Solved: i can't get connected to internet on my pc, but my router can

mohammedshlibek1 · ‎01-28-2015

Dear All

Today i have installed a new 1921 Cisco Router, i want to connect my isp modem to one of the gigabit port at the router, and then my pc to the other gigabit port.

i have configured my pc ip statically to be in the same range of the gigabit port 0/1

the isp modem port is in the same range of the gigabit port 0/0

the network is like this

PC (192.168.1.5) ==> router port 0/1 (192.168.1.1)

isp modem (192.168.100.1) ==> router port 0/0 (192.168.100.4)

i have configured the NAT, so my pc now is natted to forward the traffic to port 0/0

after all this, now i can ping the isp modem, and i can even enter the GUI page of the ISP modem, but i dont have internet connection.

from the router, i can ping both far interfaces, and i can even ping google.com or 8.8.8.8 so my router is connected to internet.

i tried to pull out the cable from the router and plugged it directly to the modem and after modifying the ip of the PC, i am able to connect to internet.

maybe i am missing something here, please help me.

the Show IP interface breaf is:

SJ_Router#sh ip in br
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 192.168.100.4 YES NVRAM up up
GigabitEthernet0/1 192.168.1.1 YES NVRAM up up
NVI0 192.168.100.4 YES unset up up

this is the sh run-conf print out

!

hostname SJ_Router

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

no aaa new-model

!

ip cef

!

ip dhcp excluded-address 192.168.1.1 192.168.1.10

!

ip dhcp pool "SJM_DHCP_Pool"

!

ip dhcp pool SJM_DHCP_Pool

network 192.168.1.0 255.255.255.0

default-router 192.168.100.1

dns-server 8.8.8.8

!

ip domain name yourdomain.com

no ipv6 cef

multilink bundle-name authenticated

icense udi pid CISCO1921/K9 sn FGL183123E4

!

username SJ_Router privilege 15 secret 5 $1$wqbn$w6fdF34HevDaa8OI0gjYm.

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$

ip address 192.168.100.4 255.255.255.0

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

ip forward-protocol nd

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source list 1 interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 192.168.100.1

!

access-list 1 permit 192.168.1.0 0.0.0.255

Can you please help me with this.

Aztec_ · ‎01-29-2015

Hi Mohammed,

i think you need to reconfigure the default-gateway on you DHCP pool.

It supposed to be 192.168.1.1.

then retry pinging to google.

If it still failed, you neeed to verify your ip had been translated.

"#show ip nat translation"

View solution in original post

LJ Gabrillo · ‎01-29-2015

Again, your issue is with your name resolution, something is blocking it
try this in your PC CMD prompt

>nslookup google.com 8.8.8.8

>nslookup google.com 4.2.2.2

that syntax means, look for google.com using DNS server 8.8.8.8 vice versa.

If it displays an error and cannot give you an IP, something in your network or PC itself is blocking name resolution,

also, try using another PC/Laptop.

View solution in original post

LJ Gabrillo · ‎01-28-2015

Your configuration is okay.

Can you do a traceroute on your PC? let's check where the packets stop
also, an "ipconfig /all" to verify if it got an IP address

do this one
ipconfig /all -Verify
ping 8.8.8.8 -Ping Public DNS directly

tracert -d 8.8.8.8

LJ Gabrillo · ‎01-28-2015

Also, i have heard people say that standard ACLs have issues with NAT/PAT in certain ios versions
In my own practice, I always use extended/named extended ACLs
How about you try that

#ip access-list extended NAT
#permit ip 192.168.1.0 0.0.0.255 any

#ip nat inside source list NAT interface g0/0 overload

STILL, standard ACLs or any type of ACL should work for NAT/PAT. If it is a configuration issue, why not try the above config for isolation :D

mohammedshlibek1 · ‎01-29-2015

I have removed the old standard NAT and configured the new extended one.

but i still face the same situation here, i can ping the 8.8.8.8 i can see system tray that i am connected to internet, my router can ping google.com but my PC can't ping or browse internet.

LJ Gabrillo · ‎01-29-2015

Hey there, your NAT/PAT configuration is actually working, considering you can ping 8.8.8.8 a public address and NAT translations in your router, you are actually done.

You might have a problem with your DNS, something is blocking DNS name resolution. considering you can ping from your PC to internet, we can see that everything is working fine.

Point is, there is something blocking name resolution. You need to find that, router config side, everything is now fine.

mohammedshlibek1 · ‎01-29-2015

Hi again

now i can ping the IPs of the websites but i cant ping the domain names of the websites.

i.e. i can ping 173.194.66.139, and even if i enter this IP in the browser it directs me to google.com

but i can not ping google.com or try to enter google.com from my browser

LJ Gabrillo · ‎01-29-2015

Again, your issue is with your name resolution, something is blocking it
try this in your PC CMD prompt

>nslookup google.com 8.8.8.8

>nslookup google.com 4.2.2.2

that syntax means, look for google.com using DNS server 8.8.8.8 vice versa.

If it displays an error and cannot give you an IP, something in your network or PC itself is blocking name resolution,

also, try using another PC/Laptop.

mohammedshlibek1 · ‎01-29-2015

Hi Isgabrillo

I tried >nslookup google.com 8.8.8.8 and it didnt give me anything

but when i tried >nslookup google.com 4.2.2.2, it replied back

so i changed the DNS server to 4.2.2.2 and yeah it works just fine.

thank you for the great great support, i would give you a big hug for this.

thanks again for the help

LJ Gabrillo · ‎01-29-2015

Cool!, Glad i can help, bro hug to you as well

Anyway, I would highly recommend configuring multiple DNS servers, just in case any of those public dns servers fail, such as 8.8.8.8

#ip dhcp pool TEST
  #network 192.168.1.0 255.255.255.0
  #default-router 192.168.1.1
  #dns-server 4.2.2.2 4.2.2.1 8.8.8.8 8.8.4.4 -Maximum of 6

:D

mohammedshlibek1 · ‎01-29-2015

yes i will, i learned a lot from you bro.

thanks for all your great support

avang2004 · ‎01-29-2015

I would try to get rid of the double NAT. You could experience problems down the road with other applications. You should be able to bridge your DSL modem so the public IP gets passed down to your router. You may have to call your ISP or you can google your make and model for the password.

mohammedshlibek1 · ‎01-30-2015

Hi avang

thanks for your cooperation, by the way i thought about the same idea, i tried to look for commands that will bridge my interface with modem interface, there is this "IP helper-address" command, but it didnt work right, i tried to make my port transparent but the same result.

if you have a clear idea about something like this, that would be great

avang2004 · ‎01-30-2015

the bridge occurs on the DSL modem. What's the make and model of the DSL modem? Most of the time you can web into the DSL modem http://192.168.100.1 or https://192.168.100.1 and make the changes. If you can't you might have to call your local ISP to have them assist you. You will probably need to change your Outside interface Gi0/0 to DHCP after you successfully bridge your DSL modem

interface GigabitEthernet0/0
ip address dhcp

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp

avang2004 · ‎01-30-2015

Can you run this command and post the output

#show ip virtual-reassembly

mohammedshlibek1 · ‎01-30-2015

Hi Avang

thanks for your reply, the GUI interface doesnt provide anything useful, it only shows some statistics and KPIs, so i talked with the ISP support, they told me that they can't help me with this.

so i think i am gonna have to forget such a thing.

any way i am really thanksful for your cooperation, cheers mate.

BR