Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

after IOS upgrade internal machines can not get to the internet

Hi,

I upgrade the IOS on my cisco 837 router to use the IDS function and after completing machines from the inside can not go to the internet. from the router I can ping out to the internet. can anyone see anything in this config that would be preventing it working?

thanks

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec show-timezone

service timestamps log datetime msec show-timezone

service password-encryption

!

hostname router

!

boot-start-marker

boot system flash c837-k9o3sy6-mz.124-17.bin

boot-end-marker

!

logging buffered 16000 debugging

enable secret xxxxxxxxxx

!

no aaa new-model

clock timezone GMT 0

clock summer-time GMT recurring last Sun Mar 1:00 last Sun Oct 1:00

ip source-route

no ip gratuitous-arps

!

!

!

!

ip cef

no ip domain lookup

ip name-server 159.134.248.17

no ip bootp server

ip inspect max-incomplete low 10

ip inspect max-incomplete high 20

ip inspect one-minute low 10

ip inspect one-minute high 20

ip inspect udp idle-time 15

ip inspect tcp idle-time 1800

ip inspect tcp finwait-time 1

ip inspect tcp synwait-time 10

ip inspect name MYFW udp alert on audit-trail on

ip inspect name MYFW tcp alert on audit-trail on

vpdn enable

!

!

!

username user password xxxxxxxxx

!

!

ip ssh time-out 60

ip ssh authentication-retries 2

!

!

!

!

interface Ethernet0

ip address x.x.x.x(public address) 255.255.255.248

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

ip tcp adjust-mss 1452

no cdp enable

hold-queue 100 out

!

interface Ethernet2

no ip address

shutdown

hold-queue 100 out

!

interface ATM0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

atm vc-per-vp 64

no atm ilmi-keepalive

dsl operating-mode auto

hold-queue 224 in

pvc 8/35

encapsulation aal5snap

pppoe-client dial-pool-number 1 dial-on-demand

!

!

interface FastEthernet1

duplex auto

speed auto

!

interface FastEthernet2

duplex auto

speed auto

!

interface FastEthernet3

duplex auto

speed auto

!

interface FastEthernet4

duplex auto

speed auto

!

interface Dialer0

no ip address

no cdp enable

!

interface Dialer1

ip address negotiated

no ip redirects

no ip unreachables

no ip proxy-arp

ip mtu 1492

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

dialer idle-timeout 14400

dialer-group 1

no cdp enable

ppp authentication chap callin

ppp chap hostname user

ppp chap password password

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer1

!

no ip http server

no ip http secure-server

!

!

!

ip access-list extended INTERNET-IN

deny ip any any log

access-list 100 permit ip any any

access-list 100 permit tcp host 1.2.3.4 any log

access-list 100 deny ip any any log

dialer-list 1 protocol ip permit

no cdp run

!

!

!

control-plane

!

line con 0

exec-timeout 0 0

login local

no modem enable

transport preferred none

transport output none

stopbits 1

line aux 0

login local

no exec

transport preferred none

transport output none

line vty 0 4

access-class TELNET in

exec-timeout 0 0

login local

length 0

transport preferred none

transport input telnet

transport output none

!

scheduler max-task-time 5000

end

2 REPLIES

Re: after IOS upgrade internal machines can not get to the inter

hi

can you do a trace and find out where the packets are getting dropped ?

can you also do a extended ping with source ip address as your ethernet ip ?

do try tracing from router as well as from pc.

from router with extended trace with source ip address as your ethernet ip.

regds

New Member

Re: after IOS upgrade internal machines can not get to the inter

Hi,

the packets are being dropped on the ethernet interface on the router which connects to the inside hosts.

I can not ping the IP on that interface.

everything was working fine until I performed the upgrade.

94
Views
0
Helpful
2
Replies
CreatePlease to create content