.2 24.38.10.74
!
access-list 90 permit any
access-list 101 deny   ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 104 permit ahp any any
access-list 104 permit esp any any
access-list 104 permit udp any any eq isakmp
access-list 104 permit gre any any
access-list 104 remark Allow for Return of ICMP Packets
access-list 104 permit icmp any any
access-list 104 remark Allow VPN Traffic
access-list 104 permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 104 permit tcp any host 24.38.10.69 eq 9080
access-list 104 permit tcp any host 24.38.10.74 eq smtp
access-list 104 permit tcp any host 24.38.10.70 eq ftp
access-list 104 permit tcp any host 24.38.10.70 eq 1723
access-list 104 permit tcp any host 24.38.10.74 eq pop3
access-list 115 permit ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 115 permit ip 192.168.1.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 115 deny   ip 192.168.1.0 0.0.0.255 any
access-list 120 deny   ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 120 deny   ip 192.168.1.0 0.0.0.255 192.168.20.0 0.0.0.255
access-list 120 permit ip 192.168.1.0 0.0.0.255 any
route-map NONAT permit 10
match ip address 120
!
!
!
control-plane
!
!
banner motd ^CC

****************************************************************************
* This is a private computer/communication facility. Access to it for any  *
* reason must be specifically authorized.   System personnel will/may      *
* monitor for unauthorized activity.  Anyone using this system expressly   *
* consents to such monitoring.  Your continued access, if unauthorized,    *
* may result in criminal and/or civil proceedings.                         *
****************************************************************************
^C
!
scheduler allocate 20000 1000
!
end

1192
Views
0
Helpful
15
Replies
CreatePlease to create content