Not able to browse websites or receive emails via my DSL router

bilalghayad · ‎12-03-2011

Dear All;

I am facing a problem that I can not browse the websites (or receive POP emails, but I can send emails) via the DSL router CISCO1941/K9, the DHCP is configured at the Switch (not on this router) and actually the PCs are able to do a ping for the hosts (like www.yahoo.com and so on) but they can not browse !!

Below is my DSL router configuration if u would to give a look, I am afraid if my NAT configuration missing any thing, or there is any thing is causing this problem?

Router#show running-config
Building configuration...

Current configuration : 3434 bytes
!
! Last configuration change at 19:26:41 UTC Sat Dec 3 2011 by bilal
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$lUFa$z11OWed9xoFltMy.BH3/Y.
!
aaa new-model
!
!
aaa authentication login AAA_VPN local
aaa authorization network AAA_VPN local
!
!
!
!
!
aaa session-id common
!
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group 1
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1941/K9 sn FGL151721GB
!
!
username bilal password 0 bilal@123
!
redundancy
!
!
!
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group RA_VPN
key bilal@123
dns 4.2.2.2
pool RA_VPN_POOL
acl CLIENT_TRAFFIC
netmask 255.255.255.0
!
!
crypto ipsec transform-set 3des-sha esp-3des esp-sha-hmac
!
crypto dynamic-map dynamap 10
set transform-set 3des-sha
reverse-route
!
!
crypto map RA_VPN_MAP client authentication list AAA_VPN
crypto map RA_VPN_MAP isakmp authorization list AAA_VPN
crypto map RA_VPN_MAP client configuration address initiate
crypto map RA_VPN_MAP client configuration address respond
crypto map RA_VPN_MAP 10 ipsec-isakmp dynamic dynamap
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
ip nat outside
no ip virtual-reassembly in
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
ip address 192.168.0.1 255.255.255.0
ip nat inside
no ip virtual-reassembly in
duplex auto
speed auto
!
interface Dialer1
mtu 1400
ip address negotiated
ip nat outside
no ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp chap hostname gam8738@orange-net
ppp chap password 0 87459
ppp pap sent-username gam8738@orange-net password 0 87459
ppp ipcp route default
crypto map RA_VPN_MAP
!
ip local pool RA_VPN_POOL 192.168.10.1 192.168.10.10
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source static udp 192.168.0.3 5060 interface Dialer1 5060
ip nat inside source list NAT_TRAFFIC interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 194.165.130.204
ip route 192.168.100.0 255.255.255.0 192.168.0.5
ip route 192.168.200.0 255.255.255.0 192.168.0.5
!
ip access-list extended CLIENT_TRAFFIC
permit ip 192.168.0.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.100.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.200.0 0.0.0.255 192.168.10.0 0.0.0.255
ip access-list extended NAT_TRAFFIC
deny   ip 192.168.0.0 0.0.0.255 192.168.10.0 0.0.0.255
deny   ip 192.168.100.0 0.0.0.255 192.168.10.0 0.0.0.255
deny   ip 192.168.200.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip 192.168.0.0 0.0.0.255 any
permit ip 192.168.100.0 0.0.0.255 any
permit ip 192.168.200.0 0.0.0.255 any
!
access-list 2 permit 192.168.0.0 0.0.0.255
access-list 2 permit 192.168.100.0 0.0.0.255
access-list 2 permit 192.168.200.0 0.0.0.255
access-list 101 permit icmp any any
access-list 199 permit ip any any
access-list 199 permit tcp any any
access-list 199 permit udp any any
!
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
password 123
transport input all
line vty 5 15
transport input all
!
scheduler allocate 20000 1000
end

Router#

Regards

Bilal

cadet alain · ‎12-03-2011

Hi,

if your hosts can ping external IPs it means that routing is correct and that NAT is correct.

For receiving mails you should add a static PAT entry like this:

ip nat inside static tcp x.x.x.x 110 interface Dialer 1 110 where x.x.x.x is your private IP.

Concerning browsing you should rather look for a firewall problem on host or a DNS problem.

Regards.

Alain

Don't forget to rate helpful posts.

bilalghayad · ‎12-03-2011

About the needed static PAT for receiving mails, this i do not think so ! Because the this should be normal from the outlook.

The same labtop, we are using it in the other internet and it is able to receive emails and able to browse the websites, so no firewall issue.

Also, in the network: actually no firewall issue.

DNS, I do not think there is a problem, because we are able to ping the host (ping www.yahoo.com).

So what else could be?

Regards

Bilal

cadet alain · ‎12-03-2011

Hi,

DNS, I do not think there is a problem, because we are able to ping the host (ping

www.yahoo.com)

Wasn't sure you had pinged by name

Also, in the network: actually no firewall issue.

I was talking about host firewall

Connectivity is ok as you can ping successfully so it means it is not a routing nor NAT problem

About the needed static PAT for receiving mails, this i do not think so ! Because the this should be normal from the outlook.

I don't understand what you mean ?

So this laptop is used on multiple networks ?

Regards.

Alain

Don't forget to rate helpful posts.

johnlloyd_13 · ‎12-03-2011

Hi Bilal,

Could you add the below and try again?

int g0/1

ip tcp adjust-mss 1452

int di1

ip mtu 1492

Sent from Cisco Technical Support iPhone App