I am having a weird problem recently where some computer were unable to browse certain website. I even try to change to a different cisco router (cisco 2811) with IOS version 15.0 and the same configuration but still no luck. Already tried reboot all devices and i also try to use the computer that having problem to access the web connect directly to the router however the result is the same. Fyi the router being running fine for the past few month without this issue. I try to use the cheap router such as dlink/ tplink and there is no problem. Another information is the computer that were unable to browse certain website were able to ping that website but fail to load in the web browser. Out of 10 computer there is 3 unit have this issue and new devices such as my customer/guest computer also were unable to browse certain website. There is no firewall or any security restriction in our connection. It is driving me crazy!!
My connection diagram as below;
WAN->Router (Cisco 2821)->Switch-> Computer
------------------ show version ------------------
Cisco IOS Software, 2800 Software (C2800NM-ADVENTERPRISEK9-M), Version 12.4(24)T6, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Tue 23-Aug-11 01:30 by prod_rel_team
ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
Linear_Router uptime is 2 weeks, 3 days, 21 hours, 56 minutes
System returned to ROM by reload at 12:49:51 MAS Thu Sep 1 2016
System image file is "flash:c2800nm-adventerprisek9-mz.124-24.T6.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Cisco 2821 (revision 53.51) with 249856K/12288K bytes of memory.
Processor board ID FHK1235F3T0
2 Gigabit Ethernet interfaces
2 Serial(sync/async) interfaces
1 ATM interface
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
1000944K bytes of ATA CompactFlash (Read/Write)
Configuration register is 0x2102
------------------ show running-config ------------------
Building configuration...
Current configuration : 8378 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime localtime
service password-encryption
!
hostname Linear_Router
!
boot-start-marker
boot system flash:c2800nm-adventerprisek9-mz.124-24.T6.bin
boot-end-marker
!
logging message-counter syslog
logging buffered 16000
enable password 7 <removed>
!
aaa new-model
!
!
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization network sdm_vpn_group_ml_1 local
!
!
aaa session-id common
clock timezone MAS 8
!
dot11 syslog
ip source-route
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp binding cleanup interval 30
ip dhcp excluded-address 192.168.88.1 192.168.88.141
ip dhcp excluded-address 192.168.88.180 192.168.88.254
!
ip dhcp pool LAN
network 192.168.88.0 255.255.255.0
default-router 192.168.88.254
domain-name losb.local
dns-server 8.8.8.8 8.8.4.4
lease 0 0 15
!
!
ip domain name losb.local
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
crypto pki trustpoint test_trustpoint_config_created_for_sdm
subject-name e=sdmtest@sdmtest.com
revocation-check crl
!
crypto pki trustpoint TP-self-signed-3132623275
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3132623275
revocation-check none
rsakeypair TP-self-signed-3132623275
!
!
crypto pki certificate chain test_trustpoint_config_created_for_sdm
crypto pki certificate chain TP-self-signed-3132623275
certificate self-signed 01
30820250 308201B9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33313332 36323332 3735301E 170D3134 31323032 31393436
35385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 31333236
32333237 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100D01A 8569B674 5F07B434 8E5F9D59 D298DB7E 51FBB58A 460084B9 34AE8461
9639C1C6 471637C2 F6CFC65F 50CF9117 D459482F 1EF22E29 322F39AA 88C42306
F4B6686A 161FDD3D 69B0647B 46FC7CD0 966C03E8 D6CF9181 8E2B3514 300D980B
EE9225A6 173F7673 655A1DE8 FB720F13 0FD8E550 50461510 A7DDB314 A72C5DBE
A1CF0203 010001A3 78307630 0F060355 1D130101 FF040530 030101FF 30230603
551D1104 1C301A82 184C696E 6561725F 526F7574 65722E6C 6F73622E 6C6F6361
6C301F06 03551D23 04183016 8014FA7F D98E6D69 462EEAED 41BEC8D3 7042F812
95B3301D 0603551D 0E041604 14FA7FD9 8E6D6946 2EEAED41 BEC8D370 42F81295
B3300D06 092A8648 86F70D01 01040500 03818100 043EC1A4 7363A7FD 3AED777D
CAAEC570 99A02166 A3958A66 0E5A5DD2 368C2F8B D9A96E69 9F57852C ACE0C67F
73D17753 53BE14C4 824BE043 B8A52822 E38DBC3C C3F33787 813FD207 0AB04004
E0303A2F 81481429 2A3BF5AA F53C1EDD 8AC2EC48 D64DF89A 4D047B7C 6B516970
55EAFF10 B1453DBD ABC96845 FDF7AAF9 77B8C381
quit
!
