Solved: Routing problems on 1100 Isr

broberto82 · ‎02-03-2020

Hi,

I'm a newbie trying to configure my new Cisco isr C1113-8p for my network.
I set up my running-config and my router can navigate, but I'm getting some strange behaviours... and I'm sure they're related to something wrong on my routing configuration.
First problem: I can navigate only certain sites, for example:
google.it or cisco.com are ok
madisoft.it or estense.com are not ok - the dns gets the IP correctly, but I can't go on.
The second problem is that I've VoIP phones on my LAN, but I'm getting one-way voice on them.
I struggled a lot but I'm not able to come out from these problems... so ask for some help.

Here are the main parts of my running-config:


version 16.10
!
hostname Router
!
boot-start-marker
boot-end-marker
!
ip name-server 8.8.8.8
ip dhcp excluded-address 192.168.178.1 192.168.178.2
ip dhcp excluded-address 192.168.178.109
ip dhcp excluded-address 192.168.178.110
ip dhcp excluded-address 192.168.178.25
ip dhcp excluded-address 192.168.178.30
ip dhcp excluded-address 192.168.178.38
ip dhcp excluded-address 192.168.178.200
!
ip dhcp pool CASA_POOL
network 192.168.178.0 255.255.255.0
default-router 192.168.178.1
dns-server 8.8.8.8
!
controller VDSL 0/2/0
!
!
vlan internal allocation policy ascending
!
!
interface GigabitEthernet0/0/0
no ip address
negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0/1/4
!
interface GigabitEthernet0/1/5
!
interface GigabitEthernet0/1/6
!
interface GigabitEthernet0/1/7
!
interface ATM0/2/0
no ip address
atm oversubscribe factor 2
no atm enable-ilmi-trap
!
interface Ethernet0/2/0
no ip address
no negotiation auto
!
interface Ethernet0/2/0.835
encapsulation dot1Q 835
ip nat inside
pppoe enable group global
pppoe-client dial-pool-number 1
ip virtual-reassembly
!
interface Vlan1
ip address 192.168.178.1 255.255.255.0
ip nat inside
!
interface Dialer0
!
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
ppp authentication pap chap callin
ppp chap hostname timadsl
ppp chap password 0 timadsl
ppp pap sent-username timadsl password 0 timadsl
ppp ipcp dns request accept
!
ip forward-protocol nd
no ip http server
ip http secure-server
ip http secure-port 8080
ip nat translation udp-timeout 600
ip nat translation max-entries 40000
ip nat inside source static tcp 192.168.178.109 80 interface Dialer1 80
ip nat inside source static udp 192.168.178.109 80 interface Dialer1 80
ip nat inside source static tcp 192.168.178.109 443 interface Dialer1 443
ip nat inside source static udp 192.168.178.109 443 interface Dialer1 443
ip nat inside source static tcp 192.168.178.200 81 interface Dialer1 81
ip nat inside source static udp 192.168.178.200 81 interface Dialer1 81
ip nat inside source static udp 192.168.178.200 5060 interface Dialer1 5060
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
access-list 1 permit 192.168.178.0 0.0.0.255
!
!
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line vty 0 4
login
!
!
!
!
!
!
end

Thanks in advance for any suggestions!

Georg Pauwen · ‎02-03-2020

Hello,

problems like these are often relared to MTU settings. Under the dialer interface, configure:

mtu 1492

ip tcp adjust-mss 1452

or

mtu 1400

ip tcp adjust-mss 1360

View solution in original post

Georg Pauwen · ‎02-03-2020

Hello,

problems like these are often relared to MTU settings. Under the dialer interface, configure:

mtu 1492

ip tcp adjust-mss 1452

or

mtu 1400

ip tcp adjust-mss 1360

broberto82 · ‎02-04-2020

Hi Georg,
I configured mtu 1492 & adjust-mss 1452 and now the web navigation is fine. Thank you very much!
Unfortunately I'm still getting the problem about the one-way audio with the VoIP phones... I would really appreciate some help.

Georg Pauwen · ‎02-04-2020

Hello,

which model are your VoIP phones ?

broberto82 · ‎02-04-2020

I have a Siemens Gigaset 530 and a Fanvil H2S phones. They can't hear the voice of the external called phones.
I'm actually using a FritzBox 7530 under my LAN acting as VoIP controller (and also WiFi hotspot).
Both of the phones worked fine under my previous routers (once I had a FritzBox 7530 acting as router itself, and later I used Cisco RV134W with the 7530 acting as VoIP controller) so this is the reason why I suspect about something wrong in my actual routing / nat configuration...

Georg Pauwen · ‎02-04-2020

Hello,

assuming that you are using NAT on your ISR, try and add the below:

ip nat service sip udp port 5060

ip nat service sip tcp port 5060

broberto82 · ‎02-04-2020

Hi Georg,
everything seems to work fine now! Thank you so much!!
...I would have just a last problem to resolve: in my LAN I've an IP cameras controller and a domotic central. Both of them are configured to listen and to be reachable on port 81 and 443, respectively. Since I've a dynamic IP given by my ISP, I've a dynamic DNS configured. I checked and the dynamic DNS points correctly to my actual public IP. Unfortunately when I try to access those services from outside my LAN (Android App, etc...) I get a "connection refused". This happens if I try to access with the logical name given from the Dynamic DNS and also if I try with my public IP address directly. Everything works fine if I access them inside the LAN with their private IPs. I'm wondering why, since I opened 443 and 81 port on Dialer1...