Announcement

Collapse
No announcement yet.

Cannot access internet behind Cisco 881 router

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cannot access internet behind Cisco 881 router

    I am in need of some insight. I have configured a Cisco 881 router to connect a remote site to the main network of the company that I work for. With the router connected, I can access internal resources but the site cannot access internet sites. When pinging an internet site, DNS resolves the name but fails to return the ping request. Here is the current configuration of the router:

    version 15.0
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname ICF
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 51200 warnings
    !
    no aaa new-model
    memory-size iomem 10
    !
    crypto pki trustpoint TP-self-signed-4244671445
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-4244671445
    revocation-check none
    rsakeypair TP-self-signed-4244671445
    !
    !
    crypto pki certificate chain TP-self-signed-4244671445
    certificate self-signed 01
    30820244 308201AD A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 34323434 36373134 3435301E 170D3133 31303232 32313430
    32325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 32343436
    37313434 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100B2EC E9BDC6B5 4FCD6281 A00F537E 9AA07C8D 5758E0A6 2B1158E4 B415C8FF
    265C8AD5 73DD91E0 AB992564 88793C65 7E772257 D73DF1E5 9C0FF9A6 AEA427BA
    5AFFDF63 ADE9A906 623BF1CC 29F4BB6E 998A2FAB DA766C12 52F77EBA 32632C45
    A092D364 004550E7 A2E0F592 948CA049 F179658C 7953BB52 F15E15D0 AA12DE78
    7ABF0203 010001A3 6C306A30 0F060355 1D130101 FF040530 030101FF 30170603
    551D1104 10300E82 0C494346 2E636373 622E636F 6D301F06 03551D23 04183016
    8014A5A6 6496BD9D 9263FEC8 1EF27E51 B6B4CA3B E69F301D 0603551D 0E041604
    14A5A664 96BD9D92 63FEC81E F27E51B6 B4CA3BE6 9F300D06 092A8648 86F70D01
    01040500 03818100 093EBCFB 6FAC3ADF 7486FEA7 68529DC2 0E88FE8A F5C0D8AE
    90B6F2B9 CA4E0A82 F0AE1093 F3AF4839 CCAF5A62 FF654B2A 37A27B6D 0926FD79
    75F36D20 7558F9FC 691944E6 21BA8EA4 38078F2F FB139C99 C399224E 73BA74D1
    89A8F0A7 C3A91A09 0B4F878A 71C7FAF6 52742881 458AC880 C45496D5 90FEE62A
    04524A8E D1D86A6B

    ip source-route
    !
    !
    ip dhcp excluded-address 172.20.156.1
    ip dhcp excluded-address 172.20.156.2
    ip dhcp excluded-address 172.20.156.3
    ip dhcp excluded-address 172.20.156.4
    ip dhcp excluded-address 172.20.156.5
    ip dhcp excluded-address 172.20.156.6
    ip dhcp excluded-address 172.20.156.7
    ip dhcp excluded-address 172.20.156.8
    ip dhcp excluded-address 172.20.156.9
    ip dhcp excluded-address 172.20.156.10
    ip dhcp excluded-address 172.20.156.11
    ip dhcp excluded-address 172.20.156.12
    ip dhcp excluded-address 172.20.156.13
    ip dhcp excluded-address 172.20.156.14
    ip dhcp excluded-address 172.20.156.15
    ip dhcp excluded-address 172.20.156.16
    ip dhcp excluded-address 172.20.156.17
    ip dhcp excluded-address 172.20.156.18
    ip dhcp excluded-address 172.20.156.19
    ip dhcp excluded-address 172.20.156.20
    ip dhcp excluded-address 172.20.156.21
    ip dhcp excluded-address 172.20.156.22
    ip dhcp excluded-address 172.20.156.23
    ip dhcp excluded-address 172.20.156.24
    ip dhcp excluded-address 172.20.156.25
    ip dhcp excluded-address 172.20.156.26
    ip dhcp excluded-address 172.20.156.27
    ip dhcp excluded-address 172.20.156.28
    ip dhcp excluded-address 172.20.156.29
    ip dhcp excluded-address 172.20.156.30
    ip dhcp excluded-address 172.20.156.31
    ip dhcp excluded-address 172.20.156.32
    ip dhcp excluded-address 172.20.156.34
    ip dhcp excluded-address 172.20.156.35
    ip dhcp excluded-address 172.20.156.39
    ip dhcp excluded-address 172.20.156.36
    ip dhcp excluded-address 172.20.156.37
    ip dhcp excluded-address 172.20.156.38
    !
    ip dhcp pool icf-pool
    network 172.20.156.0 255.255.255.0
    default-router 172.20.156.10
    dns-server 172.20.153.10 172.20.153.11 68.105.28.16 68.105.29.16
    !
    !
    ip cef
    ip name-server 172.20.153.10
    ip name-server 172.20.153.11
    ip name-server 68.105.28.16
    ip name-server 68.105.29.16
    no ip dhcp-client broadcast-flag
    no ipv6 cef
    !
    !
    license udi pid CISCO881-K9 sn FTX160285CZ
    !
    !

    !
    !
    !!
    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface FastEthernet4
    ip address 172.21.1.16 255.255.255.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip flow ingress
    ip nat outside
    ip virtual-reassembly
    duplex full
    speed auto
    !
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
    ip address 172.20.156.10 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    ip tcp adjust-mss 1452
    !
    no ip forward-protocol nd
    no ip http server
    no ip http secure-server
    !
    ip nat inside source list 20 interface FastEthernet4 overload
    ip route 0.0.0.0 0.0.0.0 172.21.1.3
    !
    access-list 10 permit any
    access-list 20 permit any
    no cdp run
    !
    !!
    !
    control-plane
    !
    !
    line con 0
    login local
    no modem enable
    line aux 0
    line vty 0 4
    access-class 23 in
    privilege level 15
    login local
    transport input telnet ssh
    !

    I am stumped since I am able to get to the internal resources of the main facility. Also, I can't ping the router from the main facility.

    Thanks

  • #2
    Re: Cannot access internet behind Cisco 881 router

    Does the Internet router have a route for the 172.20.16.0/24 network, specifically the 172.20.16.3 address you're using to NAT overload outbound traffic from the 172.20.156.0/24 network?

    Do the NAT rules on the Internet router cover the 172.120.16.3 address?

    How far do you get with a traceroute to an Internet host? (Try tracert -d 8.8.8.8)

    Comment


    • #3
      Re: Cannot access internet behind Cisco 881 router

      The commands that i would change are:

      interface FastEthernet4
      ip nat inside


      ip route 0.0.0.0 0.0.0.0 172.21.1.16

      Test and see if they resolve the issues that you're having, and please let me know. Thanks.
      Please remember to award reputation points if you have received good advice.
      I do tend to think 'outside the box' so others may not always share the same views.

      MCITP -W7,
      MCSA+Messaging, CCENT, ICND2 slowly getting around to.

      Comment

      Working...
      X