router cisco ISR 4351 not connect to internet

josecervini · ‎06-24-2024

I have been trying to configure my router for several days but I have not been able to get it to log in or out of the internet. I would be very grateful if you could help me since my business depends on this router, this is my running-config:

Building configuration...

Current configuration : 2872 bytes
!
! Last configuration change at 10:15:52 UTC Tue Jun 25 2024
!
version 16.6
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform hardware throughput level 400000
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 xxxxxxxxxxxxx
enable password xxxxxxxx
!
no aaa new-model

!
!
subscriber templating

!
!
multilink bundle-name authenticated
passthru-domain-list jose
match lolyschicken.com
match 192.168.1.1
match cisco.com
match www.goolge.com

!
!
license udi pid ISR4351/K9 sn xxxxxxxxx
license accept end user agreement
license boot level appxk9
diagnostic bootup level minimal
spanning-tree extend system-id
service-template webauth-global-inactive
inactivity-timer 3600
service-template DEFAULT_LINKSEC_POLICY_MUST_SECURE
linksec policy must-secure
service-template DEFAULT_LINKSEC_POLICY_SHOULD_SECURE
linksec policy should-secure
service-template DEFAULT_CRITICAL_VOICE_TEMPLATE
voice vlan
!
!
!
username xxxxx privilege 15 secret 9 xxxxxxxx
!
redundancy
mode none
!
!
!
parameter-map type webauth global
login-auth-bypass ip-access-list 100 domain-name-list jose

!
!
interface GigabitEthernet0/0/0 (wan dhcp)
ip address dhcp hostname R1
ip nat outside
ip access-group 100 out
negotiation auto
spanning-tree portfast disable
!
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip access-group 100 in
negotiation auto
no mop enabled
spanning-tree portfast disable
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
ip nat pool 1 192.168.1.0 192.168.1.254 netmask 255.255.255.0
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip nat outside source list 100 pool 1
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http secure-trustpoint CISCO_IDEVID_SUDI
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
access-list 100 permit tcp any any eq www
!
!
route-map track-primary-if permit 1
match ip address 197
set interface GigabitEthernet0/0/0
!
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password xxxxxxxxx
login
length 0

!
end

balaji.bandi · ‎06-25-2024

Lets start with basic config - from router you able to ping 8.8.8.8 ?

no ip nat pool 1 192.168.1.0 192.168.1.254 netmask 255.255.255.0
no ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
no ip nat outside source list 100 pool 1

access-list 1 permit 192.168.1.0 0.0.0.255

interface GigabitEthernet0/0/0 (wan dhcp)
ip address dhcp hostname R1
ip nat outside
no ip access-group 100 out
negotiation auto
spanning-tree portfast disable
!
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
no ip access-group 100 in
negotiation auto
no mop enabled
spanning-tree portfast disable

then configured client with 192.168.1.X 255.255.255.0 and gateway 192.168.1.1

DNS 8.8.8.8 (or provider DNS and test and let us know)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

josecervini · ‎06-25-2024

hi, thanks so much for reply, i still without connection, i can't ping 8.8.8.8 or 1.1.1.1, i made modification you suggest but still same problem.

Building configuration...

Current configuration : 2280 bytes
!
! Last configuration change at 16:15:14 UTC Wed Jun 26 2024
!
version 16.6
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 xxxxxxxxx
enable password xxxxxxxxxxxxxxxx
!
no aaa new-model

!
ip name-server 8.8.8.8 1.1.1.1
!
ip dhcp pool 1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1

!
!
subscriber templating
!
!
multilink bundle-name authenticated

!
!
license udi pid ISR4351/K9 sn xxxxxxxxxxx
diagnostic bootup level minimal
spanning-tree extend system-id
!
!
!
username xxxxxxxxx privilege 15 secret 9 xxxxxxxxxxxxx
!
redundancy
mode none

