Thanks,

I had accidentally posted the same question twice....have removed it now....sorry.

HI Vinodh,

First of all i cannot find the error message which you said to have atached.

One of the configuration suggestion is your current acl for nat is matching access-list number 1 which is wrong..This has to be replaced with acl 100. So correct it as below.

no ip nat inside source list 1 interface Dialer0 overload

ip nat inside source list 100 interface Dialer0 overload

or

keep your exsisting NAT configuration as such and add a new acl as below.

ip access-list 1 permit 192.168.1.0 0.0.0.255

Hope that should fix the issue.

Hope that helps

Regards

Najaf

Please rate when applicable or helpful !!!

Hi Najaf,

thanks very much for your speedy reply. However changing those settings did not make a difference. Further I have attached the error message I receive when I test the connection using Cisco Configuration Professional (PC edition). 

Thanks very much for your suggestion.

vinodh

Hi,

Could you please share the latest configuration you have applied now? Do you have any PC from which you are testing this internet? If so what ip address/subnet mask/gateway and dns you are using on the pc? Get the output of "show nat trans" from router at the time when you try to access the internet?

Regards

Najaf

Please rate when applicable or helpful !!!

HI again Nafaj,

thanks so much for all your help. The internet connection is working now but I am still getting the same error when I test the connection using Cisco Configuration Professional. The first time I made those changes you recommended it made no difference and I had not internet connection. Couple of times taking the dsl cable in and out did the trick - (not to say that this was the solution....hehehe). It would be good to get it sorted I guess and very useful for others watching this thread. Also since I have to setup a site to site VPN tomorrow I want to make sure that my configuration is suitable for this task. What do you think?

My PC - ip address: 192.168.1.10   Mask: 255.255.255.0   Router/ Gateway: 192.168.1.1

I made the change you recommended:

no ip nat inside source list 1 interface Dialer0 overload

ip nat inside source list 100 interface Dialer0 overload

Here's the new configuration.

Current configuration : 4493 bytes

!

! Last configuration change at 03:43:45 UTC Tue Jul 2 2013 by xxxx

! NVRAM config last updated at 03:44:16 UTC Tue Jul 2 2013 by xxxx

! NVRAM config last updated at 03:44:16 UTC Tue Jul 2 2013 by xxxx

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname whouseipl

!

boot-start-marker

boot-end-marker

!

!

logging buffered 51200 warnings

enable secret 4 UQ4kLcMLPduKnYFuGjADhK5FbzxkwEeZ574RYMhJgcQ

!

no aaa new-model

!

!

no ipv6 cef

no ip source-route

ip cef

!

!

!

!

ip dhcp pool dsl_dhcp

import all

network 10.10.10.0 255.255.255.248

dns-server 203.109.129.67

default-router 10.10.10.1

!

ip dhcp pool whouseipl

import all

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

!

!

ip name-server 203.109.129.67

ip name-server 203.109.129.68

!

multilink bundle-name authenticated

!

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-1185227679

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1185227679

revocation-check none

rsakeypair TP-self-signed-1185227679

!

!

crypto pki certificate chain TP-self-signed-1185227679

certificate self-signed 01

  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 31313835 32323736 3739301E 170D3133 30373031 30383435

  31325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31383532

  32373637 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  810092C8 4F03B1D0 E0D322F7 9E654F27 3A9202AC C5147BCB 2E960500 19922A9E

  5185A4D7 A679FD36 6B380E50 44FD549B B959A3DC 4BB24F25 44E4C534 5780BFEE

  1768767D E8BFF230 C5A5B8AA 1ADA1F70 72818358 E2107722 2000B1AB CD0D8F97

  97159464 41390290 E4114309 496BDDD5 EF9B651C A883C379 ECA424DA 96F4A241

  1DA10203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

  551D2304 18301680 143AA782 3990B3C7 A32947BA 790C44BC E0735FAC 45301D06

  03551D0E 04160414 3AA78239 90B3C7A3 2947BA79 0C44BCE0 735FAC45 300D0609

  2A864886 F70D0101 05050003 81810060 4581CEBC AE9F8675 B240EECD EC383027

  F90B21BE 1F0A2DE5 FD8DC119 E81AE03F 7B9C3C3F 3DD76EFC EBFC53A0 086AD7AF

  C968531A AC0BD5EA ABA71AE9 B474ED60 F65C307E C307622C 3CE330B3 A1722979

  109930EF 0147F067 CF1D3925 8812EC65 084ADFB8 18C5B55B 03ED870F 50ECB794

  E31C5B52 09E32EB3 C3B2B3E6 008B88

        quit

license udi pid CISCO1941/K9 sn FGL170220QK

license boot module c1900 technology-package securityk9

!

