06-06-2012 08:02 AM - edited 03-04-2019 04:35 PM
hi
i am not sure if this question has been raised before. My company recently bought a Cisco 1941 router and we have been using a Lynksis router connecting to our ISP using WiMax all along. I have configured the new cisco1941 to the best of my knowledge but something strange is happening on my network. I can open www.gmail.com from any machine but i cant open anything else even www.google.com . What could be causign that ?
My config is as follows :
Current configuration : 4478 bytes
!
!
No configuration change since last restart
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router1941
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 xxxxxxxxxxxxxxx
!
no aaa new-model
!
!
no ipv6 cef
ip source-route
ip cef
!
ip domain round-robin
ip name-server <ISP's dns1>
ip name-server <ISP's dns2>
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3768018030
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3768018030
revocation-check none
rsakeypair TP-self-signed-3768018030
!
!
crypto pki certificate chain TP-self-signed-3768018030
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33373638 30313830 3330301E 170D3132 30353138 32303137
32345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 37363830
31383033 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B657 A902DF30 5C9DE761 352003AB 1CAD376C 069F1654 5D03E204 D1EDB223
A631A3B5 97F706F6 8BF7A06F E53024B2 938362A8 510BE95B F8E568FC 0733B319
97A4F344 FD12C61C 28C05571 869CF359 C21C0731 15D78CC4 74B930D2 90C68D3D
B3B34644 4DC556B3 4EA54676 A4D28550 0647AD19 98C1CEFD 58F4ACE1 DFF15261
5C690203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 1426C098 0E3DFE55 655B3B39 6D5F3D74 6041572E DD301D06
03551D0E 04160414 26C0980E 3DFE5565 5B3B396D 5F3D7460 41572EDD 300D0609
2A864886 F70D0101 05050003 8181003B 8EB1D149 C634E865 C335F7D1 AE598437
4F3A5CEA A7166543 EE86A1D0 53169D26 5BA01CE4 31C03255 6145AC19 FDC24FA1
6662B9A2 C4ED5350 0C23D532 1606EBAA 1D2E23E1 23D972AD CD714BDE FDC59A0A
02D8502F A7AE501A 34F65FC5 C5BDA072 F31C5B2E 9F43422E 78E7CDD1 5DF92721
6FED7C41 D1C3B394 A10BDAC6 4E3E16
quit
license udi pid CISCO1941/K9 sn FCZ1610C5L5
license boot module c1900 technology-package securityk9
license boot module c1900 technology-package datak9
!
!
username zzzzz privilege 15 secret 5 xxxxxxxxxxxxxxx
!
redundancy
!
!
interface Tunnel0
description Tunnel to remotesite
ip address 10.0.0.1 255.255.255.252
ip flow ingress
keepalive 10 3
tunnel source <my publicIP>
tunnel mode ipip
tunnel destination <remote publicIP>
!
interface Embedded-Service-Engine0/0
no ip address
ip flow ingress
shutdown
!
interface GigabitEthernet0/0
description wimax wan$ETH-WAN$
no ip address
ip access-group wan_acl in
ip flow ingress
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/1
description main lan$ETH-LAN$
ip address 192.167.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
ip flow ingress
shutdown
clock rate 2000000
!
interface Dialer0
description wimax dialer
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp chap hostname yyyyyy
ppp chap password 7 xxxxxxxxxxxxx
ppp pap sent-username yyyyyy password 7 xxxxxxxxxxxx
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 192.168.20.1
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.167.2.0 255.255.255.0 Tunnel0
!
ip access-list extended wan_acl
permit tcp any host 192.167.1.254 eq telnet
!
no logging trap
access-list 1 permit 192.167.1.0 0.0.0.255
dialer-list 1 protocol ip permit
!
control-plane
!
!
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end
From any of my LAN pc's i can ping any websites, traceroute and nslookups works but as soon as i try using my browser then it fails.
My LAN network is 192.167.1.x/24
My ISP's default gateway is 192.168.20.1
GigabitEthernet0/1 is the interface facing my LAN
Dialer0 is an alias to GigabitEthernet0/0 which is my external interface
I am using pppoe to connect to the internet
Where am i getting it wrong ?
Solved! Go to Solution.
