Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Looking for help reconfiguring 1841 router for internet access

Hello All,

I recently had comcast business line installed at my house and before the business line my network was working great. However, i started seeing some slowness on network when watching youtube videos and downloads taking forever to download, so i decided to reset the router to the default configuration thinking it is a configuration issue with the business class modem and the router.

All the VLans behind the 3550 switch works fine and i am able to ping internally and the comcast dns servers also. It seems there is some firewall issues or route issues that is missing as to why i am not able to get on the internet.

configuration is like this

1. Comcast SMC Modem

2. Cicso 1841: FA0/0 10.10.10.1   FA0/1 10.1.10.10

3. Catalyst 3550 running

!This is the running config of the router: 10.10.10.1
!----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname HQCR1841
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip tcp synwait-time 10
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.11 10.10.10.254
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.30.1
ip dhcp excluded-address 10.10.20.1
ip dhcp excluded-address 10.10.40.1
ip dhcp excluded-address 10.10.50.1
!
ip dhcp pool sdm-pool1
   import all
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
   dns-server 75.75.75.75 75.75.76.76
   domain-name mytechlab.org
!
ip dhcp pool Server-Pool
   import all
   network 10.10.30.0 255.255.255.0
   domain-name mytechlab.org
   dns-server 75.75.75.75 75.75.76.76
   default-router 10.10.30.1
!
ip dhcp pool Client-Pool
   import all
   network 10.10.20.0 255.255.255.0
   domain-name mytechlab.org
   dns-server 75.75.75.75 75.75.76.76
   default-router 10.10.20.1
!
ip dhcp pool HPILO-POOL
   import all
   network 10.10.40.0 255.255.255.0
   default-router 10.10.40.1
   domain-name mytechlab.org
   dns-server 75.75.75.75 75.75.76.76
!
ip dhcp pool APCDEV-Pool
   import all
   network 10.10.50.0 255.255.255.0
   domain-name mytechlab.org
   dns-server 75.75.75.75 75.75.76.76
   default-router 10.10.50.1
!
!
no ip bootp server
ip domain name mytechlab.org
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
crypto pki trustpoint TP-self-signed-1877487602
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1877487602
revocation-check none
rsakeypair TP-self-signed-1877487602
!
!
crypto pki certificate chain TP-self-signed-1877487602
certificate self-signed 01
  3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31383737 34383736 3032301E 170D3132 30313131 30323035
  34325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38373734
  38373630 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100E43E 73B0421E 35DE2F0F 23029C47 86B25CC9 236824B4 0948FC17 1E773F92
  DAB10AFF 41466306 DE4D69FA 75BB0D01 813FB674 D652C1C5 795F672C 5182A5F0
  3AA281DA B92BDC02 7A035D00 AE3716A5 A7482F16 52E5D6DE 30F65FAA E376AFF2
  7E7132B9 BF817F44 4BDCFD72 2A5BD28E F4E45B8F 9F83FFAB F9DE29FF B0873BBC
  05F50203 010001A3 76307430 0F060355 1D130101 FF040530 030101FF 30210603
  551D1104 1A301882 16485143 52313834 312E6D79 74656368 6C61622E 6F726730
  1F060355 1D230418 30168014 419506CC B5ABF9D4 961A8437 F8821260 0C27BD36
  301D0603 551D0E04 16041441 9506CCB5 ABF9D496 1A8437F8 8212600C 27BD3630
  0D06092A 864886F7 0D010104 05000381 81002B9D 663B814C B33DAFAF 68AA83AA
  971AD12E 5687981D 5A6FDDA0 87630C79 ED76CC1C 79051055 F057BE1D 6D386B67
  D961ED86 9408D8B1 FAE248C0 72742D1E DC1040C8 629F94C1 F9FDE761 A3983939
  BF354C9D 13C41AB8 B352ACFB 0A512A75 4F7CB401 CFC19413 4B0E5B2D 2F09A9E1
  1DEEA27A EBDC4937 75842A49 7690F22E 693B
  quit
username
!
!
!
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $ES_WAN$$FW_OUTSIDE$
ip address dhcp client-id FastEthernet0/1
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect DEFAULT100 out
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface Serial0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
!
ip classless
ip route 10.10.10.0 255.255.255.0 10.10.10.2
ip route 10.10.20.0 255.255.255.0 10.10.10.2
ip route 10.10.30.0 255.255.255.0 10.10.10.2
ip route 10.10.40.0 255.255.255.0 10.10.10.2
ip route 10.10.50.0 255.255.255.0 10.10.10.2
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet0/0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 10.10.20.0 0.0.0.255
access-list 1 permit 10.10.30.0 0.0.0.255
access-list 1 permit 10.10.40.0 0.0.0.255
access-list 1 permit 10.10.50.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 deny   ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip any any
no cdp run
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
end


