Router 1760 ping problem

patrickallaire · ‎03-30-2005

Hello

I'm trying to configure a 1760 VPN-K9. The fastethernet port receive an IP from the cable modem from my ISP. The problem is that I cannot ping any thing on the internet except the ISP Gateway. Can you help me please.

Thank you

cool.cisco · ‎03-30-2005

Are you able to serf the internet????

If yes and still you are not able to ping any site..most probably icmp is blocked from the isp end.

Do post your configuration to understand well...

Good Luck

patrickallaire · ‎03-30-2005

No I can't go on the internet. There is my configuration.

version 12.3

service config

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname ****

!

boot-start-marker

boot-end-marker

!

logging buffered 52000 debugging

enable secret ***

enable password *****

!

clock timezone PCTime -5

clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

!

ip cef

ip ips po max-events 100

ip dhcp-server 24.200.242.21

ip dhcp-server 10.0.0.1

no ftp-server write-enable

!!

!

interface FastEthernet0/0

description $ETH-WAN$

ip address dhcp client-id FastEthernet0/0

ip mask-reply

ip directed-broadcast

ip virtual-reassembly

speed auto

full-duplex

vlan-id dot1q 1

exit-vlan-config

!

interface FastEthernet0/1

switchport access vlan 2

no ip address

vlan-id dot1q 1

pppoe enable

exit-vlan-config

!

no cdp enable

!

interface FastEthernet0/2

no ip address

no cdp enable

interface Vlan1

ip address 10.0.0.5 255.0.0.0

!

interface Vlan2

no ip address

ip mask-reply

ip directed-broadcast

ip nat inside

ip virtual-reassembly

shutdown

!

router rip

passive-interface FastEthernet0/0

passive-interface Vlan1

network 10.0.0.0

network 24.0.0.0

no auto-summary

!

ip classless

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 600 life 86400 requests 10000

ip nat pool test 10.0.0.1 10.0.0.20 netmask 255.0.0.0

!

access-list 1 remark test

access-list 1 remark SDM_

access-list 1 permit any

dialer-list 1 protocol ip permit

snmp-server community public RO

snmp-server enable traps tty

!

control-plane

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

privilege level 15

password *****

login local

transport input telnet ssh

line vty 5 15

privilege level 15

password *****

login local

transport input telnet ssh

!

end

Thank you very much for your help.

Patrick

Richard Burts · ‎03-31-2005

The biggest problem that I see is that there is no default route. You can confirm whether this is the case by posting the output of show ip route.

The easy way to fix this is to configure a static default route pointing to the ISP. It could be of the form:

ip route 0.0.0.0 0.0.0.0

assuming that you know the address of the ISP to which you are connected. We might guess that it is 24.200.242.21 based on the configuration of the DHCP server.

or the default route can have the form:

ip route 0.0.0.0 0.0.0.0 FastEthernet 0/0

which would be best if you do not know the ISP address. The biggest disadvantage of this form is that it requires the router to ARP for every remote address to which it is forwarding and assumes that the ISP will proxy ARP for all these (and some providers will not proxy ARP).

There are a few other things like why do you have both enable password and enable secret? And why do you have VLAN 2 shut down? But these are not particularly important to your question about accessing the Internet.

HTH

Rick

HTH

Rick