Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
741
Views
0
Helpful
2
Replies

Unable to resolve DNS 2811 Router behind a firewall

Kevin Walker
Level 1
Level 1

‎10-01-2015 06:52 PM - edited ‎03-05-2019 02:26 AM

I have a cisco 2811 router that I cannot ping google.com from.  I have followed the dns setup guide. I even have a 1760v router connected to the same switch that can ping google.com perfectly fine but I need to be able to do this  on the 2811 so that the sip connection can resolve.

ip domain-lookup was done too.  192.168.1.1 is the asa firewall.

Attached is the config.  

 

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cme2811
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable password XXXXXXXX
!
no aaa new-model
clock timezone est -4
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
ip domain name cakefarts.com
ip host kevin 192.168.1.7
ip name-server 192.168.1.1
ip name-server 8.8.8.8
ip multicast-routing
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
!
!
!
voice service voip
 allow-connections h323 to h323
 allow-connections h323 to sip
 allow-connections sip to sip
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
!
!
username XXXXXXXXXXXXXXXXXXXXXX
archive
 log config
  hidekeys
!
!
!
!
!
!
interface Loopback0
 ip address 10.0.0.2 255.255.255.0
!
interface FastEthernet0/0
 ip address 192.168.1.2 255.255.255.0
 ip helper-address 192.168.1.1
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/0/0
 no ip address
 shutdown
!
ip default-gateway 192.168.1.1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
ip http server
no ip http secure-server
ip http path flash:
!
ip dns server
!
i
!
!
!
!
tftp-server flash:P00308000400.bin
tftp-server flash:P00308000400.loads
tftp-server flash:P00308000400.sb2
tftp-server flash:P00308000400.sbn
!
control-plane
!
!
!
ccm-manager fax protocol cisco
!
mgcp fax t38 ecm
!
!
!
dial-peer voice 601 voip
 destination-pattern ...........
 session protocol sipv2
 session target dns:callcentric.com
 incoming called-number .
 dtmf-relay sip-notify rtp-nte
 codec g711ulaw
!
!
sip-ua
 credentials username m
 authentication username 
 no remote-party-id
 retry invite 4
 retry response 3
 retry bye 2
 retry cancel 2
 retry register 5
 timers trying 1000
 timers register 250
 registrar dns:callcentric.com expires 3600
 sip-server dns:callcentric.com
!
!
telephony-service
 sdspfarm transcode sessions 5
 em logout 0:0 0:0 0:0
 max-ephones 10
 max-dn 10
 ip source-address 192.168.1.2 port 2000
 auto assign 1 to 10
 auto assign 1 to 5
 timeouts interdigit 4
 system message ??????
 url services http://www.singlewire.com/freeservices/menu
 load 7960-7940 P00308000400
 time-zone 12
 dialplan-pattern 1 8654083166 extension-length 4 extension-pattern 3166
 voicemail 9999
 mwi relay
 max-conferences 8 gain 6
 call-forward pattern .T
 moh flash:music-on-hold.au
 multicast moh 239.10.16.4 port 2000
 web admin system name 1
 dn-webedit
 time-webedit
 transfer-system full-consult
 create cnf-files version-stamp 7960 Jun 30 2014 21:43:42
!
!
ephone-dn  1  dual-line
 number 1001
!
!
ephone-dn  2  dual-line
 call-waiting ring
 number 177XXXXX
 label Callcentric
!
!
ephone-dn  3  dual-line
 call-waiting ring
 number XXXXXXX
!
!
ephone-dn  4  dual-line
 number 1004
!
!
ephone-dn  5  dual-line
 number 1005
!
!
ephone-dn  6  dual-line
 number 1006
!
!
ephone-dn  7  dual-line
 number 1007
!
!
ephone-dn  8  dual-line
 number 1008
!
!
ephone-dn  9  dual-line
 number 1009
!
!
ephone-dn  10  dual-line
 number 1010
!
!
ephone  1
 no phone-ui speeddial-fastdial
 no phone-ui snr
 no multicast-moh
!
!
!
ephone  2
 no phone-ui speeddial-fastdial
 no phone-ui snr
 no multicast-moh
 description 7940
 mac-address 0018.BAC9.E6BA
 type 7940
 button  1:2
!
!
!
ephone  3
 no phone-ui speeddial-fastdial
 no phone-ui snr
 no multicast-moh
 mac-address 1956.9917.C701
 max-calls-per-button 2
 type ata
 button  1:3
!
!
!
ephone  4
 no phone-ui speeddial-fastdial
 no phone-ui snr
 no multicast-moh
!
!
!
ephone  5
 no phone-ui speeddial-fastdial
 no phone-ui snr
 no multicast-moh
!
!
!
ephone  6
 no phone-ui speeddial-fastdial
 no phone-ui snr
 no multicast-moh
!
!
!
ephone  7
 no phone-ui speeddial-fastdial
 no phone-ui snr
 no multicast-moh
!
!
!
ephone  8
 no phone-ui speeddial-fastdial
 no phone-ui snr
 no multicast-moh
!
!
!
ephone  9
 no phone-ui speeddial-fastdial
 no phone-ui snr
 no multicast-moh
!
!
!
ephone  10
 no phone-ui speeddial-fastdial
 no phone-ui snr
 no multicast-moh
!
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
 login local
line aux 0
line vty 0 4
 exec-timeout 0 0
 privilege level 15
 password cisco
 login local
 transport input telnet ssh
 transport output all
!
scheduler allocate 20000 1000
ntp server 192.168.1.1
end

 

 

 

 

Translating "google.com"...domain server (8.8.8.8) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2607:F8B0:4002:C06::66, timeout is 2 seconds:

% No valid route for destination
Success rate is 0 percent (0/1)

 

 

 

 

 

Labels:
0 Helpful
2 Replies 2

paul driver
VIP
VIP

‎10-02-2015 02:12 AM

Hello

I even have a 1760v router connected to the same switch that can ping google.com perfectly fine but I need to be able to do this

I guess from this statement that the ASA FW is already setup as a DNS forwarder for external DNS queries from your LAN then?

can you try:
no ip default-gateway 192.168.1.1
no ip route 0.0.0.0 0.0.0.0 192.168.1.1
no ip dns server
no ip name-server 8.8.8.8
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 192.168.1.1
ip domain-lookup source-interface FastEthernet0/0

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Kevin Walker
Level 1
Level 1
In response to paul driver

‎10-02-2015 04:34 PM

No luck,

 

I even removed the asa 5505 and used a home netgear router as the gw with the same ip and still no luck.

The 1760v works just fine with no issues.

 

Here is what I get when pinging google.com

 

 

% No valid route for destination
Success rate is 0 percent (0/1)

 

pinging 8.8.8.8 is successful.

 

 

 

Works now...I had to downgrade the ios and use advanced services rather than voice.  I can now register my callcentric account and I needed to add ip name-server 8.8.8.8.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card