Cisco 881 Pings, ARP table unpingable

fotismark · ‎12-22-2017

hello all,

Who can solve me this.

I have cisco 881, which is connected to the internet, through a dialer interface, and the pcs are going out to the internet.

When I am in the router I cannot ping the pcs connected to it.

#sh arp
Protocol Address          Age (min) Hardware Addr   Type   Interface
Internet 10.79.55.1              -   442b.03c5.468e ARPA   Vlan1
Internet 10.79.55.10            36   70ca.9b2e.a9f2 ARPA   Vlan1
Internet 10.79.55.11             0   50e5.49e4.7f74 ARPA   Vlan1

#ping 10.79.55.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.79.55.11, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
#ping 10.79.55.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.79.55.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
#ping 10.79.55.11 sou
#ping 10.79.55.11 source 10.79.55.1 <(Vlan1)
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.79.55.11, timeout is 2 seconds:
Packet sent with a source address of 10.79.55.1
.....
Success rate is 0 percent (0/5)
#

Also, I am Nating (off course), so, I have this server on 10.79.55.100, which everybody can see it from the internet with its IP address (which translates to my public) but I am directly connected to the router and when I type www.myserver.com it won't show anyhting, but when i type its private ip 10.79.55.100 homepage appears but all links lead nowhere...

REally Appreciate the hep

Georg Pauwen · ‎12-22-2017

Hello,

post the configuration of the router...

fotismark · ‎12-22-2017

Building configuration...
version 15.1
!
hostname hOME_IpSec_Company
!
boot-start-marker
boot-end-marker
!
!
no logging buffered
enable password ********
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
!
memory-size iomem 10
service-module wlan-ap 0 bootimage autonomous
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3702956536
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3702956536
revocation-check none
rsakeypair TP-self-signed-3702956536
!
!
crypto pki certificate chain TP-self-signed-3702956536
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33373032 39353635 3336301E 170D3137 30333234 31373230
33355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 37303239
35363533 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AC64 EF7E0892 C3483C90 40B9E4BC 946B47B8 6E71F4EC 865594E0 3C0AB70A
27353B8E 24411D03 7304A25D 69BF6222 382657BC A9E7924A B92F2E30 6585A341
71A2B627 387B5AF2 1BBB7EBD 84252139 E43AB7B9 B9A7D6EE 03A112A8 555E8307
C60A7B2D 3E1CB393 31055CF7 6B0B2F06 967199CD 4B9071CD 1013EBC1 22E2A878
FCC50203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 146FB873 2B842A8A B9A834DD 9DC4B4D0 A8E56448 8F301D06
03551D0E 04160414 6FB8732B 842A8AB9 A834DD9D C4B4D0A8 E564488F 300D0609
2A864886 F70D0101 05050003 81810036 99F78926 E0926BE2 703A2200 9DF31401
B3A7AE69 B0686193 74356678 519AB829 7B0845CE 49059F43 07773BB6 98327729
C3DA7AEB E4DE1C6E 1C5395A3 E4EC4D6F 7396D7FB 4E0D286E AE458A07 77D98D56