!
!
interface GigabitEthernet0/0/0
ip address dhcp hostname R1
ip nat outside
negotiation auto
spanning-tree portfast disable
!
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
negotiation auto
spanning-tree portfast disable
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
ip nat pool 1 192.168.1.0 192.168.1.254 netmask 255.255.255.0
ip nat outside source list 100 pool 1
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0/0/0
ip tftp source-interface GigabitEthernet0/0/0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
ip route 192.168.1.1 255.255.255.255 GigabitEthernet0/0/1
!
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit tcp any any
!
!
route-map track-primary-if permit 1
match ip address 197
set interface GigabitEthernet0/0/0
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password xxxxxxxxx
login
length 0

!
end

MHM Cisco World · ‎06-25-2024

Remove below

ip nat pool 1 192.168.1.0 192.168.1.254 netmask 255.255.255.0
ip nat outside source list 100 pool 1

Add this

Ip nat inside list 1 interface g0/0/0 overload

That it

MHM

josecervini · ‎06-25-2024

Hi, thanks for try help me but still same issue, i can't ping or connected outside

Building configuration...

Current configuration : 2268 bytes
!
! Last configuration change at 17:17:52 UTC Wed Jun 26 2024
!
version 16.6
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 xxxxxxxxxxx
enable password xxxxxxxxx
!
no aaa new-model

!
ip name-server 8.8.8.8 1.1.1.1
!
ip dhcp pool 1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1

!
subscriber templating
!
!
multilink bundle-name authenticated

!
license udi pid ISR4351/K9 sn xxxxxxxxxx
diagnostic bootup level minimal
spanning-tree extend system-id

!
username xxxxxxxxxx privilege 15 secret 9 xxxxxxxxxxxx
!
redundancy
mode none

!
interface GigabitEthernet0/0/0
ip address dhcp hostname R1
ip nat outside
negotiation auto
spanning-tree portfast disable
!
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
negotiation auto
spanning-tree portfast disable
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0/0/0
ip tftp source-interface GigabitEthernet0/0/0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
ip route 192.168.1.1 255.255.255.255 GigabitEthernet0/0/1
!
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit tcp any any
!
!
route-map track-primary-if permit 1
match ip address 197
set interface GigabitEthernet0/0/0

!
control-plane
!
!
line con 0
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password xxxxxxxxx
login
length 0

!
end

MHM Cisco World · ‎06-25-2024

I suggest add below

Ip nat inside source list 1 interface g0/0/0 overload

You add different

ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload

??

Add what I suggest and remove not correct NAT

MHM

josecervini · ‎06-25-2024

give me error when i try add

josecervini · ‎06-25-2024

I remove old line and add suggestions line, still same, not ping 8.8.8.8, 1.1.1.1, 8.8.4.4

MHM Cisco World · ‎06-26-2024

Hi friend
after you add

Ip nat inside source list 1 interface g0/0/0 overload <<- it mandatory

GigabitEthernet0/0/0 68.191.34.244 YES DHCP down down <<- how this Down Down ?? and the interface get IP via ISP DHCP ?

can you shut/ no shut and ping again form router to 8.8.8.8

MHM

josecervini · ‎06-26-2024

Hi, yes is dhcp and not ping anyway

MHM Cisco World · ‎06-26-2024

can you again do
no shut <<- under g0/0/0
and check ping again

MHM

josecervini · ‎06-26-2024

I did no shut and try ping 8.8.8.8 but still same

josecervini · ‎06-26-2024

This is my brief

Gig0/0/0 68.191.34.244 yes dhcp up up

MHM Cisco World · ‎06-26-2024

Now ping from router to 8.8.8.8 it must be success
then add

Ip nat inside source list 1 interface g0/0/0 overload <<- it mandatory

and try ping from client connect to g0/0/1

MHM

josecervini · ‎06-26-2024

Ok, I add line, save conf, un shut into 0/0/0 but still not ping 8.8.8.8, also from client try ping g0/0/0 and 8.8.8.8 but doesn't work, only ping 192.168.1.1,