06-12-2012 12:26 PM
Hi Nomore,
Please apply this on your interface "interface GigabitEthernet0/1"
interface GigabitEthernet0/1
ip tcp adjust-mss 1452
You must apply this line "ip tcp adjust-mss 1452" on every interface which facing inside to your internal network, i.e. on this router.
Let me know, if this helps.
thanks
Rizwan Rafeek
Message was edited by: Rizwan Mohamed
06-06-2012 08:42 AM
Hi Nomore,
Please remove this acl from GigabitEthernet0/0, your actual outside interface is "Dialer0", if you choose to put an acl on Dialer0 then you must enable CBAC or ZoneBase Firewall on your router.
interface GigabitEthernet0/0
description wimax wan$ETH-WAN$
no ip address
ip access-group wan_acl in
Let me know, if this helps.
thanks
06-08-2012 12:18 PM
hi rizwanr74
That access list wan_acl, was there to permit telnet login from any ip address. I removed it though but nothing changed, i am getting the same result.
06-06-2012 11:00 AM
Hi,
Remove the first static route pointing to the ISP gateway IP and let us know.
Don't forget to rate helpful posts.
Regards.
Alain.
06-08-2012 12:21 PM
hi Cadet alain
i removed the first static route as per your suggestion but it did not work, i am still getting the same result.
06-08-2012 12:39 PM
I would check a few things. First, determine if it's DNS, or a DNS firewall thats causing issue. Try to reach a site by IP.
(98.139.183.24) is one of Yahoos IP's.
Second, run a traceroute from the router's command line (IP not DNS) to see if you can reach a destination.
Third, run a trace to that same destination (again by IP) from a pc on your LAN.
( tracert -d 98.139.183.24 ) from a Windows machine.
This will help you identify if the point of failure is:
1) a connectivity issue, 2) a DNS issue or 3) a routing or NAT issue.
06-12-2012 11:10 AM
hi Michael O'Brien
i have tried accessing www.yahoo.com, www.google.com, www.cellc.co.za, using the IPADDR and the actual website names but i kept on getting the same result. I went on to run traceroute on my router and on the PC connected on the LAN and the results are as below
traceroute from Router
traceroute www.google.com
Translating "www.google.com"...domain server (196.47.64.4) [OK]
Type escape sequence to abort.
Tracing the route to www.l.google.com (173.194.35.147)
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.20.1 28 msec 52 msec 36 msec
2 196-47-68-233.mweb.com.na (196.47.68.233) 32 msec 36 msec 60 msec
3 196-47-68-229.mweb.com.na (196.47.68.229) 36 msec 36 msec 40 msec
4 10.47.64.66 32 msec 32 msec 56 msec
5 ADSL-41-205-133-9.ipb.na (41.205.133.9) 36 msec 44 msec 44 msec
6 KHP-BOR06-WGG-AR01 (41.205.133.238) 56 msec 44 msec 68 msec
7 po7-0-0.ccr01.lon09.atlas.cogentco.com (149.6.98.61) 240 msec 216 msec 232 msec
8 te0-3-0-3.ccr21.lon01.atlas.cogentco.com (154.54.36.165) [MPLS: Label 17132 Exp 3] 220 msec 216 msec
te0-3-0-4.ccr22.lon01.atlas.cogentco.com (154.54.36.169) [MPLS: Label 17034 Exp 3] 220 msec
9 te4-2.ccr01.lon18.atlas.cogentco.com (154.54.62.58) 240 msec
te2-2.ccr01.lon18.atlas.cogentco.com (154.54.61.218) 216 msec
te1-4.ccr01.lon18.atlas.cogentco.com (154.54.62.54) 228 msec
10 149.6.146.30 240 msec 228 msec 224 msec
11 209.85.255.86 236 msec 224 msec 248 msec
12 209.85.253.92 [MPLS: Label 718153 Exp 4] 220 msec 220 msec
209.85.253.94 [MPLS: Label 654826 Exp 4] 232 msec
13 209.85.243.33 [MPLS: Label 360058 Exp 4] 232 msec 240 msec 280 msec
14 209.85.241.229 [MPLS: Label 311671 Exp 4] 236 msec 236 msec 240 msec
15 216.239.48.116 256 msec 256 msec 240 msec
16 209.85.250.35 232 msec 252 msec 232 msec
17 muc03s01-in-f19.1e100.net (173.194.35.147) 260 msec 240 msec 236 msec
***********************************************************************************************************************************
router1941#traceroute 173.194.35.147
Type escape sequence to abort.
