Announcement

Collapse
No announcement yet.

Problem with getting on Internet on Cisco 857

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem with getting on Internet on Cisco 857

    Dear All,

    I am fairly new to Cisco routers and wonder if anyone can help.

    I have configured my Cisco 857 as shown below, but cannot get on the Internet using browser. Can anyone see where I am going wrong.

    I am confident that the router has successfully connected to the internet, just the browser access to internet giving me nothing.

    Config File:


    Building configuration...

    Current configuration : 3723 bytes
    !
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname Router02
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200 warnings
    !
    no aaa new-model
    !
    resource policy
    !
    clock timezone PCTime 0
    clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
    no ip dhcp use vrf connected
    ip dhcp excluded-address 192.168.1.1
    !
    ip dhcp pool sdm-pool
    import all
    network 192.168.1.0 255.255.255.0
    default-router 192.168.1.1
    dns-server 195.112.4.14 195.112.4.7
    lease 0 2
    !
    !
    ip cef
    ip inspect name DEFAULT100 cuseeme
    ip inspect name DEFAULT100 ftp
    ip inspect name DEFAULT100 h323
    ip inspect name DEFAULT100 icmp
    ip inspect name DEFAULT100 rcmd
    ip inspect name DEFAULT100 realaudio
    ip inspect name DEFAULT100 rtsp
    ip inspect name DEFAULT100 esmtp
    ip inspect name DEFAULT100 sqlnet
    ip inspect name DEFAULT100 streamworks
    ip inspect name DEFAULT100 tftp
    ip inspect name DEFAULT100 tcp
    ip inspect name DEFAULT100 udp
    ip inspect name DEFAULT100 vdolive
    ip domain name yourdomain.com
    ip name-server 195.112.4.14
    ip name-server 195.112.4.7
    !
    !
    crypto pki trustpoint TP-self-signed-444329445
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-444329445
    revocation-check none
    rsakeypair TP-self-signed-444329445
    !
    !
    username cisco1 privilege 15 secret 5 $1$iNCJ$dcdH/DLEgzESPftY2cuf21
    !
    !
    !
    !
    !
    interface ATM0
    no ip address
    no shutdown
    no atm ilmi-keepalive
    dsl operating-mode auto
    !
    interface ATM0.1 point-to-point
    description $ES_WAN$
    no snmp trap link-status
    pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
    ip address 192.168.1.1 255.255.255.0
    ip access-group 100 in
    ip nat inside
    ip virtual-reassembly
    ip tcp adjust-mss 1452
    !
    interface Dialer0
    description $FW_OUTSIDE$
    ip address negotiated
    ip access-group 101 in
    ip inspect DEFAULT100 out
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication chap callin
    ppp chap hostname [email protected]
    ppp chap password 0 xxxxxxx
    !
    ip route 0.0.0.0 0.0.0.0 Dialer0
    !
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source list 102 interface Dialer0 overload
    !
    access-list 100 remark auto generated by Cisco SDM Express firewall configuration
    access-list 100 remark SDM_ACL Category=1
    access-list 100 deny ip host 255.255.255.255 any
    access-list 100 deny ip 127.0.0.0 0.255.255.255 any
    access-list 100 permit ip any any
    access-list 101 permit udp any eq bootps any eq bootpc
    access-list 101 permit icmp any any echo-reply
    access-list 101 permit icmp any any time-exceeded
    access-list 101 permit icmp any any unreachable
    access-list 101 permit tcp host 195.149.28.178 any eq telnet
    access-list 101 deny ip 10.0.0.0 0.255.255.255 any
    access-list 101 deny ip 172.16.0.0 0.15.255.255 any
    access-list 101 deny ip 192.168.0.0 0.0.255.255 any
    access-list 101 deny ip 127.0.0.0 0.255.255.255 any
    access-list 101 deny ip host 255.255.255.255 any
    access-list 101 deny ip any any
    access-list 102 remark SDM_ACL Category=2
    access-list 102 permit ip 192.168.0.0 0.0.0.255 any
    dialer-list 1 protocol ip permit
    no cdp run
    !
    control-plane
    !
    !
    line con 0
    login local
    no modem enable
    line aux 0
    line vty 0 4
    access-class 23 in
    privilege level 15
    login local
    transport input telnet



    Help!
    Martin

  • #2
    Re: Problem with getting on Internet on Cisco 857

    I think the deny statements in your ACL are backward. Take a look here for a graphical representation of an ACL:

    http://i.cmpnet.com/nc/907/graphics/access.pdf

    Comment


    • #3
      Re: Problem with getting on Internet on Cisco 857

      Many thanks for getting back so quickly. I thought these looked okay. That being said I have now removed all ACL DENY statements to quickly see if they are causing the problem, but still no joy.

      Config file now as follows:


      Building configuration...

      Current configuration : 3723 bytes
      !
      version 12.4
      no service pad
      service timestamps debug datetime msec
      service timestamps log datetime msec
      no service password-encryption
      !
      hostname Router02
      !
      boot-start-marker
      boot-end-marker
      !
      logging buffered 51200 warnings
      !
      no aaa new-model
      !
      resource policy
      !
      clock timezone PCTime 0
      clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
      no ip dhcp use vrf connected
      ip dhcp excluded-address 192.168.1.1
      !
      ip dhcp pool sdm-pool
      import all
      network 192.168.1.0 255.255.255.0
      default-router 192.168.1.1
      dns-server 195.112.4.14 195.112.4.7
      lease 0 2
      !
      !
      ip cef
      ip inspect name DEFAULT100 cuseeme
      ip inspect name DEFAULT100 ftp
      ip inspect name DEFAULT100 h323
      ip inspect name DEFAULT100 icmp
      ip inspect name DEFAULT100 rcmd
      ip inspect name DEFAULT100 realaudio
      ip inspect name DEFAULT100 rtsp
      ip inspect name DEFAULT100 esmtp
      ip inspect name DEFAULT100 sqlnet
      ip inspect name DEFAULT100 streamworks
      ip inspect name DEFAULT100 tftp
      ip inspect name DEFAULT100 tcp
      ip inspect name DEFAULT100 udp
      ip inspect name DEFAULT100 vdolive
      ip domain name yourdomain.com
      ip name-server 195.112.4.14
      ip name-server 195.112.4.7
      !
      !
      crypto pki trustpoint TP-self-signed-444329445
      enrollment selfsigned
      subject-name cn=IOS-Self-Signed-Certificate-444329445
      revocation-check none
      rsakeypair TP-self-signed-444329445
      !
      !
      username cisco1 privilege 15 secret 5 $1$iNCJ$dcdH/DLEgzESPftY2cuf21
      !
      !
      !
      !
      !
      interface ATM0
      no ip address
      no shutdown
      no atm ilmi-keepalive
      dsl operating-mode auto
      !
      interface ATM0.1 point-to-point
      description $ES_WAN$
      no snmp trap link-status
      pvc 0/38
      encapsulation aal5mux ppp dialer
      dialer pool-member 1
      !
      !
      interface FastEthernet0
      !
      interface FastEthernet1
      !
      interface FastEthernet2
      !
      interface FastEthernet3
      !
      interface Vlan1
      description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
      ip address 192.168.1.1 255.255.255.0
      ip access-group 100 in
      ip nat inside
      ip virtual-reassembly
      ip tcp adjust-mss 1452
      !
      interface Dialer0
      description $FW_OUTSIDE$
      ip address negotiated
      ip access-group 101 in
      ip inspect DEFAULT100 out
      ip nat outside
      ip virtual-reassembly
      encapsulation ppp
      dialer pool 1
      dialer-group 1
      no cdp enable
      ppp authentication chap callin
      ppp chap hostname [email protected]
      ppp chap password 0 xxxxxxx
      !
      ip route 0.0.0.0 0.0.0.0 Dialer0
      !
      ip http server
      ip http access-class 23
      ip http authentication local
      ip http secure-server
      ip http timeout-policy idle 60 life 86400 requests 10000
      ip nat inside source list 102 interface Dialer0 overload
      !
      access-list 100 remark auto generated by Cisco SDM Express firewall configuration
      access-list 100 remark SDM_ACL Category=1

      access-list 100 permit ip any any
      access-list 101 permit udp any eq bootps any eq bootpc
      access-list 101 permit icmp any any echo-reply
      access-list 101 permit icmp any any time-exceeded
      access-list 101 permit icmp any any unreachable
      access-list 101 permit tcp host 195.149.28.178 any eq telnet

      access-list 102 remark SDM_ACL Category=2
      access-list 102 permit ip 192.168.0.0 0.0.0.255 any
      dialer-list 1 protocol ip permit
      no cdp run
      !
      control-plane
      !
      !
      line con 0
      login local
      no modem enable
      line aux 0
      line vty 0 4
      access-class 23 in
      privilege level 15
      login local
      transport input telnet



      Any further help would be much appreciated.
      Thanks,
      Martin

      Comment


      • #4
        Re: Problem with getting on Internet on Cisco 857

        I don't see any NAT statements (missed that before). What is NAT'ing your public ip(s) to your private ip(s)?

        Comment


        • #5
          Re: Problem with getting on Internet on Cisco 857

          Hi,

          Do these lines not provide NAT ?


          ip nat inside source list 102 interface Dialer0 overload

          access-list 102 remark SDM_ACL Category=2
          access-list 102 permit ip 192.168.0.0 0.0.0.255 any



          Regards,
          Martin

          Comment


          • #6
            Re: Problem with getting on Internet on Cisco 857

            Any ideas anyone ?

            Martin

            Comment


            • #7
              Re: Problem with getting on Internet on Cisco 857

              You said "...cannot get on the Internet using browser" What does it mean? You are not able to brows http://www.yahoo.com from your internal network. Aren't you?
              Did you try to ping an Internet host using its fqdn (www.yahoo.com) and its ip (87.248.113.14) from the router and from the LAN ? Which one was successfully? If none of them, try
              to trace the same Internet host
              (Run tracert 87.248.113.14 on Windows machine)
              Regards,
              Csaba Papp
              MCSA+messaging, MCSE, CCNA
              ...............................
              Remember to give credit where credit is due and leave reputation points where appropriate
              .................................

              Comment

              Working...
              X