Hi,

the tests I've done froma PC on the customer network:

- ping 8.8.8.8 , OK

- ping www.google.es and other url. Always resolves the URL into a public IP and the pings response

- repeat the tests with a LAN fixed IP address or DHCP. Same results

- change DNS: 8.8.8..8 or ISP provided or even others. Same results

- obviously I can ping the default-gateway.

- I can start PPTP sessions to hosts on the outside with no problem and access remote servers via VPN

and the best one:

- I'm not on customer's site right now but I have remote Telnet to the router and teamviewer access to a PC that can't browse the Internet!!

What am i missing?

DAni

The current config:

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname rtr1

!

boot-start-marker

boot-end-marker

!

!

!

no aaa new-model

memory-size iomem 10

clock timezone CET 1 0

clock summer-time CET recurring last Sun Mar 2:00 last Sun Oct 3:00

crypto pki token default removal timeout 0

!

!

ip source-route

!

!

!

ip dhcp excluded-address 192.168.5.0 192.168.5.99

!

ip dhcp pool DATOS

   network 192.168.5.0 255.255.255.0

   default-router 192.168.5.1

   dns-server 8.8.8.8

!

!

ip cef

no ip domain lookup

no ipv6 cef

!

!

license udi pid CISCO887M-K9 sn xxxxx

!

!

archive

log config

  hidekeys

username xxxxx privilege 15 secret 5 x

!

!

!

!

!

!

!

!

!

!

!

interface BRI0

no ip address

encapsulation hdlc

shutdown

isdn termination multidrop

!

interface ATM0

no ip address

shutdown

no atm ilmi-keepalive

!

interface FastEthernet0

spanning-tree portfast

!

interface FastEthernet1

spanning-tree portfast

!

interface FastEthernet2

spanning-tree portfast

!

interface FastEthernet3

switchport access vlan 2

spanning-tree portfast

!

interface Vlan1

ip address 192.168.5.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

!

interface Vlan2

no ip address

pppoe-client dial-pool-number 1

!

interface Dialer0

mtu 1492

ip address negotiated

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

fair-queue

ppp authentication chap pap callin

ppp chap hostname adslppp@telefonicanetpa

ppp chap password 7 13041301071C143A

ppp pap sent-username

adslppp@telefonicanetpa password 7 1416161800143A3B

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

ip nat inside source route-map NAT interface Dialer0 overload

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip access-list extended NAT

permit ip 192.168.5.0 0.0.0.255 any

!

logging esm config

!

!

!

!

route-map NAT permit 10

match ip address NAT

!

Hi Daniel

Can you change DNS to 4.4.2.2  and test.

what is the default gateway for the user  and what IP address they get 

paste the ouput of the following

show ip int brief

show ip nat translation

Its really strange that u have team viewer access but no browsing

What is the public wan ip as i dont see any in config and to which interface is it connected ?

Daniel,

If you can ping by name, DNS works fine. If you can ping a public address from your private hosts, natting is working fine. Is there any other equipment between a host and the router like a firewall or in front of the router that could be blocking it?

John

I have tried with DNS 4.4.2.2 but we are unable to resolve URLs.

The IP addess the customer get is one from the pool 192.168.5.100 to 192.168.5.254 but now we are trying with 192.168.5.50, as you can see on the ip nat translations:

Daniel,

Couple of suggestion...

1. Try removing virtual reassembly command on both LAN and WAN interface and check.

2. Remove manual set MTU size from Dialer as it will be default to 1492 for PPP anyways. Alternatively you can try set it to 1500 and check if it works.

3. Can you do extendend traceroute to google.com with source port of 80 ( keep debug ip packets on) and share the results.

4. Repeat the above step, but this time with debug ip icmp on.

5. show ip nat translation

Regards,

Sukanya

I have the same problem. I can ping from inside the router any site i.e www.yahoo.com. I can ping from the client side by domain name or by IP but I cannot browse. There is no any device in between like firewall and all PC's are connected directly to the switch including the 887 Router.

Router#sh run

Building configuration...

Current configuration : 1577 bytes

!

! Last configuration change at 15:35:29 UTC Mon Jul 2 2012

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

enable secret 4 HrS.bFmfxShOxxsSI7lS/jQKCkRk1Fbc45HNxy8A1KE

!

no aaa new-model

memory-size iomem 10

crypto pki token default removal timeout 0

!

!

ip source-route

ip cef

no ipv6 cef

!

license udi pid CISCO887VA-K9 sn FCZ162090XZ

!

controller VDSL 0

!

interface Ethernet0

no ip address

shutdown

no fair-queue

!

interface ATM0

no ip address

no atm ilmi-keepalive

pvc 0/35

  pppoe-client dial-pool-number 1

!

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface Vlan1

ip address 192.168.115.3 255.255.255.0

ip nat inside

no ip virtual-reassembly in <-----orignally enabled

!

interface Dialer0

ip address negotiated

ip nat outside

no ip virtual-reassembly in <-----originally enabled

encapsulation ppp

dialer pool 1

ppp authentication chap callin

ppp chap hostname user

ppp chap password pass

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

ip nat inside source list NAT-ACL interface Dialer0 overload

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip access-list extended NAT-ACL 

permit ip 192.168.115.0 0.0.0.255 any

!

access-list 1 permit 192.168.115.0 0.0.0.255

!

line con 0

line aux 0

line vty 0 4

password ..........

login

transport input all

!

end

Router#

I even tried different access-list like access-list 1 permit any but still not working. I have spent too much time pulling my hair and banging my head but I cant solve it. I hope somebody out there can solve solve my problem.

hi,

kindly insert these lines under your LAN and WAN interfaces and try again:

int vl1

ip tcp adjust-mss 1452

int d0

ip mtu 1492

My problem was solved. I inserted this line ip tcp adjust-mss 1452 under interface vlan 1

interface Vlan1

ip address 192.168.115.3 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

many thanks.

glad it's now working for you. please rate useful posts and mark as resolved. thanks!