A5F35467 DDBB25AA E5357D2B 2C687993 B40BDAD7 A9C6AE8E FBB8FC40 C598E1D3
A40F5816 961AC6BA 40541828 660F3F
        quit
no ip source-route
!
!
!
ip dhcp excluded-address 10.79.55.1 10.79.55.9
ip dhcp excluded-address 10.79.55.101 10.79.55.254
!
ip dhcp pool ccp-pool1
network 10.79.55.0 255.255.255.0
dns-server ******** 8.8.8.8
default-router 10.79.55.1
!
!
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO881GW-GN-A-K9 sn FTX161880ZN
license boot module c880-data level advipservices
!
!
username ******* privilege 15 password 0 ***********
!
!
!
!
controller Cellular 0
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key ***** address *********
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to*******
set peer PUBLIC IP
set transform-set ESP-3DES-SHA
match address 100
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
description $ETH-WAN$
no ip address
shutdown
duplex auto
speed auto
pppoe-client dial-pool-number 1
!
interface wlan-ap0
description Service module interface to manage the embedded AP
no ip address
shutdown
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
no ip address
!
interface Cellular0
no ip address
encapsulation ppp
!
interface Vlan1
ip address 10.79.55.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
!
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname wind@tellas.gr
ppp chap password 0 wind
ppp pap sent-username wind@tellas.gr password 0 wind
crypto map SDM_CMAP_1
!
ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
!
!
ip nat pool NAT-POOL 10.79.55.0 10.79.55.254 netmask 255.255.255.0
ip nat inside source static tcp 10.79.55.100 25 interface Dialer0 25
ip nat inside source static tcp 10.79.55.100 110 interface Dialer0 110
ip nat inside source static tcp 10.79.55.100 443 interface Dialer0 443
ip nat inside source static tcp 10.79.55.100 80 interface Dialer0 80
ip nat inside source static tcp 10.79.55.100 53 interface Dialer0 53
ip nat inside source static tcp 10.79.55.100 389 interface Dialer0 389
ip nat inside source static tcp 10.79.55.100 26 interface Dialer0 26
ip nat inside source static tcp 10.79.55.100 44 interface Dialer0 44
ip nat inside source static tcp 10.79.55.100 1000 interface Dialer0 1000
ip nat inside source static tcp 10.79.55.100 143 interface Dialer0 143
ip nat inside source static tcp 10.79.55.100 995 interface Dialer0 995
ip nat inside source static tcp 10.79.55.100 993 interface Dialer0 993
ip nat inside source static tcp 10.79.55.100 8100 interface Dialer0 8100
ip nat inside source static tcp 10.79.55.100 3000 interface Dialer0 3000
ip nat inside source static tcp 10.79.55.100 1300 interface Dialer0 1300
ip nat inside source static tcp 10.79.55.100 21 interface Dialer0 21
ip nat inside source static tcp 10.79.55.100 5938 interface Dialer0 5938
ip nat inside source static udp 10.79.55.17 11155 interface Dialer0 11155
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!       *************ACL For Private IpSec Vlans, Translations etc************************

