Solved: Re: cant access my company sites

amralrazzaz · ‎11-26-2019

dear all hope doing great

Have great day !

I have an issue with dns that not resolving some sites (our organizations sites such as outlook web access, service desk, SharePoint website …etc. ) but any other sites is working normally

these sites usually accessing every day with no issues since long time but before 2 days suddenly we faced an issue with responding these sites

I don’t know if the issue from isp or from my side am just checking with u ?

Note: Im using google dns server 8.8.8.8 8.8.4.4 as per the configuration that I shared on below , I have tried same dns with different ISP company and its works fine (all sites can be accessing normally)

i have problem with responding on these sites even i cant login to skype for business or visit servcie desk site of my company

i dont know it i can do something with my dns and dhcp server on router ? like reset or reconfigure again ???

p dhcp relay information trust-all

ip dhcp excluded-address 192.168.2.207

!

ip dhcp pool voice

import all

network 192.168.2.0 255.255.255.0

default-router 192.168.2.207

option 150 ip 192.168.2.207

dns-server 8.8.8.8 8.8.4.4

!

ip dhcp global-options

dns-server 163.121.128.134 163.121.128.135

!

no ip domain lookup

ip domain name EGCAI01.nms.local

ip name-server 8.8.8.8

ip name-server 8.8.4.4

ip cef

no ipv6 cef

multilink bundle-name authenticated

ip dns view default

no dns forwarding

dns forwarder 8.8.8.8

ip dns server

ip nat inside source list 1 interface GigabitEthernet0/1 overload

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1

access-list 1 permit 192.168.2.0 0.0.0.255

amr alrazzaz

paul driver · ‎11-27-2019

Hello

Okay i have a better picture -

I think we need to give the 2911 an static ip address in the 41.33.42.X /29 subnet - so lets try this-

inter gig0/1

ip address 41.33.42.171 255.255.255.248

no p route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 dhcp
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 41.33.42.169

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

julian.bendix · ‎11-26-2019

Hi!

Just confirming if I got the problem right:

Since two days, some of your sites (not all) can't resolve Company internal (Intranet) Websites anymore, but external Websites work as usual.
Is that right?

If that is so - what happens when Users in the affected sites try using the direct IP Addresses of the internal services instead of DNS names?

Can they ping the servers/services (if that is even allowed in your network)?

What kind of WAN Links do you use between the site where the services are hosted and the affected sites?

Do the affected sites have a local internet breakout?

Best regards
Julian

amralrazzaz · ‎11-26-2019

dear thanks a lot

our company sites is public no need for vpn or something we are just a branch office in africa and our head office in NL

but the matter is i have tried another isp company at home and all sites accessing very well with issue

here is some of sites :

https://frieslandcampina.service-now.com/sp just keep loading then no response and reset connection which is not happen before

i cant access outlook web access or i can reach the site and put the email and once confirm its redirect to specific site and then taking time then connection reset

i dont know if i can make some thing in my configuration file on dns or dhcp or what ever i dunt know ?

amr alrazzaz

amralrazzaz · ‎11-26-2019

something wrong when i access site and start redirected to adfs.frieslandcampina.com its gone with no access

taking too much time and connection reset

check attached this i cant access from outlook.exe

didnt reach the site to put my password ,, sometimes reached but no response after putting password connection gone

amr alrazzaz

DikaKanesa41392 · ‎11-26-2019

did you solve the problem? sometimes i got this problem to on my web.

try to restart the web server or apache (if use it), that works for me.

amralrazzaz · ‎11-26-2019

hello bro

thanks for ur sending

actually i dont have web server and its not under my control .. im just working in region branch and these sites public for the company users across branches over world

im trying from home its normally working fine (different isp )

regarding office isp they dont have an issue reaching the site even me but no response and time out

amr alrazzaz

Georg Pauwen · ‎11-26-2019

Hello,

I am lost to be honest. Does the problem occur when users in the office (using the router whose configuration you have posted) are trying to access the sites, or when YOU try to access the sites, from home ?

amralrazzaz · ‎11-26-2019

sorry from office u have the issue ( router that i post the config,)

from home when i test no issue (normal isp router home use)

amr alrazzaz

Georg Pauwen · ‎11-26-2019

Hello,

which of the suggestions made have you implemented, and what is the result ?

amralrazzaz · ‎11-27-2019

can u please help exactly what to do please

these sites is very slow then time out

sometimes it reach then time out

this is not happening before at all

is this modifications can help on below:

interface GigabitEthernet0/1
description Connected to WAN
ip address 192.168.1.207 255.255.255.0

ip mtu 1400
ip flow ingress
ip flow egress
ip nat outside

ip tcp adjust-mss 1360
ip rip advertise 100
ip rip receive version 2
ip virtual-reassembly in
duplex auto
speed auto
! ????

amr alrazzaz

paul driver · ‎11-26-2019

Hello
It seems your clients are obtaining the google dns servers from dhcp so why do you have your router set as a dns server and forwarder, no need to do this unless you actually have devices pointing to this rtr for dns resolution?
Also if the below dns servers are your companys how come your not pointing your client towards these as i guess they are set up to forward towards a public dns like google?
163.121.128.134
163.121.128.135

no ip name-server 8.8.8.8
no ip name-server 8.8.4.4
no ip dns view default
no dns forwarder 8.8.8.8
no ip dns server

Lastly whats changed on your site from 2 days ago to possibly no make this issue apprear?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

amralrazzaz · ‎11-26-2019

actually these two dns for the isp company 163.121.128.134 / 163.121.128.135

and im using the google dns yes ?

these sites im trying to access every day public to all users origination

so please can u give me in detail which lines should i modify from below :

ip dhcp relay information trust-all
ip dhcp excluded-address 192.168.2.207
!
ip dhcp pool voice
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.207
option 150 ip 192.168.2.207
dns-server 8.8.8.8 8.8.4.4
!
!
!
ip dhcp global-options
dns-server 163.121.128.134 163.121.128.135
!
no ip domain lookup
ip domain name EGCAI01.nms.local
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip cef
no ipv6 cef
multilink bundle-name authenticated
!

nterface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description inside LAN
ip address 192.168.2.207 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
description Connected to WAN
ip address 192.168.1.207 255.255.255.0
ip flow ingress
ip flow egress
ip nat outside
ip rip advertise 100
ip rip receive version 2
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
!
router rip
network 192.168.1.0
network 192.168.2.0
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http secure-port 8443
ip http path flash:/GUI
ip flow-export source GigabitEthernet0/0
ip flow-export version 9
ip flow-export destination 192.168.2.195 9996
ip flow-top-talkers
top 60
sort-by packets
!
ip dns view default
no dns forwarding
dns forwarder 8.8.8.8
ip dns server
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
!

access-list 1 permit 192.168.2.0 0.0.0.255

amr alrazzaz

amralrazzaz · ‎11-26-2019

actually these two dns for the isp company 163.121.128.134 / 163.121.128.135

and im using the google dns yes ?

these sites im trying to access every day public to all users origination

so please can u give me in detail which lines should i modify from below :

ip dhcp relay information trust-all
ip dhcp excluded-address 192.168.2.207
!
ip dhcp pool voice
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.207
option 150 ip 192.168.2.207
dns-server 8.8.8.8 8.8.4.4
!
!
!
ip dhcp global-options
dns-server 163.121.128.134 163.121.128.135
!
no ip domain lookup
ip domain name EGCAI01.nms.local
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip cef
no ipv6 cef
multilink bundle-name authenticated
!

nterface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description inside LAN
ip address 192.168.2.207 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
description Connected to WAN
ip address 192.168.1.207 255.255.255.0
ip flow ingress
ip flow egress
ip nat outside
ip rip advertise 100
ip rip receive version 2
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
!
router rip
network 192.168.1.0
network 192.168.2.0
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http secure-port 8443
ip http path flash:/GUI
ip flow-export source GigabitEthernet0/0
ip flow-export version 9
ip flow-export destination 192.168.2.195 9996
ip flow-top-talkers
top 60
sort-by packets
!
ip dns view default
no dns forwarding
dns forwarder 8.8.8.8
ip dns server
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
!

access-list 1 permit 192.168.2.0 0.0.0.255

amr alrazzaz

amralrazzaz · ‎11-26-2019

actually the were nothing happened at all just suddenly this issue appears by it self

dont know what to do ?

is there any thing to to in the configurations in my router ??

remove something ? reconfigure something , flush or clear something ?

amr alrazzaz

paul driver · ‎11-26-2019

Hello

I assume you dhcp scop "voice" is for all your clients?

Please remove the following
no ip name-server 8.8.8.8
no ip name-server 8.8.4.4
no ip dns view default
no dns forwarder 8.8.8.8
no ip dns server

also add a next-hop ip to your default static route, otherwise you would create unecessary arp
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 X.X.X.X (ip of next-hop ISP router)

Lastly on a client flush its dns cache and test again

open command prompt
start/run cmd.exe
ipconfig /flushdns
ipconfig /registerdns

nslookup < enter should come back with the dns server the client is pointing to)

<xxxx>.com Test a dns url and see if resolves

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul