Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
644
Views
0
Helpful
3
Replies

831 Router cannot connect to the Internet.

onlize111
Level 1
Level 1

‎03-14-2014 01:41 PM - edited ‎03-07-2019 06:42 PM

Hello,

I purchased new 831 router. I know my way around Cisco, so I decided to program it myself. For some reason I cannot connect to the Internet. Can you please help me with this?

The following is the configuration of my router. Can you see anything wrong?

Router#sh run
Building configuration...

Current configuration : 3379 bytes
!
version 12.4
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
clock timezone CST -6
clock summer-time CDT recurring
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.150
ip dhcp excluded-address 192.168.0.200 192.168.0.255
!
ip dhcp pool CLIENT
   import all
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.1
   dns-server 8.8.8.8 8.8.4.4
   lease 0 1
!
!
ip cef
no ip domain lookup
ip inspect name IPFW tcp
ip inspect name IPFW udp
ip inspect name IPFW cuseeme
ip inspect name IPFW ftp
ip inspect name IPFW tftp
ip inspect name IPFW rcmd
ip inspect name IPFW realaudio
ip inspect name IPFW smtp
ip inspect name IPFW h323
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
username cisco privilege 15 secret 5 $1$.PGD$oO8q1na6Wp3iYle/ei7ci0
!
!
!
!
!
!
interface Ethernet0
 description LAN switch ports on inside interface
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 no cdp enable
 hold-queue 32 in
!
interface Ethernet1
 description WAN interface to ISP using DHCP
 ip address dhcp client-id Ethernet1
 ip access-group IPFW-ACL in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip inspect IPFW out
 ip virtual-reassembly
 duplex auto
 no cdp enable
!
interface Ethernet2
 no ip address
 shutdown
!
interface FastEthernet1
 duplex auto
 speed auto
!
interface FastEthernet2
 duplex auto
 speed auto
!
interface FastEthernet3
 duplex auto
 speed auto
!
interface FastEthernet4
 duplex auto
 speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http max-connections 4
ip http timeout-policy idle 600 life 86400 requests 10000
!
ip nat inside source list 102 interface Ethernet1 overload
ip nat inside source static tcp 192.168.0.5 3389 interface Ethernet1 3389
!
!
ip access-list extended IPFW-ACL
 permit icmp any any administratively-prohibited
 permit icmp any any echo-reply
 permit icmp any any packet-too-big
 permit icmp any any time-exceeded
 permit icmp any any traceroute
 deny   ip any any
access-list 23 permit 192.168.0.0 0.0.0.255
!
!
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router Web Setup (CRWS) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco".

Please change these publicly known initial credentials using CRWS or the IOS CLI.
Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use.

For more information about CRWS please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/en/US/products/sw/netmgtsw/ps2076/prod_troubleshooting_guide09186a0080132c3c.html
-----------------------------------------------------------------------
^C
!
line con 0
 exec-timeout 120 0
 login local
 no modem enable
 stopbits 1
line aux 0
line vty 0 4
 access-class 23 in
 exec-timeout 120 0
 login local
!
scheduler max-task-time 5000
ntp logging
end

Router#

Thank you for your time.

 

Labels:
0 Helpful
3 Replies 3

Daniele Giordano
Level 8
Level 8

‎03-15-2014 11:43 AM

What is the state of the E1 interface?
Can you get a valid IP address from ISP DHCP?

If all is ok, try to remove the "ip access-group IPFW-ACL in" from WAN.
In this ACL there is a "deny   ip any any"  that blocks all traffic.

Regards.

0 Helpful

onlize111
Level 1
Level 1
In response to Daniele Giordano

‎03-15-2014 06:34 PM

Thank you for your reply. I removed as much as I could from that interface. Now it looks like this:

interface Ethernet1
 description WAN interface to ISP using DHCP
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 no cdp enable

I checked and the interface is up and it has public IP address: Ethernet1 is up, line protocol is up.

I can ping internet from router, but I cannot do it from workstation that is directly connected to the router and has IP address assigned by the router.

In additions, I discovered that if I try to ping by name from the router, it cannot resolve the name. I can ping by IP, but not by the name.

Any other ideas?

Thank you.

0 Helpful

onlize111
Level 1
Level 1
In response to onlize111

‎03-15-2014 07:41 PM

I was able to make it work. In the end, I had to configure "permit ip any any" on the firewall.

0 Helpful
Customers Also Viewed These Support Documents