Gateway of last resort is 10.1.10.1 to network 0.0.0.0

     10.0.0.0/24 is subnetted, 6 subnets
C       10.1.10.0 is directly connected, FastEthernet0/1
C       10.10.10.0 is directly connected, FastEthernet0/0
S       10.10.20.0 [1/0] via 10.10.10.2
S       10.10.30.0 [1/0] via 10.10.10.2
S       10.10.40.0 [1/0] via 10.10.10.2
S       10.10.50.0 [1/0] via 10.10.10.2
S*   0.0.0.0/0 [254/0] via 10.1.10.1
HQCR1841#

1 ACCEPTED SOLUTION

Accepted Solutions
Purple

Looking for help reconfiguring 1841 router for internet access

Hi,

Try this:

no ip nat inside source list 1 interface FastEthernet0/0 overload

ip nat inside source list 1 interface FastEthernet0/1 overload

Regards.

Alain

Don't forget to rate helpful posts.
16 REPLIES
Purple

Looking for help reconfiguring 1841 router for internet access

Hi,

you haven't applied the inspect command to the interface:

int f0/1

ip inspect DEFAULT100 out

Regards.

Alain

Don't forget to rate helpful posts.
New Member

Looking for help reconfiguring 1841 router for internet access

Tried adding it with no luck.

int f0/1

ip inspect DEFAULT100 out

Purple

Looking for help reconfiguring 1841 router for internet access

Hi,

add this ip inspect log drop-pkt in global config and try to ping 8.8.8.8 from an inside host.

Regards.

Alain

Don't forget to rate helpful posts.
New Member

Looking for help reconfiguring 1841 router for internet access

I added it and tried pinging 8.8.8.8 but i get request timed out from my workstation.

Purple

Looking for help reconfiguring 1841 router for internet access

Hi,

ok but did you see any log message on the router?

are you connected to the router via console ?

Can you post the output of sh log

Regards.

Alain

Don't forget to rate helpful posts.
New Member

Looking for help reconfiguring 1841 router for internet access

Syslog logging: enabled (1 messages dropped, 2 messages rate-limited,
                0 flushes, 0 overruns, xml disabled, filtering disabled)
    Console logging: level critical, 0 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: level debugging, 0 messages logged, xml disabled,
                     filtering disabled
    Buffer logging: level debugging, 26 messages logged, xml disabled,
                    filtering disabled
    Logging Exception size (4096 bytes)
    Count and timestamp logging messages: disabled

No active filter modules.

    Trap logging: level debugging, 30 message lines logged

Log Buffer (51200 bytes):

*Jan 12 09:49:54.127: SERVICE_MODULE(Serial0/0/0): self test finished: Passedsslinit fn

