cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
23268
Views
13
Helpful
17
Replies

Can ping Internet but can't browse it

Hello

I'm experiencing problems with a Cisco 887M router. I have configured the same way I've done fozens of times but the users can't browse the internet. Everybody can ping public IP addresses, every user resolves URL but no one can't browse any website. The only time I found n issue like that I disabled the DNS forwarding under IP dns view default and it worked fine (it was on a UC500). Now I've done the same but the users can't browse the Internet. Any idea?

Thank you in advance for your help

DANi

17 Replies 17

smehrnia
Level 7
Level 7

Hi Daniel,

connection and dns wise, there must be no problem, it should be something blocking ur TCP/UDP ports, double check that. see if you can telnet over internet.

HTH,


Soroush.

Hope it Helps!

Soroush.

Hi Dan,

I think ur are not able to browse due as ur IPs are not able to resolve the DNS please follow below steps,

1)Connect the ISP link directly to single PC and configure the IP details provided by ISP.

2)Check if u are able to ping the gateway of ISP and browse

3)Change the DNS ip address (use public DNS for testing

  • 8.8.8.8
  • 8.8.4.4

  • 4.2.2.1
  • 4.2.2.2

4)IIf not resolved check the default route is pointed to proper IP

5)If not then co-ordinate with ISP for same might be their end issue.

Hi,

the tests I've done froma PC on the customer network:

- ping 8.8.8.8 , OK

- ping www.google.es and other url. Always resolves the URL into a public IP and the pings response

- repeat the tests with a LAN fixed IP address or DHCP. Same results

- change DNS: 8.8.8..8 or ISP provided or even others. Same results

- obviously I can ping the default-gateway.

- I can start PPTP sessions to hosts on the outside with no problem and access remote servers via VPN

and the best one:

- I'm not on customer's site right now but I have remote Telnet to the router and teamviewer access to a PC that can't browse the Internet!!

What am i missing?

DAni

The current config:

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname rtr1

!

boot-start-marker

boot-end-marker

!

!

!

no aaa new-model

memory-size iomem 10

clock timezone CET 1 0

clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00

crypto pki token default removal timeout 0

!

!

ip source-route

!

!

!

ip dhcp excluded-address 192.168.5.0 192.168.5.99

!

ip dhcp pool DATOS

   network 192.168.5.0 255.255.255.0

   default-router 192.168.5.1

   dns-server 8.8.8.8

!

!

ip cef

no ip domain lookup

no ipv6 cef

!

!

license udi pid CISCO887M-K9 sn xxxxx

!

!

archive

log config

  hidekeys

username xxxxx privilege 15 secret 5 x

!

!

!

!

!

!

!

!

!

!

!

interface BRI0

no ip address

encapsulation hdlc

shutdown

isdn termination multidrop

!

interface ATM0

no ip address

shutdown

no atm ilmi-keepalive

!

interface FastEthernet0

spanning-tree portfast

!

interface FastEthernet1

spanning-tree portfast

!

interface FastEthernet2

spanning-tree portfast

!

interface FastEthernet3

switchport access vlan 2

spanning-tree portfast

!

interface Vlan1

ip address 192.168.5.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

!

interface Vlan2

no ip address

pppoe-client dial-pool-number 1

!

interface Dialer0

mtu 1492

ip address negotiated

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

fair-queue

ppp authentication chap pap callin

ppp chap hostname adslppp@telefonicanetpa

ppp chap password 7 13041301071C143A

ppp pap sent-username

adslppp@telefonicanetpa password 7 1416161800143A3B

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

ip nat inside source route-map NAT interface Dialer0 overload

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip access-list extended NAT

permit ip 192.168.5.0 0.0.0.255 any

!

logging esm config

!

!

!

!

route-map NAT permit 10

match ip address NAT

!

Hi Daniel

Can you change DNS to 4.4.2.2  and test.

what is the default gateway for the user  and what IP address they get 

paste the ouput of the following

show ip int brief

show ip nat translation

Its really strange that u have team viewer access but no browsing

What is the public wan ip as i dont see any in config and to which interface is it connected ?

Daniel,

If you can ping by name, DNS works fine. If you can ping a public address from your private hosts, natting is working fine. Is there any other equipment between a host and the router like a firewall or in front of the router that could be blocking it?

John

HTH, John *** Please rate all useful posts ***

I have tried with DNS 4.4.2.2 but we are unable to resolve URLs.

The IP addess the customer get is one from the pool 192.168.5.100 to 192.168.5.254 but now we are trying with 192.168.5.50, as you can see on the ip nat translations:

Daniel,

Couple of suggestion...

1. Try removing virtual reassembly command on both LAN and WAN interface and check.

2. Remove manual set MTU size from Dialer as it will be default to 1492 for PPP anyways. Alternatively you can try set it to 1500 and check if it works.

3. Can you do extendend traceroute to google.com with source port of 80 ( keep debug ip packets on) and share the results.

4. Repeat the above step, but this time with debug ip icmp on.

5. show ip nat translation

Regards,

Sukanya

I have the same problem. I can ping from inside the router any site i.e www.yahoo.com. I can ping from the client side by domain name or by IP but I cannot browse. There is no any device in between like firewall and all PC's are connected directly to the switch including the 887 Router.

Router#sh run

Building configuration...

Current configuration : 1577 bytes

!

! Last configuration change at 15:35:29 UTC Mon Jul 2 2012

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

enable secret 4 HrS.bFmfxShOxxsSI7lS/jQKCkRk1Fbc45HNxy8A1KE

!

no aaa new-model

memory-size iomem 10

crypto pki token default removal timeout 0

!

!

ip source-route

ip cef

no ipv6 cef

!

license udi pid CISCO887VA-K9 sn FCZ162090XZ

!

controller VDSL 0

!

interface Ethernet0

no ip address

shutdown

no fair-queue

!

interface ATM0

no ip address

no atm ilmi-keepalive

pvc 0/35

  pppoe-client dial-pool-number 1

!

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface Vlan1

ip address 192.168.115.3 255.255.255.0

ip nat inside

no ip virtual-reassembly in <-----orignally enabled

!

interface Dialer0

ip address negotiated

ip nat outside

no ip virtual-reassembly in <-----originally enabled

encapsulation ppp

dialer pool 1

ppp authentication chap callin

ppp chap hostname user

ppp chap password pass

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

ip nat inside source list NAT-ACL interface Dialer0 overload

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip access-list extended NAT-ACL 

permit ip 192.168.115.0 0.0.0.255 any

!

access-list 1 permit 192.168.115.0 0.0.0.255

!

line con 0

line aux 0

line vty 0 4

password ..........

login

transport input all

!

end

Router#

I even tried different access-list like access-list 1 permit any but still not working. I have spent too much time pulling my hair and banging my head but I cant solve it. I hope somebody out there can solve solve my problem.

hi,

kindly insert these lines under your LAN and WAN interfaces and try again:

int vl1

ip tcp adjust-mss 1452

int d0

ip mtu 1492

Thomas Torggler
Level 1
Level 1

hi daniel, did you check the clients proxy settings? can you telnet to a server on the internet on port 80?

My problem was solved. I inserted this line ip tcp adjust-mss 1452 under interface vlan 1

interface Vlan1

ip address 192.168.115.3 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

many thanks.

glad it's now working for you. please rate useful posts and mark as resolved. thanks!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco