Solved: IP NAT Issue in Cisco 861 router configuration

Arshi Jamal · ‎03-21-2013

Dear Community,

I a tryiing to configure Cisco 861 router for simple internet access using my broadband connection. despite of all my efforts, I am not able to browse any site from my directly connected PC having IP address 192.168.1.254/24. but I can ping all internet destinations from router prompt. I believe, I am having problem in NAT becuase I do not see any stats or translations. I have attached the output of running configuration, sh version, sh ip nat stat, sh ip nat trans and sh ip route. I will appriciate the support extended to me for this issue.

Thakns in advance

Arshi Jamal

shillings · ‎03-21-2013

Try this instead:

no access-list 1

access-list 1 permit 192.168.1.0 0.0.0.255

View solution in original post

Jose Bogantes · ‎03-21-2013

Hi Arshi,

Add the previous access-list as Shillings suggested but do not forget the "ip nat outside" command under the dialer interface if you are using it to negotiate the public IP address.Then, remove the"ip nat outside" command that you configured under FastEthernet4.

Regards.

View solution in original post

valerio.amici · ‎03-21-2013

conf t

no access-list 1

access-list 1 permit 192.168.1.0 0.0.0.255

end

View solution in original post

shillings · ‎03-21-2013

Try this instead:

no access-list 1

access-list 1 permit 192.168.1.0 0.0.0.255

Jose Bogantes · ‎03-21-2013

Hi Arshi,

Add the previous access-list as Shillings suggested but do not forget the "ip nat outside" command under the dialer interface if you are using it to negotiate the public IP address.Then, remove the"ip nat outside" command that you configured under FastEthernet4.

Regards.

Arshi Jamal · ‎03-21-2013

Dear Jose,

I a mreally grateful to you and other folks for helping me on this issue which I have overlooked. Now, by making your suggested changes, I am able to ping, tracert and nslookup any internet destination. I am also able to brows secure sites like https://www.google.combut normal URLs like http://www.google.com is not working. I have tried to debug IP TCP Paket Port 80 but it is not showing any results.

Will appriciate your help in this regard as well

BR

Arshi

shillings · ‎03-22-2013

normal URLs like http://www.google.com is not working.

I can't see anything in your router config that would cause that. Have you checked your client firewall and AV settings? If they both look fine, then perhaps check if you get the same problem using a different client machine.

Arshi Jamal · ‎03-23-2013

Dear Shillings,

I am using same Laptop to access Internet through anothr DSL connection. Also if I replace Cisco 861 router with Linksys Broadband router, everything gets normal, which means the issue is with Cisco861.

If you can think of any issue at servise provider end??

Best Regards,

Arshi

valerio.amici · ‎03-22-2013

Just a try: on all interfaces you use in nat, issue no ip nat enable.

I don't think that the command ip nat inside/outside can coexist with ip nat enable...

However if you can ping,nslookup,http from the host to the server NAT seems to work.

When you type https:// issue a show ip nat translation and post it here.

valerio.amici · ‎03-21-2013

conf t

no access-list 1

access-list 1 permit 192.168.1.0 0.0.0.255

end

Jose Bogantes · ‎03-21-2013

Hi Gents,

The MTU value configured under the interface dialer is just fine.

"As specified in RFC 2516, the maximum receive unit (MRU) option must not negotiate to a size larger than 1492. Ethernet has a maximum payload size of 1500 octets. The PPPoE header is 6 octets and the PPP protocol ID is 2 octets, so the PPP maximum transmission unit (MTU) must not be greater than 1492. This is achieved with the configuration of IP MTU 1492 for PPPoE virtual-template interfaces".

http://www.cisco.com/en/US/tech/tk175/tk15/technologies_white_paper09186a0080093e55.shtml