Re: can't connect to internet 2620xm

nepalies_24 · ‎11-21-2010

It was all working fine but suddenly, have not made any changes but not been able to connect to internet

My setup

Virgin media modem-------------------->cisco2620xm------------>PC

got NAT configured, please check the config file, Any help will be appreciated

Current configuration : 3275 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable secret 5 $

enable password

!

no aaa new-model

clock timezone London 0

clock summer-time London date Mar 30 2003 1:00 Oct 26 2003 2:00

no network-clock-participate slot 1

no network-clock-participate wic 0

ip cef

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.1.1 192.168.1.5

ip dhcp excluded-address 172.168.1.1 172.168.1.10

ip dhcp excluded-address 10.10.10.1 10.10.10.40

!

ip dhcp pool DHA

import all

network 172.168.1.0 255.255.255.0

default-router 172.168.1.1

dns-server 194.168.4.100 194.168.8.100

!

ip dhcp pool Pul

import all

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 194.168.4.100 194.168.8.100

!

ip dhcp pool JA

import all

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

dns-server 194.168.4.100 194.168.8.100

!

ip domain name networksolved.co.uk

vpdn-group Aragon

! Default PPTP VPDN group

accept-dialin

protocol pptp

virtual-template 1

!

crypto pki trustpoint TP-self-signed-1020500782

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1020500782

revocation-check none

rsakeypair TP-self-signed-1020500782

!

username stegano privilege 15 password

!

interface FastEthernet0/0

description WAN

ip address dhcp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Ethernet1/0

description LAN-INSIDE

no ip address

ip virtual-reassembly

half-duplex

!

interface Ethernet1/1

no ip address

ip virtual-reassembly

half-duplex

!

interface Ethernet1/2

no ip address

half-duplex

!

interface Ethernet1/3

description JA_POOL

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip nat enable

ip virtual-reassembly

half-duplex

!

interface Virtual-Template1

description VPDN

ip unnumbered FastEthernet0/0

peer default ip address pool PPTP-Pool

ppp encrypt mppe 128

ppp authentication ms-chap-v2

!

interface Dialer0

no ip address

shutdown

!

ip local pool PPTP-Pool 192.168.1.25 192.168.1.30

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

!

ip http server

ip http authentication local

ip http secure-server

ip nat inside source list 101 interface FastEthernet0/0 overload

!

access-list 101 permit ip 172.168.0.0 0.0.0.255 any

access-list 101 permit ip 192.168.0.0 0.0.0.255 any

access-list 101 permit ip 10.10.10.0 0.0.0.255 any

!

Thanx

Federico Coto Fajardo · ‎11-21-2010

Hi,

Things to check:
Is the router obtaining an IP via DHCP? ''sh ip int brief''
If so... is the computer obtaining an IP via DHCP from the router? ''ipconfig''

Sometimes just reloading the modem will make it work.

Federico.

nepalies_24 · ‎11-23-2010

Thanx for the reply

router is obtainign IP via DHCP and computer is obtaining IP via DHCP

what I found is as follow

sh ip traffic

IP statistics:

Rcvd: 257 total, 111 local destination

0 format errors, 0 checksum errors, 0 bad hop count

0 unknown protocol, 0 not a gateway

0 security failures, 0 bad options, 0 with options

Opts: 0 end, 0 nop, 0 basic security, 0 loose source route

0 timestamp, 0 extended security, 0 record route

0 stream ID, 0 strict source route, 0 alert, 0 cipso, 0 ump

0 other

Frags: 0 reassembled, 0 timeouts, 0 couldn't reassemble

0 fragmented, 0 fragments, 0 couldn't fragment

Bcast: 110 received, 2 sent

Mcast: 0 received, 0 sent

Sent: 5 generated, 0 forwarded

Drop: 144 encapsulation failed, 0 unresolved, 0 no adjacency

0 no route, 0 unicast RPF, 0 forced drop

0 options denied

Drop: 0 packets with source IP address zero

Drop: 0 packets with internal loop back IP address

10 physical broadcast

If you check on the bold it indicates encapsulation failed, but i can't figure out what to do next.

As int fa0/0 which is NAT out has got

FastEthernet0/0 is up, line protocol is up

Hardware is AmdFE, address is 0015.622c.4240 (bia 0015.622c.4240)

Description: WAN

Internet address is 92.238.98.189/23

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

FastEthernet0/0 is up, line protocol is down

Hardware is AmdFE, address is 0015.622c.4240 (bia 0015.622c.4240)

Description: WAN

Internet address is 92.238.98.189/23

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Auto-duplex, Auto Speed, 100BaseTX/FX

ARP type: ARPA, ARP Timeout 04:00:00

Ethernet1/3 is up, line protocol is up

Hardware is AmdP2, address is 0015.622c.4253 (bia 0015.622c.4253)

Description: JAPAN_POOL

Internet address is 10.10.10.1/24

MTU 1500 bytes, BW 10000 Kbit, DLY 1000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:06, output 00:00:03, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

ARP type: ARPA, ARP Timeout 04:00:00

Any idea

Federico Coto Fajardo · ‎11-23-2010

Ok next step...

From the PC ping the router's default gateway (you can check the router's default gateway with the command show ip route).

If the PING is succesful, try to PING 4.2.2.2 from the PC and check ''sh ip nat trans'' to make sure NAT is working.

Federico.

nepalies_24 · ‎11-23-2010

Thanx for the reply

Tried ping from PC to default gateway and been able to get the reply from the router

tried ping from the pC to 4.2.2.2 could not get the reply

Pro Inside global I nside local Outside local Outside global

icmp xx.xx.xx.xx:1024 10.10.10.41:1024 4.2.2.2:1024 4.2.2.2:1024

tried ping from the router 4.2.2.2 not been able to ping

As far I think it been encapsulation

Drop: 889 encapsulation failed,

any idea

Many Thanx

Federico Coto Fajardo · ‎11-23-2010

You should be using PPP encapsulation on your WAN connection it seems...

Do you have this?

interface FastEthernet0/0

encapsulation ppp

Federico.

nepalies_24 · ‎11-23-2010

No I dont have encap option

I guess you need to set that when u on serial connection with if I am correct

if you check my overall configuration you might be able to find any idea

cheers

nepalies_24 · ‎11-23-2010

one thing I have found is, If I use

Ip route 0.0.0.0 0.0.0.0 fa0/0

it does not send the traffic

I thought it should work fine as a default route for any traffic

which did work on my previous configuration

any idea

cheers

Richard Burts · ‎11-23-2010

This is a symptom that I have seen numerous times. Configuring a static route which points just to the outbound interface works quite well if the outbound interface is a point to point serial. Configuring a static route which points just to the outbound interface when the outbound interface is Ethernet is problematic.

The fundamental issue is that if the static route points to an Ethernet interface then the router must ARP for ALL of the destinations to which it will attempt to forward traffic. This can work (as the original poster has experienced). But it is dependent on the next hop router enabling proxy arp. If the next hop router does enable proxy arp then the next hop router responds to all of the arp requests for remote addresses and the static route works. (it works but it does not work well). However if the next hop router does not enable proxy arp then the router can not forward any of the traffic.

It sounds to me like in this situation the next hop router is not allowing proxy arp to respond for remote addresses. And the static route does not work. The solution is to change the static route so that it points to a next hop address.

HTH

Rick

HTH

Rick

Talha Ansari · ‎11-23-2010

I think Richard pointed out the root cause.

Try this : ping 4.2.2.2 with the source as the lan interface from the 2600 router... and check "sh arp"... probably the arp entry for 4.2.2.2 would be incomplete.