*Jan 12 09:49:58.647: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0  State changed to: Initialized
*Jan 12 09:49:58.651: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0  State changed to: Enabled
*Jan 12 09:49:59.151: %LINK-3-UPDOWN: Interface Serial0/0/0, changed state to down
*Jan 12 09:50:00.147: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/0/0, changed state to down
000007: *Jan 12 04:50:01.399 PCTime: %SYS-6-CLOCKUPDATE: System clock has been updated from 09:50:01 UTC Thu Jan 12 2012 to 04:50:01 PCTime Thu Jan 12 2012, configured from console by console.
000008: *Jan 12 04:50:01.403 PCTime: %SYS-6-CLOCKUPDATE: System clock has been updated from 04:50:01 PCTime Thu Jan 12 2012 to 04:50:01 PCTime Thu Jan 12 2012, configured from console by console.
000009: *Jan 12 04:50:02.871 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up
000010: *Jan 12 04:50:04.555 PCTime: %SYS-5-CONFIG_I: Configured from memory by console
000011: *Jan 12 04:50:04.747 PCTime: %FW-6-INIT: Firewall inspection startup completed; beginning operation.
000012: *Jan 12 04:50:04.843 PCTime: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
000013: *Jan 12 04:50:05.227 PCTime: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
000014: *Jan 12 04:50:05.351 PCTime: %SYS-5-RESTART: System restarted --
Cisco IOS Software, 1841 Software (C1841-ADVSECURITYK9-M), Version 12.4(3i), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Wed 28-Nov-07 18:48 by stshen
000015: *Jan 12 04:50:05.355 PCTime: %SNMP-5-COLDSTART: SNMP agent on host HQCR1841 is undergoing a cold start
000016: *Jan 12 04:50:05.375 PCTime: %SSH-5-ENABLED: SSH 1.99 has been enabled
000017: *Jan 12 04:50:05.523 PCTime: %SYS-6-BOOTTIME: Time taken to reboot after reload =   72 seconds
000018: *Jan 12 04:50:05.671 PCTime: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
000019: *Jan 12 04:50:05.871 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
000020: *Jan 12 04:50:06.283 PCTime: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
000021: *Jan 12 04:50:06.483 PCTime: %LINK-5-CHANGED: Interface Serial0/0/0, changed state to administratively down
000022: *Jan 12 04:50:08.271 PCTime: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
000023: *Jan 12 04:50:08.275 PCTime: %LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to up
000024: *Jan 12 04:50:13.939 PCTime: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/1 assigned DHCP address 10.1.10.10, mask 255.255.255.0, hostname HQCR1841

Purple

Looking for help reconfiguring 1841 router for internet access

Hi,

can you do this:

-clear access-list counters

then do your ping again and do sh access-list 101 and post output.

Regards.

Alain

Don't forget to rate helpful posts.
New Member

Looking for help reconfiguring 1841 router for internet access

At work at the moment, but will give it a shot once i get home at 6:00PM Eastern time, US.

New Member

Looking for help reconfiguring 1841 router for internet access

HQCR1841#clear access-list counters

HQCR1841#sh access-list 101
Extended IP access list 101
    10 permit udp any eq bootps any eq bootpc
    20 deny ip 10.10.10.0 0.0.0.255 any
    30 permit icmp any any echo-reply
    40 permit icmp any any time-exceeded
    50 permit icmp any any unreachable
    60 deny ip 10.0.0.0 0.255.255.255 any (10 matches)
    70 deny ip 172.16.0.0 0.15.255.255 any
    80 deny ip 192.168.0.0 0.0.255.255 any
    90 deny ip 127.0.0.0 0.255.255.255 any
    100 deny ip host 255.255.255.255 any
    110 deny ip any any

Purple

Looking for help reconfiguring 1841 router for internet access

Hi,

Try this:

no ip nat inside source list 1 interface FastEthernet0/0 overload

ip nat inside source list 1 interface FastEthernet0/1 overload

Regards.

Alain

Don't forget to rate helpful posts.
New Member

Looking for help reconfiguring 1841 router for internet access

I found a working cofiguration i had backed up a long time that i think locked me out of SDM access and Telnet, i think i what i am going to do is to take a look at the access list in notepad and remove anything that look it will remove the SDM and telnet access and just copy and paste the configuration into the router.

Everything i tried so far does not work :-(

Purple

Looking for help reconfiguring 1841 router for internet access

Hi,

I don't think it is the ACL I think this is the wrong interface in the NAT statement that is bugging you off, just console in and  do the change I suggested and it should be ok now with the CBAC stuff included.

Regards.

Alain

Don't forget to rate helpful posts.
New Member

Looking for help reconfiguring 1841 router for internet access

ok, so you think the overload is setup on the wrong interface?

I  will give it shot when i get home thins this evening and let you know.  i take it we are on different time schedule? what time is it there where you are?

Purple

Looking for help reconfiguring 1841 router for internet access

Hi,

I'm in Belgium and now it is 6:30 pm.

Regards.

Alain

Don't forget to rate helpful posts.
New Member

Looking for help reconfiguring 1841 router for internet access

when i try and remove the no overlaod option i am getting a notification that dynamic mapping is in use and asking if i want to remove it. i say no as i am not sure what it is doing and then it fail to accept the command. what exactly is dynamic mapping? and how will it affect things if i remove it?

New Member

Looking for help reconfiguring 1841 router for internet access

You are truly an expert cadet, doing what you recommended resolved the problem.

Try this:

no ip nat inside source list 1 interface FastEthernet0/0 overload

ip nat inside source list 1 interface FastEthernet0/1 overload

1292
Views
0
Helpful
16
Replies
CreatePlease to create content