Tracing the route to muc03s01-in-f19.1e100.net (173.194.35.147)
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.20.1 48 msec 36 msec 44 msec
2 196-47-68-233.mweb.com.na (196.47.68.233) 48 msec 44 msec 44 msec
3 196-47-68-229.mweb.com.na (196.47.68.229) 44 msec 48 msec 32 msec
4 10.47.64.66 52 msec 36 msec 40 msec
5 ADSL-41-205-133-9.ipb.na (41.205.133.9) 44 msec 52 msec 48 msec
6 KHP-BOR06-WGG-AR01 (41.205.133.238) 52 msec 48 msec 64 msec
7 po7-0-0.ccr01.lon09.atlas.cogentco.com (149.6.98.61) 228 msec 216 msec 216 msec
8 te0-3-0-4.ccr22.lon01.atlas.cogentco.com (154.54.36.169) [MPLS: Label 17034 Exp 3] 232 msec
te0-3-0-3.ccr21.lon01.atlas.cogentco.com (154.54.36.165) [MPLS: Label 17132 Exp 3] 232 msec
te0-3-0-4.ccr22.lon01.atlas.cogentco.com (154.54.36.169) [MPLS: Label 17034 Exp 3] 244 msec
9 te1-2.ccr01.lon18.atlas.cogentco.com (154.54.61.150) 224 msec
te1-4.ccr01.lon18.atlas.cogentco.com (154.54.62.54) 224 msec
te2-1.ccr01.lon18.atlas.cogentco.com (154.54.61.214) 228 msec
10 149.6.146.30 232 msec 272 msec 244 msec
11 209.85.255.84 264 msec
209.85.255.86 220 msec
209.85.255.84 240 msec
12 209.85.253.92 [MPLS: Label 718153 Exp 4] 228 msec 224 msec
209.85.253.94 [MPLS: Label 654826 Exp 4] 232 msec
13 209.85.243.33 [MPLS: Label 773178 Exp 4] 240 msec 256 msec 228 msec
14 209.85.241.229 [MPLS: Label 311671 Exp 4] 236 msec 236 msec 224 msec
15 216.239.48.116 236 msec 260 msec 252 msec
16 209.85.250.35 232 msec 236 msec 244 msec
17 muc03s01-in-f19.1e100.net (173.194.35.147) 240 msec 244 msec 240 msec
###########################################################################################################################
traceroute using a PC connected to the router
traceroute to 173.194.70.17 (173.194.70.17), 30 hops max, 60 byte packets
1 192.167.1.254 (192.167.1.254) 1.495 ms 1.530 ms 1.608 ms
2 192.168.20.1 (192.168.20.1) 41.820 ms 62.033 ms 62.040 ms
3 196-47-68-233.mweb.com.na (196.47.68.233) 66.233 ms 66.336 ms 66.342 ms
4 196-47-68-229.mweb.com.na (196.47.68.229) 62.084 ms 62.152 ms 62.248 ms
5 10.47.64.66 (10.47.64.66) 62.257 ms 62.359 ms 62.366 ms
6 ADSL-41-205-133-9.ipb.na (41.205.133.9) 66.410 ms 41.402 ms 44.821 ms
7 KHP-BOR06-WGG-AR01 (41.205.133.238) 70.956 ms 70.958 ms 75.443 ms
8 po7-0-0.ccr01.lon09.atlas.cogentco.com (149.6.98.61) 325.073 ms 325.076 ms 325.108 ms
9 te0-3-0-3.ccr21.lon01.atlas.cogentco.com (154.54.36.165) 239.927 ms 246.127 ms te0-3-0-4.ccr22.lon01.atlas.cogentco.com (154.54.36.169) 246.130 ms
10 te2-2.ccr01.lon18.atlas.cogentco.com (154.54.61.218) 246.099 ms te1-1.ccr01.lon18.atlas.cogentco.com (130.117.51.162) 246.096 ms te4-2.ccr01.lon18.atlas.cogentco.com (154.54.62.58) 246.107 ms
11 149.6.146.30 (149.6.146.30) 246.145 ms 246.185 ms 246.191 ms
12 209.85.255.86 (209.85.255.86) 239.821 ms 245.064 ms 209.85.255.84 (209.85.255.84) 254.940 ms
13 209.85.253.196 (209.85.253.196) 254.919 ms 209.85.253.90 (209.85.253.90) 220.039 ms 209.85.253.196 (209.85.253.196) 243.968 ms
14 209.85.243.33 (209.85.243.33) 263.709 ms 263.724 ms 269.207 ms
15 209.85.241.229 (209.85.241.229) 254.130 ms 278.639 ms 209.85.241.227 (209.85.241.227) 248.399 ms
16 209.85.254.114 (209.85.254.114) 248.335 ms 209.85.254.112 (209.85.254.112) 240.238 ms 209.85.254.114 (209.85.254.114) 249.610 ms
17 * * *
18 fa-in-f17.1e100.net (173.194.70.17) 257.153 ms 257.148 ms 223.458 ms
*******************************************************************************************
traceroute to www.gmail.com (173.194.70.17), 30 hops max, 60 byte packets
1 192.167.1.254 (192.167.1.254) 1.370 ms 1.337 ms 1.335 ms
2 192.168.20.1 (192.168.20.1) 53.654 ms 58.994 ms 64.225 ms
3 196-47-68-233.mweb.com.na (196.47.68.233) 68.669 ms 68.670 ms 68.708 ms
4 196-47-68-229.mweb.com.na (196.47.68.229) 64.160 ms 64.198 ms 64.278 ms
5 10.47.64.66 (10.47.64.66) 64.272 ms 64.323 ms 64.404 ms
6 ADSL-41-205-133-9.ipb.na (41.205.133.9) 68.619 ms 33.168 ms 53.258 ms
7 KHP-BOR06-WGG-AR01 (41.205.133.238) 68.403 ms 64.144 ms 64.149 ms
8 po7-0-0.ccr01.lon09.atlas.cogentco.com (149.6.98.61) 239.488 ms 254.845 ms 254.881 ms
9 te0-3-0-3.ccr21.lon01.atlas.cogentco.com (154.54.36.165) 255.143 ms te0-3-0-4.ccr22.lon01.atlas.cogentco.com (154.54.36.169) 259.501 ms te0-3-0-3.ccr21.lon01.atlas.cogentco.com (154.54.36.165) 255.135 ms
10 te3-1.ccr01.lon18.atlas.cogentco.com (154.54.62.50) 259.507 ms te2-1.ccr01.lon18.atlas.cogentco.com (154.54.61.214) 259.527 ms te1-1.ccr01.lon18.atlas.cogentco.com (130.117.51.162) 259.582 ms
11 149.6.146.30 (149.6.146.30) 259.638 ms 259.696 ms 279.753 ms
12 209.85.255.86 (209.85.255.86) 309.783 ms 209.85.255.84 (209.85.255.84) 339.765 ms 209.85.255.86 (209.85.255.86) 249.782 ms
13 209.85.253.92 (209.85.253.92) 245.446 ms 209.85.253.196 (209.85.253.196) 235.289 ms 209.85.253.94 (209.85.253.94) 236.912 ms
14 209.85.243.33 (209.85.243.33) 251.743 ms 272.414 ms 209.85.240.28 (209.85.240.28) 272.413 ms
15 209.85.241.229 (209.85.241.229) 262.185 ms 262.368 ms 262.369 ms
16 209.85.254.114 (209.85.254.114) 262.146 ms 209.85.254.112 (209.85.254.112) 262.360 ms 262.403 ms
17 * * *
18 fa-in-f17.1e100.net (173.194.70.17) 248.801 ms 248.843 ms 248.886 ms
06-12-2012 12:26 PM
Hi Nomore,
Please apply this on your interface "interface GigabitEthernet0/1"
interface GigabitEthernet0/1
ip tcp adjust-mss 1452
You must apply this line "ip tcp adjust-mss 1452" on every interface which facing inside to your internal network, i.e. on this router.
Let me know, if this helps.
thanks
Rizwan Rafeek
Message was edited by: Rizwan Mohamed
06-13-2012 01:11 AM
Hi rizwanr74
My brother, you are a star, i dont know how to thank you. Its noow working, i am currently connected using my 1941 router on a PC connected directly to it. I am just left on testing with all my LAN PC's to which i believe will work with your solution.
Once again thanks very much
06-13-2012 07:09 AM
"i dont know how to thank you."
Since you put it this way, my humble request would be that you read a copy of the Quran, translated by Yusuf Ali.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide