Announcement

Collapse
No announcement yet.

1811 cannot connect to internet

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • 1811 cannot connect to internet

    I'm having trouble connecting my router to the internet of my ISP. I have an 1811 behind another cisco which the ISP provided but won't let me touch. I went through the SDM and don't see where to put the WAN gateway. my config is as follows:

    !This is the running config of the router: 10.10.10.1
    !----------------------------------------------------------------------------
    !version 12.4
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    !
    hostname LightPath2
    !
    boot-start-marker
    boot-end-marker
    !
    security authentication failure rate 3 log
    security passwords min-length 6
    logging buffered 51200 debugging
    logging console critical
    enable secret 5 $1$wOEo$VpEKr7eMwFLo3TrPhIv8z/
    !
    no aaa new-model
    !
    resource policy
    !
    !
    !
    ip cef
    no ip dhcp use vrf connected
    ip dhcp excluded-address 10.10.10.1
    !
    ip dhcp pool sdm-pool1
    import all
    network 10.10.10.0 255.255.255.0
    dns-server 167.206.7.4 167.206.112.138
    default-router 10.10.10.1
    !
    !
    ip tcp synwait-time 10
    ip domain name mcstudios.com
    ip name-server 167.206.7.4
    ip name-server 167.206.112.138
    ip ssh time-out 60
    ip ssh authentication-retries 2
    !
    !
    crypto pki trustpoint TP-self-signed-1790346064
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-1790346064
    revocation-check none
    rsakeypair TP-self-signed-1790346064
    !
    !
    crypto pki certificate chain TP-self-signed-1790346064
    certificate self-signed 01
    3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 31373930 33343630 3634301E 170D3036 30393134 31353538
    33325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37393033
    34363036 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100B541 91400939 E70530E3 749036EA 46CF132D E1B2F2D1 7815C507 6E1207B1
    367C8928 464E5201 1457CB44 A5007953 A2ECCFEF 00FB93DB C395AACD 8208CFC0
    844D79D0 157FFF3D 1E8DE17C 0EEF1F26 EC9D70EF EFBF1A8F DDE687CE 69C216FC
    A3C02CA5 AC279BC2 FA0E67BE 00979594 E089CD61 FB57379D 12CFF73D BB523A7C
    2B5F0203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
    551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
    301F0603 551D2304 18301680 14CF1D1C 21ACD4B4 85FB8917 955CF687 53F21EA0
    D4301D06 03551D0E 04160414 CF1D1C21 ACD4B485 FB891795 5CF68753 F21EA0D4
    300D0609 2A864886 F70D0101 04050003 81810088 EBA92187 A29B1DDF 71377860
    54FF68D0 6B79037F 9C67D95C F806CE37 85D48DC2 9B8FB734 A4EF4A01 024C32E3
    C882AE79 9A2E48E9 E4F382F3 EF0879D5 010C1994 1AE4C74D D54AE242 C9D524B6
    5D27999F 98F0ACE7 59F22920 3DE6FA63 B462A63A 74E65BFF CB4F0DEC E8D2207A
    F082B4FB 227ADC4D D6E1CED2 44A218AB EEE815
    quit
    username mcsadmin privilege 15 secret 5 $1$kmkZ$0QGpCTlORrMde/Z8lClbV/
    !
    !
    !
    !
    !
    !
    interface FastEthernet0
    description $FW_OUTSIDE$$ES_WAN$
    ip address 65.x.x.x 255.x.x.x
    ip route-cache flow
    duplex auto
    speed auto
    !
    interface FastEthernet1
    no ip address
    ip route-cache flow
    shutdown
    duplex auto
    speed auto
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface FastEthernet4
    !
    interface FastEthernet5
    !
    interface FastEthernet6
    !
    interface FastEthernet7
    !
    interface FastEthernet8
    !
    interface FastEthernet9
    !
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$
    ip address 10.10.10.1 255.255.255.0
    ip route-cache flow
    ip tcp adjust-mss 1452
    !
    interface Async1
    no ip address
    encapsulation slip
    !
    ip route 0.0.0.0 0.0.0.0 FastEthernet0
    !
    !
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    !
    logging trap debugging
    no cdp run
    !
    !
    !
    !
    !
    !
    control-plane
    !
    banner login ^CAuthorized access only!
    Disconnect IMMEDIATELY if you are not an authorized user!^C
    !
    line con 0
    login local
    transport output telnet
    line 1
    modem InOut
    stopbits 1
    speed 115200
    flowcontrol hardware
    line aux 0
    login local
    transport output telnet
    line vty 0 4
    privilege level 15
    login local
    transport input telnet ssh
    line vty 5 15
    privilege level 15
    login local
    transport input telnet ssh
    !
    scheduler allocate 4000 1000
    scheduler interval 500
    !
    webvpn context Default_context
    ssl authenticate verify all
    !
    no inservice
    !
    end

    a client connects to the 1811 and gets proper dhcp (10.10.10.2 255.255.255.0 10.10.10.1) but cannot connect to the internet. Any assistance would be greatly appreciated.
    Last edited by LoffKat; 10th March 2009, 22:50. Reason: notifications

  • #2
    Re: 1811 cannot connect to internet

    Hi LoffKat,

    There are a couple of points to look at on your config but the main reason you can't connect to the internet is that you don't have any sort of NAT configured. the 10.x.x.x /8 network is a private, non-routable address space as defined by RFC 1918. Have a look at the Cisco 1800 Series configuration guide. This will provide you with the relevant commands to configure NAT and also hopefully provide you with other useful information. You might also want to change the certificate you are using...

    Stuart

    Comment


    • #3
      Re: 1811 cannot connect to internet

      I will try that now. So I fully understand, you're telling me that I cannot configure a WAN gateway for the ISP, that I have to use NAT instead to translate the internal gateway to the external gateway?

      Comment


      • #4
        Re: 1811 cannot connect to internet

        Because you are using a private addressing scheme on your LAN the router must translate the addresses into something acceptable for use on the Internet.

        Your clients are correctly configured with the local IP of your router (10.10.10.1). Your default route (ip route 0.0.0.0 0.0.0.0 FastEthernet0) tells the router to send all traffic that it doesn't have a better route for (i.e. a routing table entry) out of the FastEthernet0 interface. The last step is to tell the router to translate the private addresses into a public one.

        Unless you have additional public addresses from your ISP then it is best and easiest to use Port Address Translation (NAT overloading) which allows for upto 65536 simultaneous translations. To configure that on your router issue the following commands:

        conf t
        interface vlan 1
        ip nat inside
        interface fastethernet 0
        ip nat outside
        exit
        access-list 1 permit 10.10.10.0 0.0.0.255
        ip nat inside source list 1 interface fastethernet 0 overload
        exit


        Hope this helps,

        Stuart


        Comment

        Working...
        X