***************ACL is missing for Above NAT Translations on purpose************************
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.79.55.0 0.0.0.255
access-list 100 remark CCP_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 10.79.55.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 101 remark CCP_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip 10.79.55.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 101 permit ip 10.79.55.0 0.0.0.255 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
!
!
!
!
route-map SDM_RMAP_1 permit 1
match ip address 101
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line 3
no exec
line vty 0 4
password mnemonic
transport input all
!
end

fotismark · ‎12-22-2017

except all the above, my basic question is why, when i am connected to the internet through the router (where on the same router is my web server) when i type www.myserver.com nothing comes up, but when i type its private IP it comes up but links wont work.

Does it have to do with an ACL? Does it get confused on Transaltions? My Router can't even ping my PC or the Web Serv... This is very very weird and honestly dunno...

Georg Pauwen · ‎12-22-2017

Hello,

below is the (hopefully) working configuration:

Building configuration...
version 15.1
!
hostname hOME_IpSec_Company
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable password ********
!
aaa new-model
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
memory-size iomem 10
service-module wlan-ap 0 bootimage autonomous
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3702956536
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3702956536
revocation-check none
rsakeypair TP-self-signed-3702956536
!
crypto pki certificate chain TP-self-signed-3702956536
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33373032 39353635 3336301E 170D3137 30333234 31373230
33355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 37303239
35363533 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AC64 EF7E0892 C3483C90 40B9E4BC 946B47B8 6E71F4EC 865594E0 3C0AB70A
27353B8E 24411D03 7304A25D 69BF6222 382657BC A9E7924A B92F2E30 6585A341
71A2B627 387B5AF2 1BBB7EBD 84252139 E43AB7B9 B9A7D6EE 03A112A8 555E8307
C60A7B2D 3E1CB393 31055CF7 6B0B2F06 967199CD 4B9071CD 1013EBC1 22E2A878
FCC50203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 146FB873 2B842A8A B9A834DD 9DC4B4D0 A8E56448 8F301D06
03551D0E 04160414 6FB8732B 842A8AB9 A834DD9D C4B4D0A8 E564488F 300D0609
2A864886 F70D0101 05050003 81810036 99F78926 E0926BE2 703A2200 9DF31401
B3A7AE69 B0686193 74356678 519AB829 7B0845CE 49059F43 07773BB6 98327729
C3DA7AEB E4DE1C6E 1C5395A3 E4EC4D6F 7396D7FB 4E0D286E AE458A07 77D98D56
A5F35467 DDBB25AA E5357D2B 2C687993 B40BDAD7 A9C6AE8E FBB8FC40 C598E1D3
A40F5816 961AC6BA 40541828 660F3F
quit
no ip source-route
!
ip dhcp excluded-address 10.79.55.1 10.79.55.9
ip dhcp excluded-address 10.79.55.101 10.79.55.254
!
ip dhcp pool ccp-pool1
network 10.79.55.0 255.255.255.0
dns-server ******** 8.8.8.8
default-router 10.79.55.1
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
license udi pid CISCO881GW-GN-A-K9 sn FTX161880ZN
license boot module c880-data level advipservices
!
username ******* privilege 15 password 0 ***********
!
controller Cellular 0
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key ***** address *********
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to*******
set peer PUBLIC IP
set transform-set ESP-3DES-SHA
match address 100
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
description $ETH-WAN$
no ip address
duplex auto
speed auto
pppoe-client dial-pool-number 1
!
interface wlan-ap0
description Service module interface to manage the embedded AP
no ip address
shutdown
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
no ip address
!
interface Cellular0
no ip address
encapsulation ppp
!
interface Vlan1
ip address 10.79.55.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
!
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname wind@tellas.gr
ppp chap password 0 wind
ppp pap sent-username wind@tellas.gr password 0 wind
crypto map SDM_CMAP_1
!
ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
!
ip nat inside source static tcp 10.79.55.100 25 interface Dialer0 25
ip nat inside source static tcp 10.79.55.100 110 interface Dialer0 110
ip nat inside source static tcp 10.79.55.100 443 interface Dialer0 443
ip nat inside source static tcp 10.79.55.100 80 interface Dialer0 80
ip nat inside source static tcp 10.79.55.100 53 interface Dialer0 53
ip nat inside source static tcp 10.79.55.100 389 interface Dialer0 389
ip nat inside source static tcp 10.79.55.100 26 interface Dialer0 26
ip nat inside source static tcp 10.79.55.100 44 interface Dialer0 44
ip nat inside source static tcp 10.79.55.100 1000 interface Dialer0 1000
ip nat inside source static tcp 10.79.55.100 143 interface Dialer0 143
ip nat inside source static tcp 10.79.55.100 995 interface Dialer0 995
ip nat inside source static tcp 10.79.55.100 993 interface Dialer0 993
ip nat inside source static tcp 10.79.55.100 8100 interface Dialer0 8100
ip nat inside source static tcp 10.79.55.100 3000 interface Dialer0 3000
ip nat inside source static tcp 10.79.55.100 1300 interface Dialer0 1300
ip nat inside source static tcp 10.79.55.100 21 interface Dialer0 21
ip nat inside source static tcp 10.79.55.100 5938 interface Dialer0 5938
ip nat inside source static udp 10.79.55.17 11155 interface Dialer0 11155
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
access-list 100 remark NAT
access-list 100 deny ip 10.79.55.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 100 permit ip 10.79.55.0 0.0.0.255 any
access-list 101 remark IPSec Rule
access-list 101 permit ip 10.79.55.0 0.0.0.255 192.168.100.0 0.0.0.255
!
dialer-list 1 protocol ip permit
1
route-map SDM_RMAP_1 permit 1
match ip address 101
match interface Dialer0
!
control-plane
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line 3
no exec
line vty 0 4
password mnemonic
transport input all
!
end

fotismark · ‎12-24-2017

i ll give it a shot and i will let you know....dont have access these days due to holidays! thank you