cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5772
Views
75
Helpful
60
Replies

cant access my company sites

amralrazzaz
Level 5
Level 5

dear all hope doing great 

 

Have great day !

I have an issue with dns that not resolving some sites (our organizations sites such as outlook web access, service desk, SharePoint website …etc. ) but any other sites is working normally

these sites usually accessing every day with no issues since long time but before 2 days suddenly we faced an issue with responding these sites

 

I don’t know if the issue from isp or from my side am just checking with u ?

 

Note: Im using google dns server 8.8.8.8 8.8.4.4 as per the configuration that I shared on below , I have tried same dns with different ISP company and its works fine (all sites can be accessing normally)

i have problem with responding on these sites even i cant login to skype for business or visit  servcie desk site of my company 

 

i dont know it i can do something with my dns and dhcp server on router ? like reset or reconfigure again ???

 

p dhcp relay information trust-all
ip dhcp excluded-address 192.168.2.207
!
ip dhcp pool voice
 import all
 network 192.168.2.0 255.255.255.0
 default-router 192.168.2.207
 option 150 ip 192.168.2.207
 dns-server 8.8.8.8 8.8.4.4
!
!
!
ip dhcp global-options
 dns-server 163.121.128.134 163.121.128.135
!
no ip domain lookup
ip domain name EGCAI01.nms.local
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip cef
no ipv6 cef
multilink bundle-name authenticated
 
ip dns view default
 no dns forwarding
 dns forwarder 8.8.8.8
ip dns server
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
access-list 1 permit 192.168.2.0 0.0.0.255

 

amr alrazzaz
1 Accepted Solution

Accepted Solutions

Hello

Okay i have a better picture -

I think we need to give the 2911 an static ip address in the  41.33.42.X /29 subnet - so lets try this-

inter gig0/1

ip address 41.33.42.171 255.255.255.248

no p route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 dhcp
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 41.33.42.169


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

60 Replies 60

julian.bendix
Level 3
Level 3

Hi!

Just confirming if I got the problem right:

Since two days, some of your sites (not all) can't resolve Company internal (Intranet) Websites anymore, but external Websites work as usual.
Is that right?

If that is so - what happens when Users in the affected sites try using the direct IP Addresses of the internal services instead of DNS names?

Can they ping the servers/services (if that is even allowed in your network)?

What kind of WAN Links do you use between the site where the services are hosted and the affected sites?

Do the affected sites have a local internet breakout?

Best regards
Julian

 

dear thanks a lot 

 

our company sites is public no need for vpn or something we are just a branch office in africa and our head office in NL 

 

but the matter is i have tried another isp company at home and all sites accessing very well with issue 

 

here is some of sites :

https://frieslandcampina.service-now.com/sp   just keep loading then no response and reset connection which is not happen before 

 

i cant access outlook web access or i can reach the site and put the email and once confirm its redirect to specific site and then taking time then connection reset 

 

i dont know if i can make some thing in my configuration file on dns or dhcp or what ever i dunt know ?

 

amr alrazzaz

something wrong when i access site and start redirected to adfs.frieslandcampina.com its gone with no access 

 

taking too much time and connection reset 

 

check attached this i cant access from outlook.exe 

 

didnt reach the site to put my password ,, sometimes reached but no response after putting password connection gone

 

 

amr alrazzaz

did you solve the problem? sometimes i got this problem to on my web.

try to restart the web server or apache (if use it), that works for me.

hello bro 

 

thanks for ur sending 

 

actually i dont have web server and its not under my control .. im just working in region branch and these sites public for the company users across branches over world 

 

im trying from home its normally working fine (different isp )

 

regarding office isp they dont have an issue reaching the site even me  but no response and time out 

 

 

amr alrazzaz

Hello,

 

I am lost to be honest. Does the problem occur when users in the office (using the router whose configuration you have posted) are trying to access the sites, or when YOU try to access the sites, from home ?

sorry from office u have the issue ( router that i post the config,)

 

from home when i test no issue  (normal isp router home use)

 

 

amr alrazzaz

Hello,

 

which of the suggestions made have you implemented, and what is the result ?

can u please help exactly what to do please 

 

these sites is very slow then time out 

sometimes it reach then time out 

this is not happening before at all 

 

is this modifications can help on below:

interface GigabitEthernet0/1
description Connected to WAN
ip address 192.168.1.207 255.255.255.0

ip mtu 1400
ip flow ingress
ip flow egress
ip nat outside

ip tcp adjust-mss 1360
ip rip advertise 100
ip rip receive version 2
ip virtual-reassembly in
duplex auto
speed auto
! ????

 

amr alrazzaz

Hello
It seems your clients are obtaining the google dns servers from dhcp so why do you have your router set as a dns server and forwarder, no need to do this unless you actually have devices pointing to this rtr for dns resolution?
Also if the below dns servers are your companys how come your not pointing your client towards these as i guess they are set up to forward towards a public dns like google?
163.121.128.134
163.121.128.135

no ip name-server 8.8.8.8

no ip name-server 8.8.4.4
no ip dns view default
no dns forwarder 8.8.8.8
no ip dns server


Lastly whats changed on your site from 2 days ago to possibly no make this issue apprear?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

actually these two dns for the isp company 163.121.128.134 / 163.121.128.135

 

and im using the google dns yes ?

these sites im trying to access every day public to all users origination 

 

so please can u give me in detail which lines should i modify from below :

ip dhcp relay information trust-all
ip dhcp excluded-address 192.168.2.207
!
ip dhcp pool voice
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.207
option 150 ip 192.168.2.207
dns-server 8.8.8.8 8.8.4.4
!
!
!
ip dhcp global-options
dns-server 163.121.128.134 163.121.128.135
!
no ip domain lookup
ip domain name EGCAI01.nms.local
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip cef
no ipv6 cef
multilink bundle-name authenticated
!

nterface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description inside LAN
ip address 192.168.2.207 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
description Connected to WAN
ip address 192.168.1.207 255.255.255.0
ip flow ingress
ip flow egress
ip nat outside
ip rip advertise 100
ip rip receive version 2
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
!
router rip
network 192.168.1.0
network 192.168.2.0
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http secure-port 8443
ip http path flash:/GUI
ip flow-export source GigabitEthernet0/0
ip flow-export version 9
ip flow-export destination 192.168.2.195 9996
ip flow-top-talkers
top 60
sort-by packets
!
ip dns view default
no dns forwarding
dns forwarder 8.8.8.8
ip dns server
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
!

access-list 1 permit 192.168.2.0 0.0.0.255

 

 

 

 

 

 

amr alrazzaz

actually these two dns for the isp company 163.121.128.134 / 163.121.128.135

 

and im using the google dns yes ?

these sites im trying to access every day public to all users origination 

 

so please can u give me in detail which lines should i modify from below :

ip dhcp relay information trust-all
ip dhcp excluded-address 192.168.2.207
!
ip dhcp pool voice
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.207
option 150 ip 192.168.2.207
dns-server 8.8.8.8 8.8.4.4
!
!
!
ip dhcp global-options
dns-server 163.121.128.134 163.121.128.135
!
no ip domain lookup
ip domain name EGCAI01.nms.local
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip cef
no ipv6 cef
multilink bundle-name authenticated
!

nterface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description inside LAN
ip address 192.168.2.207 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
description Connected to WAN
ip address 192.168.1.207 255.255.255.0
ip flow ingress
ip flow egress
ip nat outside
ip rip advertise 100
ip rip receive version 2
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
!
router rip
network 192.168.1.0
network 192.168.2.0
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http secure-port 8443
ip http path flash:/GUI
ip flow-export source GigabitEthernet0/0
ip flow-export version 9
ip flow-export destination 192.168.2.195 9996
ip flow-top-talkers
top 60
sort-by packets
!
ip dns view default
no dns forwarding
dns forwarder 8.8.8.8
ip dns server
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
!

access-list 1 permit 192.168.2.0 0.0.0.255

 

 

amr alrazzaz

actually the were nothing happened at all just suddenly this issue appears by it self 

 

dont know what to do ?

is there any thing to to in the configurations in my router ?? 

 

remove something ? reconfigure something , flush or clear something ? 

amr alrazzaz

Hello

I assume you dhcp scop "voice" is for all your clients?

Please remove the following
no ip name-server 8.8.8.8
no ip name-server 8.8.4.4
no ip dns view default
no dns forwarder 8.8.8.8
no ip dns server

 

also add a next-hop ip to your default static route, otherwise you would create unecessary arp
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 X.X.X.X (ip of next-hop ISP router)

 

Lastly on a client flush its dns cache and test again

open command prompt
start/run cmd.exe
ipconfig /flushdns

ipconfig /registerdns

nslookup < enter should come back with the dns server the client is pointing to)

<xxxx>.com  Test a dns url and see if resolves


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Review Cisco Networking for a $25 gift card