Re: Unable to Access Internet on Cisco 1861

Vikrant Ambhore · ‎11-16-2010

Hello All Friends,

We have just finishe configuration on Cisco 1861 router, but i am unable to browse Internet even on router can any one suggest me.

where is issue from my configuration.

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Melbourne1861
!
boot-start-marker
boot system flash:c1861-advipservicesk9-mz.124-24.T1.bin
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$0LTn$1vf2bZ9T1gvFeE27f4CBt/
!
no aaa new-model
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
crypto pki trustpoint TP-self-signed-3141929497
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3141929497
 revocation-check none
 rsakeypair TP-self-signed-3141929497
!
!
crypto pki certificate chain TP-self-signed-3141929497
 certificate self-signed 01
  30820245 308201AE A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 33313431 39323934 3937301E 170D3130 31313137 30363139 
  30305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 31343139 
  32393439 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  81009161 905E1931 8CB69238 C04CB714 0E704639 267638DF 310455FE FB7E6162 
  24F4329C A3B3A084 51C8C2B1 D0DB78A4 264A9644 B8676B0E 09D83DA6 95411448 
  E92A7E96 317981BF E24835DF A9E81E41 99D3A34D 536DECCD 408BB1FC 5603BE9B 
  F8EF4AC7 E19F6A3F B15E7651 FC819066 3471722A 78E9629A 3A5C1A2B 41CDD1A4 
  B4790203 010001A3 6D306B30 0F060355 1D130101 FF040530 030101FF 30180603 
  551D1104 11300F82 0D4D656C 626F7572 6E653138 3631301F 0603551D 23041830 
  16801432 EBA72FEF 7657F918 D09B969E E3E5FD16 16D05A30 1D060355 1D0E0416 
  041432EB A72FEF76 57F918D0 9B969EE3 E5FD1616 D05A300D 06092A86 4886F70D 
  01010405 00038181 002B3550 0325259A B7ABC899 A0D81BB6 7EE70A33 7B3CE275 
  51303982 FE767ACC B9E193BC 743A8496 245F4417 48CC08FC A6E7547E 460890C5 
  7AF2B95E B3BE3234 39D9E782 C81C478C A051A56B B8C1F16D 14ECE8BF 01E6AF15 
  5D6E418E F7F549D7 27F0A905 9DC6571D 7E27700F BDE8ED84 7EC20D27 D5476ABB 
  E22CC486 C05C3A80 04
       quit
dot11 syslog
ip source-route
ip cef
!
!
ip dhcp relay information trust-all
ip dhcp excluded-address 192.168.8.1 192.168.8.10
ip dhcp excluded-address 10.10.10.1 10.10.10.10
!
ip dhcp pool LAN-POOL
   import all
   network 192.168.8.0 255.255.255.0
   default-router 192.168.8.1 
   dns-server 192.168.8.1 
   lease 0 2
!
ip dhcp pool phone
   import all
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1 
   option 150 ip 10.10.10.1 
!
!
no ip domain lookup
ip name-server 198.142.0.51
ip name-server 203.2.75.132
ip name-server 211.31.138.11
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
username admin privilege 15 password 7 04760A1E0622404F1E395D44465E
! 
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp policy 10
 encr aes 256
 hash md5
 authentication pre-share
 group 5
 lifetime 28800
!
!
crypto ipsec transform-set LAB-Transform esp-aes 256 esp-md5-hmac 
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac 
crypto ipsec transform-set ESP-3DES-SHA1 esp-3des esp-sha-hmac 
crypto ipsec transform-set ESP-3DES-SHA2 esp-3des esp-sha-hmac 
!
crypto ipsec client ezvpn AustraliaVPN
 connect auto
 group EZVPN_GROUP_1 key XXXXXXXXXXXXXX
 mode network-extension
 peer XXXXXXXXXXXXXX
 username XXXXXXXXXXXXXX password XXXXXXXXXXXXXX
 xauth userid mode local
!
archive
 log config
  hidekeys
!
!
ip tftp source-interface Loopback0
bridge irb
!
!
!
!
interface Loopback0
 ip address 10.1.20.2 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 shutdown
!
interface Tunnel2
 no ip address
!
interface FastEthernet0/0
 description outside
 no ip address
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 pppoe enable group global
!
interface FastEthernet0/0.50
 encapsulation dot1Q 1 native
 bridge-group 2
 bridge-group 2 subscriber-loop-control
 bridge-group 2 spanning-disabled
!
interface FastEthernet0/0.100
 encapsulation dot1Q 100
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
!
interface FastEthernet0/1/0
 switchport voice vlan 100
 macro description cisco-phone
!
interface FastEthernet0/1/1
 switchport voice vlan 100
 macro description cisco-phone
!
interface FastEthernet0/1/2
 switchport voice vlan 100
 macro description cisco-phone
!
interface FastEthernet0/1/3
 switchport voice vlan 100
 macro description cisco-phone
!
interface FastEthernet0/1/4
 switchport voice vlan 100
 macro description cisco-phone
!
interface FastEthernet0/1/5
 switchport voice vlan 100
 macro description cisco-phone
!
interface FastEthernet0/1/6
 switchport voice vlan 100
 macro description cisco-phone
!
interface FastEthernet0/1/7
 switchport voice vlan 100
 macro description cisco-phone
!
interface FastEthernet0/1/8
 switchport mode trunk
 macro description cisco-switch
!
interface Vlan1
 no ip address
 ip virtual-reassembly
 bridge-group 2
 bridge-group 2 spanning-disabled
!
interface Vlan100
 no ip address
 ip virtual-reassembly
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface Dialer1
 mtu 1492
 ip address negotiated
 ip flow ingress
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 ppp authentication pap callin
 ppp chap refuse
 ppp pap sent-username XXXXXXXXXXXXXX password 7 XXXXXXXXXXXXXX
 crypto ipsec client ezvpn AustraliaVPN
!
interface BVI1
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 crypto ipsec client ezvpn AustraliaVPN inside
!
interface BVI2
 ip address 192.168.8.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 0.0.0.0 0.0.0.0 198.142.129.45
ip route 192.168.8.0 255.255.255.0 Dialer1
ip http server
ip http authentication local
ip http secure-server
ip http path flash:
!
!
ip dns server
ip nat inside source list ToNAT interface Dialer1 overload
!
ip access-list extended ToNAT
 permit ip 192.168.8.0 0.0.0.255 any
ip access-list extended acl_vpn
 permit ip 192.168.8.0 0.0.0.255 192.168.2.0 0.0.0.255
 permit ip 192.168.8.0 0.0.0.255 192.168.4.0 0.0.0.255
!
access-list 40 permit 192.168.2.0 0.0.0.255
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 100 remark SDM_ACL Category=4
access-list 100 permit icmp 192.168.2.0 0.0.0.255 any
access-list 100 remark SDM_ACL Category=4
access-list 101 permit icmp 192.168.2.0 0.0.0.255 any
access-list 101 remark IPSec Rule
access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
access-list 103 remark IPSec Rule
access-list 103 permit ip 192.168.8.0 0.0.1.255 XXXXXXXXXXXXXX 0.0.0.63
access-list 104 remark SDM_ACL Category=4
access-list 104 permit gre host 192.168.8.1 host XXXXXXXXXXXXXX
dialer-list 1 protocol ip permit
!
!
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
!
!
voice-port 0/0/0
!
voice-port 0/0/1
!
voice-port 0/0/2
!
voice-port 0/0/3
!
voice-port 0/1/0
!
voice-port 0/1/1
!
voice-port 0/1/2
!
voice-port 0/1/3
!
voice-port 0/4/0
 auto-cut-through
 signal immediate
 input gain auto-control
 description Music On Hold Port
!
!
mgcp fax t38 ecm
mgcp behavior g729-variants static-pt
!
!
!
dial-peer voice 2000 voip
 description ** cue voicemail pilot number **
 destination-pattern 600
 session protocol sipv2
 session target ipv4:10.1.20.1
 dtmf-relay sip-notify
 codec g711ulaw
 no vad
!
!
!
!
telephony-service
 max-ephones 12
 max-dn 30
 ip source-address 10.10.10.1 port 2000
 url services http://10.1.20.1/voiceview/common/login.do 
 url authentication http://10.1.20.1/voiceview/authentication/authenticate.do  
 cnf-file location flash:
 user-locale U2 EN
 load 7931 SCCP31.8-2-2SR2S
 time-zone 44
 date-format dd-mm-yy
 voicemail 600
 max-conferences 8 gain -6
 call-forward pattern .T
 call-forward system redirecting-expanded
 moh music-on-hold.au
 web admin system name Cisco secret 5 $1$ADGZ$fFl/4TrRvoFSKwOOzWV7a1
 dn-webedit 
 transfer-system full-consult
 transfer-pattern .T
 transfer-pattern 0.T
 secondary-dialtone 0
 create cnf-files version-stamp Jan 01 2002 00:00:00
!
!
line con 0
 exec-timeout 0 0
 password 7 04760A1E0622404F1E395D44465E
 login
 no modem enable
line aux 0
 password 7 143A13130507262A33086B667646
 login local
line vty 0 4
 password 7 04760A1E0622404F1E395D44465E
 login local
line vty 5 15
 password 7 04760A1E0622404F1E395D44465E
 login local
!
end

Richard Burts · ‎11-17-2010

There are several things in the config that I question, such as why are there 2 static default routes?

ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 0.0.0.0 0.0.0.0 198.142.129.45

and where does 198.142.129.45 come from?

But I believe that the biggest issue is that you are translating traffic only for network 192.168.8.0. So traffic from any other network/subnet is being forwarded with its private address as the source address.

HTH

Rick

HTH

Rick

Vikrant Ambhore · ‎11-17-2010

Hello Richard Burts,

Then what should i do now, you think I should put no ip route 0.0.0.0 0.0.0.0 198.142.129.45, i am not familier i thought it's gateway of MY ISP so that's why i have done this

Can you suggest me what should i do now ?

Richard Burts · ‎11-18-2010

Are you saying that 198.142.129.45 is the provider address for the connection on dialer1 (is in the same subnet as the address that gets negotiated for dialer1)? If so then both static routes are doing the same thing. I suggest that you use one or the other. Perhaps the output of show ip route would be helpful in understanding the issue.

HTH

Rick

HTH

Rick

Vikrant Ambhore · ‎11-18-2010

Hello Rick

Thanks for your reply, I have done configuration on Linksay's modem, I have configured device in Bridge mode & LLC encapsulation, but not getting internet through Cisco 1861...

ISP<---> Linksys (192.168.1.1) <---> Cisco 1861 (Dynamic WAN IP from ISP), LAN 192.168.8.1, MASK 255.255.255.0) <---> workstations (192,168.8.2-192.168.8.254, MASK 255.255.255.0, Gateway 192.168.8.1)

Can you suggest me what need to be done for same ?

Regards

Vikrant

Vikrant Ambhore · ‎11-19-2010

Hello

I used below thing but same issue yet
ip nat inside source list 1 interface Fa0/0 overload
access-list 1 permit any
I found Dialer interface not get ip address From ISP, I am not sure Linksys modem able to provide Internet or not, I configured Linksys in Bridge mode .

Melbourne1861#sh ip int brief
Interface                  IP-Address      OK? Method Status                Prot
ocol
FastEthernet0/0            unassigned      YES NVRAM  up                    down

FastEthernet0/0.50         unassigned      YES unset  up                    down

FastEthernet0/0.100        unassigned      YES unset  up                    down

FastEthernet0/1/0          unassigned      YES unset  up                    down

FastEthernet0/1/1          unassigned      YES unset  up                    down

FastEthernet0/1/2          unassigned      YES unset  up                    down

FastEthernet0/1/3          unassigned      YES unset  up                    down

FastEthernet0/1/4          unassigned      YES unset  down                  down

FastEthernet0/1/5          unassigned      YES unset  up                    up

FastEthernet0/1/6          unassigned      YES unset  up                    down

Vlan1                      unassigned      YES NVRAM  up                    up

Vlan100                    unassigned      YES NVRAM  up                    up

NVI0                       10.1.20.2       YES unset  up                    up

BVI1                       10.10.10.1      YES NVRAM  up                    up

Virtual-Access1            unassigned      YES unset  up                    up

BVI2                       192.168.8.1     YES NVRAM  up                    up

Dialer1                    unassigned      YES NVRAM  up                    up

Loopback0                  10.1.20.2       YES NVRAM  administratively down down

Tunnel2                    unassigned      YES NVRAM  up                    dow
FastEthernet0/1/7          unassigned      YES unset  up

Richard Burts · ‎11-22-2010

Vikrant

The additional information here should be useful.

- if the Dialer interface is not being assigned an IP address then this prevents any access to Internet.

- the output of show ip interface brief shows that FastEthernet0/0 (where pppoe is configured) is status up/down. this status would prevent negotiation and assignment of address to the interface.

- the configuration shows that you are configuring interface FastEthernet0/0 as a trunking interface. Would the Linksys in bridging mode support trunking?

HTH

Rick

HTH

Rick

Vikrant Ambhore · ‎11-23-2010

Hello Rick,

I am getting so difficulties to find anything for fix this issue, Seems my ISP is using PPPoE
http://help.optuszoo.com.au/help/dsl/connected/windows/modemwvista/speedstream_eth#pc_settings

And I think Linksys can't be used in bridge mode with PPPoE Connection.
http://www6.nohold.net/Cisco2/ukp.aspx?pid=80&login=1&app=search&vw=1&articleid=17348&donelr=1

Regards

Vikrant

Richard Burts · ‎11-23-2010

Vikrant

This is a significant issue to resolve and I do not know enough about your environment to give you good advice. Is it possible that you could connect your router directly to the provider device and do pppoe on the router?

HTH

Rick

HTH

Rick

Vikrant Ambhore · ‎11-23-2010

Yes Rick,

It is possible

Vikrant Ambhore · ‎11-29-2010

Still Having same issue

Melbourne1861#ping ip X.X.X.X source fastEthernet 0/0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos toX.X.X.X timeout is 2 seconds:
Packet sent with a source address of 192.168.1.2
.....
Success rate is 0 percent (0/5)

cadet alain · ‎11-30-2010

Can you do :

conf t

service timestamp log datetime

service timestamp debug datetime

logging buffered 20000

logging buffered debugging

access-list 101 permit icmp any any

then

clear log

debug ip packet 101 in privileged mode

can you post the output when you do ping x.x.x.x rep 1 no need to specify source f0/0 this will be the default.

