Solved: Cisco 1941 on gi0/0 - connected but no internet

johnorillo · ‎06-25-2013

Hi to all!

I am new in cisco, please anyone can you help me how to solve this problem.

Inside the router I can ping www.google.com but the laptop is connected on interface gi0/1 is not getting internet. I don't know what I'm missing.. below is the running-config.

Current configuration : 6094 bytes

!

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname RYD-TYPSA-KINGFAHAD

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

no aaa new-model

!

no ipv6 cef

ip source-route

no ip cef

!

ip dhcp excluded-address 192.168.2.1 192.168.2.10

!

ip dhcp pool TYPSA-KINGFAHD

network 192.168.2.0 255.255.255.0

domain-name TYPSA-KINGFAHD

dns-server 86.51.34.17 86.51.35.18

default-router 192.168.2.1

!

ip domain name yourdomain.com

ip name-server 86.51.34.17

ip name-server 86.51.35.18

multilink bundle-name authenticated

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description < TO | MOBILY | MPLS >$ETH-WAN$

ip address 85.194.108.202 255.255.255.252

ip access-group 199 out

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

description $ETH-LAN$

ip address 192.168.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

duplex auto

speed auto

!

router bgp 65000

bgp router-id 192.168.104.202

bgp log-neighbor-changes

network 192.168.2.0

neighbor 192.168.104.201 remote-as 35819

neighbor 192.168.104.201 description < TO | MOBILY | MPLS >

!

ip default-gateway 85.194.108.201

ip forward-protocol nd

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip http path flash

!

ip nat inside source list LAN_SUBNET interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 85.194.108.201

ip route 192.168.2.0 255.255.255.0 85.194.108.201

!

ip access-list standard LAN_SUBNET

remark CCP_ACL Category=2

permit 192.168.2.0 0.0.0.255

!

access-list 100 permit tcp any any eq 443

access-list 199 remark CCP_ACL Category=1

access-list 199 permit tcp any any

!

control-plane

!

line con 0

login local

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

access-class 199 in

access-class 199 out

no login

transport input ssh

transport output ssh

line vty 5 15

login local

transport input all

!

scheduler allocate 20000 1000

end

mfurnival · ‎06-25-2013

On G0/0 you have an outbound access list 199 which only permits TCP. If you were on a PC on the LAN side you would not be able to resolve DNS names to IP addresses (DNS uses udp). Can you ping 8.8.8.8 from your PC on the LAN?

Can you also provide a "show ip route" please?

View solution in original post

mfurnival · ‎06-25-2013

On G0/0 you have an outbound access list 199 which only permits TCP. If you were on a PC on the LAN side you would not be able to resolve DNS names to IP addresses (DNS uses udp). Can you ping 8.8.8.8 from your PC on the LAN?

Can you also provide a "show ip route" please?

johnorillo · ‎06-25-2013

Hi mfurnival!

Thank you from your reply!

I removed access-list 199 and now I can ping 8.8.8.8 from my pc.

This is the ip route.

RYD-TYPSA-KINGFAHAD#sho ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is 85.194.108.201 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 85.194.108.201

85.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 85.194.108.200/30 is directly connected, GigabitEthernet0/0

L 85.194.108.202/32 is directly connected, GigabitEthernet0/0

192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.2.0/24 is directly connected, GigabitEthernet0/1

L 192.168.2.1/32 is directly connected, GigabitEthernet0/1

I got internet now but so slow.. I supposed to get 2mbps, but when I did speedtest the result is 0.38mbps download.

mfurnival · ‎06-25-2013

Glad you are making progress. Contact your provider about the speed issue and see what they say.

I asked for a "show ip route" because there are some oddities in your config:

This line:

ip route 192.168.2.0 255.255.255.0 85.194.108.201

tells your router that your LAN subnet can be reached via your WAN gateway, It is ignored by the router because 192.168.2.0 is a connected network with a lower AD but I wonder what you were trying to do with this line.

Also you have a BGP statement that does not seem to be live.

Because you are internet facing on this router I would seriously consider beefing up the security on this router with some IOS firewall commands. Here is the design guide:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/product_implementation_design_guide09186a00800fd670.html

johnorillo · ‎06-25-2013

Thanks for your help mfurnival!!! kudos to you man!

Appreciated it much!!! It did save a lot of my time today!

By the way, about my slow connection. I noticed that I had to lines of ip route, I just remove the ip route 192.168.2.0 255.255.255.0 85.194.108.201. Then leave this ip route 0.0.0.0 0.0.0.0 85.194.108.201, now I got the full speed.