!
username kent privilege 15 password 7 <removed>
archive
log config
hidekeys
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group 11
key 11
dns 8.8.8.8 8.8.4.4
domain losb.local
pool SDM_POOL_1
acl 100
max-users 11
crypto isakmp profile sdm-ike-profile-1
match identity group 11
client authentication list sdm_vpn_xauth_ml_1
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile SDM_Profile1
set transform-set ESP-3DES-SHA
set isakmp-profile sdm-ike-profile-1
!
!
crypto ctcp port 10000
!
!
!
!
!
!
interface GigabitEthernet0/0
description WAN connection to Unifi BTU
no ip address
no ip route-cache cef
no ip route-cache
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/0.500
encapsulation dot1Q 500
no ip route-cache
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
description Internal LAN network
ip address 192.168.88.254 255.255.255.0
ip access-group UDP/TCP in
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
shutdown
atm restart timer 300
no atm ilmi-keepalive
!
interface Serial0/1/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/1/1
no ip address
shutdown
clock rate 2000000
!
interface Virtual-Template1 type tunnel
description 11
ip unnumbered Dialer1
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
interface Dialer1
ip address negotiated
ip mtu 1480
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname 11@unifibiz
ppp chap password 7 15381
ppp pap sent-username 11e@unifibiz password 7 132F0
!
ip local pool SDM_POOL_1 192.168.88.130 192.168.88.141
ip default-gateway 192.168.88.254
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
ip http authentication local
ip http secure-server
!
!
ip nat inside source list Internet_List interface Dialer1 overload
ip nat inside source static tcp 192.168.88.89 8001 interface Dialer1 3389
ip nat inside source static udp 192.168.88.89 8001 interface Dialer1 3389
ip nat inside source static udp 192.168.88.102 80 interface Dialer1 5555
ip nat inside source static tcp 192.168.88.102 80 interface Dialer1 5555
ip nat inside source static tcp 192.168.88.90 80 interface Dialer1 8080
ip nat inside source static udp 192.168.88.90 80 interface Dialer1 8080
ip nat inside source static tcp 192.168.88.101 8888 interface Dialer1 8888
ip nat inside source static udp 192.168.88.101 8888 interface Dialer1 8888
ip nat inside source static tcp 192.168.88.101 80 interface Dialer1 7777
ip nat inside source static udp 192.168.88.101 80 interface Dialer1 7777
!
ip access-list extended Internet_List
permit ip 192.168.88.0 0.0.0.255 any
!
access-list 100 remark SDM_ACL Category=4
access-list 100 permit ip 192.168.88.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
banner motd ^CC
#####################################################################
# WARNING!!! #
# This system is for the use of authorized clients only. #
# Individuals using the computer network system without #
# authorization, or in excess of their authorization, are #
# subject to having all their activity on this computer #
# network system monitored and recorded by system #
# personnel. To protect the computer network system from #
# unauthorized use and to ensure the computer network systems #
# is functioning properly, system administrators monitor this #
# system. Anyone using this computer network system #
# expressly consents to such monitoring and is advised that #
# if such monitoring reveals possible conduct of criminal #
# activity, system personnel may provide the evidence of #
# such activity to law enforcement officers. #
# #
# Access is restricted to authorized users only. #
# Unauthorized access is a violation of state and federal, #
# civil and criminal laws. #
#####################################################################^C
!
line con 0
line aux 0
line vty 0 4
privilege level 15
password 7 <removed>
transport input telnet ssh
transport output telnet ssh
!
scheduler allocate 20000 1000
ntp update-calendar
end
