Re: First Ping fail

nicolas.guyot · ‎04-04-2011

Hello,

i have a problem with a cisco 857-K9 router. We can access internet but if we ping a web server, every first ping fail but all others works...

I'm very new with cisco product, how can i fix it ?

Thank you very much

andrew.prince · ‎04-04-2011

Sounds like the router is sending an ARP requests

confirm your ARP timeout values on the router - also check your default gateway config is correct.

HTH>

nicolas.guyot · ‎04-04-2011

Thank you andrew, how can i check this ?

this router connect internet with orange by adsl in France with ip negociated.

Thank you very much

Jon Marshall · ‎04-04-2011

Just to add to Andrew's post -

what does your default-route look like ie.

ip route 0.0.0.0 0.0.0.0

or

ip route 0.0.0.0 0.0.0.0

If it's interface then you may well see the symptoms you are having. It would be better set to an IP address.

Jon

nicolas.guyot · ‎04-04-2011

I can connect router by telnet but i don't know how to check this. I have made setup by wizard.

Thank you

andrew.prince · ‎04-04-2011

post the output of "show ip route" and "show arp" when you telnet into the router.

nicolas.guyot · ‎04-04-2011

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

193.253.231.0/32 is subnetted, 1 subnets
C       193.253.231.158 is directly connected, Dialer1
193.253.160.0/32 is subnetted, 1 subnets
C       193.253.160.3 is directly connected, Dialer1
C    192.168.1.0/24 is directly connected, Vlan1
S*   0.0.0.0/0 is directly connected, Dialer1

And

Protocol Address          Age (min) Hardware Addr   Type   Interf
Internet 192.168.1.1           149   0016.46b6.4241 ARPA   Vlan1
Internet 192.168.1.3             0   0015.5d01.fa00 ARPA   Vlan1
Internet 192.168.1.4            44   0014.c2c4.8d4c ARPA   Vlan1
Internet 192.168.1.10          236   00e0.d80d.d125 ARPA   Vlan1
Internet 192.168.1.11            0   001f.297f.c1c4 ARPA   Vlan1
Internet 192.168.1.13            0   f4ce.4605.4512 ARPA   Vlan1
Internet 192.168.1.15            9   0015.5d01.fa02 ARPA   Vlan1
Internet 192.168.1.17            0   f4ce.4604.d15d ARPA   Vlan1
Internet 192.168.1.18           12   0015.5d01.fa03 ARPA   Vlan1
Internet 192.168.1.19            1   68b5.99f6.bfe3 ARPA   Vlan1
Internet 192.168.1.20            1   0011.85f1.2dbb ARPA   Vlan1
Internet 192.168.1.21            0   0015.5d01.fa04 ARPA   Vlan1
Internet 192.168.1.22          185   0c60.7662.3e19 ARPA   Vlan1
Internet 192.168.1.23            0   001c.f0f9.5606 ARPA   Vlan1
Internet 192.168.1.25          178   0023.7dc6.1912 ARPA   Vlan1
Internet 192.168.1.28            0   6431.5006.576d ARPA   Vlan1
Internet 192.168.1.29            0   e02a.821d.93e2 ARPA   Vlan1
Internet 192.168.1.30            9   00c0.ee1e.adf1 ARPA   Vlan1
Internet 192.168.1.31          177   001e.2ae1.20c2 ARPA   Vlan1
Internet 192.168.1.33            0   6c62.6d91.7084 ARPA   Vlan1
Internet 192.168.1.38          155   001e.2ae1.22be ARPA   Vlan1
Internet 192.168.1.39            2   000f.fe19.ec8f ARPA   Vlan1
Internet 192.168.1.40           54   000f.fe1a.cee2 ARPA   Vlan1
Internet 192.168.1.43           11   00c0.ee1e.8a8c ARPA   Vlan1
Internet 192.168.1.44            1   001a.4b5a.ce30 ARPA   Vlan1
Internet 192.168.1.45           14   0019.db75.0cc3 ARPA   Vlan1
Internet 192.168.1.46           55   0019.db75.0cb4 ARPA   Vlan1
Internet 192.168.1.48          193   0015.5d01.fa00 ARPA   Vlan1
Internet 192.168.1.51            0   000f.fe18.cd3f ARPA   Vlan1
Internet 192.168.1.54          256   6c62.6d91.7016 ARPA   Vlan1
Internet 192.168.1.57          107   0023.8b3c.da3b ARPA   Vlan1
Internet 192.168.1.58            5   0019.db76.1f74 ARPA   Vlan1
Internet 192.168.1.59            1   0023.7dc6.190a ARPA   Vlan1
Internet 192.168.1.60            6   0023.7dc6.1918 ARPA   Vlan1
Internet 192.168.1.61            3   0023.7dc6.30e0 ARPA   Vlan1
Internet 192.168.1.62            0   6c62.6d91.7016 ARPA   Vlan1
Internet 192.168.1.64          122   001c.c4f4.ff65 ARPA   Vlan1
Internet 192.168.1.65            6   001e.0b3d.fe15 ARPA   Vlan1
Internet 192.168.1.67           80   000f.fe18.ccb1 ARPA   Vlan1
Internet 192.168.1.68           16   001e.0b3e.7d0f ARPA   Vlan1
Internet 192.168.1.69          114   000f.fe14.e7ac ARPA   Vlan1
Internet 192.168.1.72            5   000f.fe18.a93f ARPA   Vlan1
Internet 192.168.1.205           9   0000.aaa2.280f ARPA   Vlan1
Internet 192.168.1.250           0   0026.551e.34e5 ARPA   Vlan1
Internet 192.168.1.253           1   001a.4b4f.2213 ARPA   Vlan1
Internet 192.168.1.254           -   8cb6.4fbb.eeb4 ARPA   Vlan1

Thank you very much

andrew.prince · ‎04-04-2011

OK - your issue is right there:-

S* 0.0.0.0/0 is directly connected, Dialer1

I am to assume that you are getting your IP address from your provider via either DHCP - so you will never really know what your next hop default gateway is going to be.

What you are seeing is normal for your setup.

HTH>

Richard Burts · ‎04-04-2011

If the default route points to the dialer interface then the suggestion that the problem might relate to ARP for every destination is not the problem because there is no ARP on the dialer interface.

But I do wonder if a different form of the static default route might work better. I wonder what the result might be if the original poster would remove ip route 0.0.0.0 0.0.0.0 dialer1 and replace it with ip route 0.0.0.0 0.0.0.0 dhcp

HTH

Rick

HTH

Rick

nicolas.guyot · ‎04-04-2011

Thank you Rick, Can you tell me the command to do this ?

Richard Burts · ‎04-04-2011

Nicolas

It is a straightforward change. It would look something like this:

get into enable mode

configur term

ip route 0.0.0.0 0.0.0.0 dhcp

no ip route 0.0.0.0 0.0.0.0 dialer1

end

that would return you to privilege mode command prompt. Then do some testing to verify that you still have connectivity to the Internet. If it is working, especially if it is working better than before then save the changes using the command copy running startup

It that does not work you can return to the original by dong this

configur term

ip route 0.0.0.0 0.0.0.0 dialer1

no ip route 0.0.0.0 0.0.0.0 dhcp

end

Or worst case, if it is not working you can power cycle the router to return to the original setup.

HTH

Rick

HTH

Rick

nicolas.guyot · ‎04-04-2011

Hello Rick

no luck, it does not work

here is my config

cisco#show config
Using 7156 out of 131072 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname cisco
!
boot-start-marker
boot-end-marker
!
logging buffered 10000
no logging console
enable secret 5 $1$W0RC$XXXX/
!
no aaa new-model
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-3032259736
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3032259736
revocation-check none
rsakeypair TP-self-signed-3032259736
!
!
crypto pki certificate chain TP-self-signed-3032259736
certificate self-signed 01 nvram:IOS-Self-Sig#8.cer
dot11 syslog
no ip source-route
ip dhcp excluded-address 10.10.10.1
!
!
ip cef
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT101 cuseeme
ip inspect name DEFAULT101 ftp
ip inspect name DEFAULT101 h323
ip inspect name DEFAULT101 icmp
ip inspect name DEFAULT101 rcmd
ip inspect name DEFAULT101 realaudio
ip inspect name DEFAULT101 rtsp
ip inspect name DEFAULT101 esmtp
ip inspect name DEFAULT101 sqlnet
ip inspect name DEFAULT101 streamworks
ip inspect name DEFAULT101 tftp
ip inspect name DEFAULT101 tcp
ip inspect name DEFAULT101 udp
ip inspect name DEFAULT101 vdolive
no ip bootp server
ip domain name XXX.local
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
!
!
username admin privilege 15 secret 5 $1$Fx33$/XXX/
!
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$
no ip redirects
no ip unreachables
no ip proxy-arp
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
ip address 192.168.1.254 255.255.255.0
ip access-group 103 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1412
!
interface Dialer0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no cdp enable
!
interface Dialer1
description $FW_OUTSIDE$
ip address negotiated
ip access-group 104 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip inspect DEFAULT101 out
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname fti/xxxx@fti
ppp chap password 7 xxx
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static tcp 192.168.1.3 25 interface Dialer1 25
ip nat inside source static tcp 192.168.1.3 80 interface Dialer1 80
ip nat inside source static tcp 192.168.1.3 443 interface Dialer1 443
ip nat inside source static tcp 192.168.1.3 987 interface Dialer1 987
ip nat inside source static tcp 192.168.1.250 3389 interface Dialer1 3389
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuratio
n
access-list 100 remark CCP_ACL Category=1
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuratio
n
access-list 101 remark CCP_ACL Category=1
access-list 101 permit udp host 8.8.4.4 eq domain any
access-list 101 permit udp host 8.8.8.8 eq domain any
access-list 101 deny   ip 192.168.1.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any
access-list 102 remark CCP_ACL Category=2
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 103 remark auto generated by Cisco SDM Express firewall configuratio
n
access-list 103 remark CCP_ACL Category=1
access-list 103 deny   ip host 255.255.255.255 any
access-list 103 deny   ip 127.0.0.0 0.255.255.255 any
access-list 103 permit ip any any
access-list 104 remark auto generated by Cisco SDM Express firewall configuratio
n
access-list 104 remark CCP_ACL Category=1
access-list 104 permit tcp any any eq 3389
access-list 104 permit tcp any any eq 987
access-list 104 permit tcp any any eq 443
access-list 104 permit tcp any any eq www
access-list 104 permit tcp any any eq smtp
access-list 104 deny   ip 192.168.1.0 0.0.0.255 any
access-list 104 permit icmp any any echo-reply
access-list 104 permit icmp any any time-exceeded
access-list 104 permit icmp any any unreachable
access-list 104 deny   ip 10.0.0.0 0.255.255.255 any
access-list 104 deny   ip 172.16.0.0 0.15.255.255 any
access-list 104 deny   ip 192.168.0.0 0.0.255.255 any
access-list 104 deny   ip 127.0.0.0 0.255.255.255 any
access-list 104 deny   ip host 255.255.255.255 any
access-list 104 deny   ip host 0.0.0.0 any
access-list 104 deny   ip any any
dialer-list 1 protocol ip permit
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username privilege 15 secret 0

Replace and with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

Hope you can help me

andrew.prince · ‎04-05-2011

use:-

no ip route 0.0.0.0 0.0.0.0 Dialer1
no ip route 0.0.0.0 0.0.0.0 dhcp

interface dialer1

ppp ipcp route default

See if that works for you - REMEMEBR if it does not work, revert back to the config before you changed it.

HTH>

nicolas.guyot · ‎04-06-2011

Thank you Andrew, but it doesn't work...

I have tried to use DHCP instead of Ip Negociated but it doesnt connect.

andrew.prince · ‎04-06-2011

I think you need to talk to your provider - to see how there end is configured.

HTH>