Regards.

Don't forget to rate helpful posts.

Vikrant Ambhore · ‎11-30-2010

Hello mate,

Can you lease look on output & give me suggestion

Melbourne1861#ping ip 192.168.1.254 source fa0/0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.254, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.2

*Dec 1 03:42:37: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, sending
*Dec 1 03:42:37: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, output feature, CCE Output Classification(5), rtype 1, forus FALSE, sen
dself FALSE, mtu 0, fwdchk FALSE
*Dec 1 03:42:37: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, output feature, Post-routing NAT Outside(17), rtype 1, forus FALSE, sen
dself FALSE, mtu 0, fwdchk FALSE
*Dec 1 03:42:37: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, output feature, Stateful Inspection(20), rtype 1, forus FALSE, sendself
FALSE, mtu 0, fwdchk FALSE
*Dec 1 03:42:37: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, output feature, Post-Ingress-NetFlow(52), rtype 1, forus FALSE, sendsel
f FALSE, mtu 0, fwdchk FALSE
*Dec 1 03:42:37: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, encapsulation failed.
*Dec 1 03:42:39: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, sending
*Dec 1 03:42:39: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, output feature, CCE Output Classification(5), rtype 1, forus FALSE, sen
dself FALSE, mtu 0, fwdchk FALSE
*Dec 1 03:42:39: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, output feature, Post-routing NAT Outside(17), rtype 1, forus FALSE, sen
dself FALSE, mtu 0, fwdchk FALSE
*Dec 1 03:42:39: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, output feature, Stateful Inspection(20), rtype 1, forus FALSE, sendself
FALSE, mtu 0, fwdchk FALSE
*Dec 1 03:42:39: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, output feature, Post-Ingress-NetFlow(52), rtype 1, forus FALSE, sendsel
f FALSE, mtu 0, fwdchk FALSE
*Dec 1 03:42:39: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, encapsulation failed.
*Dec 1 03:42:41: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, sending
*Dec 1 03:42:41: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, output feature, CCE Output Classification(5), rtype 1, forus FALSE, sen
dself FALSE, mtu 0, fwdchk FALSE
*Dec 1 03:42:41: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, output feature, Post-routing NAT Outside(17), rtype 1, forus FALSE, sen
dself FALSE, mtu 0, fwdchk FALSE
*Dec 1 03:42:41: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, output feature, Stateful Inspection(20), rtype 1, forus FALSE, sendself
FALSE, mtu 0, fwdchk FALSE
*Dec 1 03:42:41: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, output feature, Post-Ingress-NetFlow(52), rtype 1, forus FALSE, sendsel
f FALSE, mtu 0, fwdchk FALSE
*Dec 1 03:42:41: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, encapsulation failed.
*Dec 1 03:42:43: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, sending
*Dec 1 03:42:43: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, output feature, CCE Output Classification(5), rtype 1, forus FALSE, sen
dself FALSE, mtu 0, fwdchk FALSE
*Dec 1 03:42:43: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, output feature, Post-routing NAT Outside(17), rtype 1, forus FALSE, sen
dself FALSE, mtu 0, fwdchk FALSE
*Dec 1 03:42:43: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, output feature, Stateful Inspection(20), rtype 1, forus FALSE, sendself
FALSE, mtu 0, fwdchk FALSE
*Dec 1 03:42:43: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, output feature, Post-Ingress-NetFlow(52), rtype 1, forus FALSE, sendsel
f FALSE, mtu 0, fwdchk FALSE
*Dec 1 03:42:43: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, encapsulation failed.
*Dec 1 03:42:45: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, sending
*Dec 1 03:42:45: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, output feature, CCE Output Classification(5), rtype 1, forus FALSE, sen
dself FALSE, mtu 0, fwdchk FALSE
*Dec 1 03:42:45: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, output feature, Post-routing NAT Outside(17), rtype 1, forus FALSE, sen
dself FALSE, mtu 0, fwdchk FALSE
*Dec 1 03:42:45: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, output feature, Stateful Inspection(20), rtype 1, forus FALSE, sendself
FALSE, mtu 0, fwdchk FALSE
*Dec 1 03:42:45: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, output feature, Post-Ingress-NetFlow(52), rtype 1, forus FALSE, sendsel
f FALSE, mtu 0, fwdchk FALSE
*Dec 1 03:42:45: IP: s=192.168.1.2 (local), d=192.168.1.254 (FastEthernet0/0),
len 100, encapsulation failed.
Success rate i