!

username ipladmin privilege 15 password 7 03326F5A16037319

username itassist privilege 15 password 7 13540346181F55393F

!

redundancy

!

!

!

!

!

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description $ES_LAN$$ETH-LAN$

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

no ip route-cache

duplex auto

speed auto

no cdp enable

no mop enabled

!

interface GigabitEthernet0/1

description DSL Interface

no ip address

ip nat outside

ip virtual-reassembly in

no ip route-cache

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

!

interface ATM0/0/0

no ip address

no atm ilmi-keepalive

!

interface ATM0/0/0.1 point-to-point

pvc 0/100

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

!

!

interface Dialer0

ip address negotiated

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname xxxxx

ppp chap password 7 0300585F0C0820471A

ppp pap sent-username xxxxx password 7 0300585F0C0820471A

!

ip forward-protocol nd

!

ip http server

ip http authentication local

ip http secure-server

!

ip nat inside source list 100 interface Dialer0 overload

ip nat inside source list dsl_accesslist interface Dialer0 overload

ip route 0.0.0.0 0.0.0.0 Dialer0

!

ip access-list extended dsl_accesslist

permit ip 10.10.10.0 0.0.0.255 any

!

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

dialer-list 1 protocol ip permit

!

!

!

!

!

!

control-plane

!

!

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

privilege level 15

login local

transport input telnet ssh

!

scheduler allocate 20000 1000

end

Results of "show ip nat trans"

this was performed soon after I tested the connection using CCP.

whouseipl#show ip nat trans

Pro Inside global      Inside local       Outside local      Outside global

udp 27.252.199.19:54353 192.168.1.10:54353 203.109.129.67:53 203.109.129.67:53

tcp 27.252.199.19:60393 192.168.1.10:60393 74.125.237.133:80 74.125.237.133:80

tcp 27.252.199.19:60421 192.168.1.10:60421 77.234.43.52:80   77.234.43.52:80

tcp 27.252.199.19:60815 192.168.1.10:60815 74.125.237.151:443 74.125.237.151:443

tcp 27.252.199.19:60910 192.168.1.10:60910 65.52.245.253:80  65.52.245.253:80

tcp 27.252.199.19:60912 192.168.1.10:60912 203.109.179.11:80 203.109.179.11:80

tcp 27.252.199.19:60913 192.168.1.10:60913 203.109.179.11:80 203.109.179.11:80

tcp 27.252.199.19:60914 192.168.1.10:60914 157.56.29.215:80  157.56.29.215:80

tcp 27.252.199.19:60915 192.168.1.10:60915 65.52.245.253:80  65.52.245.253:80

tcp 27.252.199.19:60919 192.168.1.10:60919 65.52.244.89:80   65.52.244.89:80

tcp 27.252.199.19:60921 192.168.1.10:60921 203.109.179.16:80 203.109.179.16:80

tcp 27.252.199.19:60924 192.168.1.10:60924 65.52.244.89:80   65.52.244.89:80

tcp 27.252.199.19:60925 192.168.1.10:60925 157.56.29.215:80  157.56.29.215:80

tcp 27.252.199.19:60927 192.168.1.10:60927 203.109.179.33:80 203.109.179.33:80

tcp 27.252.199.19:60930 192.168.1.10:60930 157.55.60.55:80   157.55.60.55:80

tcp 27.252.199.19:60932 192.168.1.10:60932 203.109.179.16:80 203.109.179.16:80

tcp 27.252.199.19:60934 192.168.1.10:60934 74.125.237.137:80 74.125.237.137:80

tcp 27.252.199.19:60936 192.168.1.10:60936 74.125.237.143:80 74.125.237.143:80

whouseipl#

Thank you very much

Vinodh

Hi Vinod,

Good to hear that internet is working fine. The configurations are fine..

Regarding the error on the CCP, may i know exactly your getting this error? What exactly you are doing on CCP when you see this erro?

Regardd

Najaf

Hi Nafaj,

I get this error when I use CCP version 2.7. I go into the interfaces option and check each interface; g0/0, g0/1, dialer0. It does a test ping to cisco servers. I have tried with Google servers as well. when I try this with the g0/0 (the internal Lan interface) then I get the error that can be viewed on the jpd image attached. I will continue to try and figure out why this is. Hopefully somebody from the forum might have an idea why.

Thanks

Vinodh

HI Vinod,

Unfortuntly i dont have any option to test this as I have not worked on CCP yet. I think you dont have to worry much about it as long as internet is working fine for clients. I agree with you that it is good to know reason why this is not working from CCP for same :-)

Regards

Najaf