DNS_PROBE_FINISHED_NO_INTERNET

lakhwaraa · ‎05-28-2024

i HAVE A STRANGE PROBLEM. I AM UNABLE TO ACCESS INTERENT FROM MY COMPUTER . MY CONFIGURATION IS BELOW

no ip domain lookup
ip domain name dt.local
ip name-server 9.9.9.9

ip cef
no ipv6 cef

!
track 1 ip sla 1 reachability
!
zone security inside
zone security outside
zone security vpn

interface GigabitEthernet8
ip address 192.168.15.200 255.255.255.0
ip nat outside
ip virtual-reassembly in
zone-member security outside
duplex auto
speed auto
!
interface GigabitEthernet9
ip address 192.168.8.2 255.255.255.0
ip mtu 1480
ip nat outside
ip virtual-reassembly in
zone-member security outside
duplex auto
speed auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$
ip address 172.20.99.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
zone-member security inside
ip tcp adjust-mss 1452
!

ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
!
!
ip dns server
ip nat inside source route-map primary interface GigabitEthernet8 overload
ip nat inside source route-map secondary interface GigabitEthernet9 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet8 192.168.15.1 track 1
ip route 0.0.0.0 0.0.0.0 192.168.8.1 10
ip route 8.8.8.8 255.255.255.255 192.168.8.1
ip ssh version 2
!

ip access-list extended NAT
permit ip 172.20.99.0 0.0.0.255 any
!
ip sla 1
icmp-echo 192.168.15.1 source-interface GigabitEthernet8
threshold 1000
frequency 10
ip sla schedule 1 life forever start-time now
!
route-map primary permit 10
match ip address NAT
match interface GigabitEthernet8
!
route-map secondary permit 10
match ip address NAT
match interface GigabitEthernet9

!
end

can any one tell me why i am unable to connect to internet

marce1000 · ‎05-28-2024

- Check if your device has valid DNS server's allocated verify with : ipconfig /all
If a configuration fault is suspected on the router try ping 8.8.8.8 for testing basic internet connectivity ,

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

MHM Cisco World · ‎05-28-2024

This all config?

What is the DNS IP you see in PC?

MHM

lakhwaraa · ‎05-28-2024

The problem is resovled. My router has DNS of 10.20.1.29 and 9.9.9.9. when i point my comupter dns to router, it stops working. so i directly added dns server ip to my ipv4 dns configuration in computer and it resolved my problem. also to mention that this never happened before. i always provide gateway and dns to computers pointed to my router but i dont know why this time it is different. if you have any answer to that, please let me know

MHM Cisco World · ‎05-29-2024

no ip domain lookup <<- I think this make issue try again and remove NO

MHM

lakhwaraa · ‎05-29-2024

no ip domain lookup this did not help but hangs the router for some time in case of some wrong input commands.

MHM Cisco World · ‎05-29-2024

You are correct' it use if the traffic generate from router need DNS' but I am not so sure if the router work as dns proxy still need this command or not.

Other this I see is Zone secuirty'

There is self secuirty traffic must pass between outside and this zone.

That why I ask full config

MHM

lakhwaraa · ‎05-29-2024

This is my zone configuration and i am pretty sure, thsi configutation is fine and working on other routers

class-map type inspect match-any inside-to-vpn
match access-group name ACL-INSIDE-TO-VPN
class-map type inspect match-any vpn-to-inside
match access-group name ACL-VPN-TO-INSIDE
class-map type inspect match-any inside-to-outside
match access-group name ACL-INSIDE-TO-OUTSIDE
class-map type inspect match-any outside-to-self
match access-group name ACL-outside-TO-self
class-map type inspect match-any self-to-outside
match access-group name ACL-self-TO-outside
!
!
policy-map type inspect Policy-inside-to-vpn
class type inspect inside-to-vpn
inspect
class class-default
drop
policy-map type inspect Policy-vpn-to-inside
class type inspect vpn-to-inside
inspect
class class-default
drop
policy-map type inspect Policy-outside-to-self
class type inspect outside-to-self
inspect
class class-default
drop
policy-map type inspect Policy-inside-to-outside
class type inspect inside-to-outside
inspect
class class-default
drop
policy-map type inspect Policy-self-to-outside
class type inspect self-to-outside
inspect
class class-default
drop
!
zone security inside
zone security outside
zone security vpn
zone-pair security inside-to-outside source inside destination outside
service-policy type inspect Policy-inside-to-outside
zone-pair security inside-to-vpn source inside destination vpn
service-policy type inspect Policy-inside-to-vpn
zone-pair security vpn-to-inside source vpn destination inside
service-policy type inspect Policy-vpn-to-inside
zone-pair security outside-to-inside source outside destination inside

ip access-list extended ACL-INSIDE-TO-OUTSIDE
permit ip any any
ip access-list extended ACL-INSIDE-TO-VPN
permit ip any any
ip access-list extended ACL-VPN-TO-INSIDE
permit ip any any
ip access-list extended ACL-outside-TO-self
permit ip any any
ip access-list extended ACL-self-TO-outside
permit ip any any
ip access-list extended NAT
permit ip 172.20.99.0 0.0.0.255 any

MHM Cisco World · ‎05-30-2024

as I mention before
no ip domain-lookup <<- is issue here

below lab I use Zone and allow all and you can see ping for hostname one time success if R1 not the DNS proxy and second time failed when R1 is DNS proxy but the no ip domain-lookup code is used

MHM

lakhwaraa · ‎06-01-2024

i have other routers where i have not put any ip domain command and it resolves dns. i will check and test it with ip domain lookup again

balaji.bandi · ‎05-29-2024

Looks for me end device DNS issue, if you point to Router as DNS Server - that not works because router not acting as DNS Server for you to resolve.

ip dns server (i do not see command on the router)

also if the Pc getting DHCP - then add correct DNS for that to work.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

lakhwaraa · ‎05-29-2024

ip dns server command is already in the configuration above the ip nat commands.

balaji.bandi · ‎05-29-2024

ip dns server command is already in the configuration above the ip nat commands.

You configured Name Servers - not that you configured Router act as DNS Server ? have you - not that i have seen in your configuration.

when i point my comupter dns to router, it stops working.

If you configured and point your Client DNS to Router, then router able to resolve the DNS for your clients.

configuring ip name-server on the router for the DNS to resolve from the router, not the Router act as DNS Server.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

lakhwaraa · ‎05-29-2024

Yes. I always point my client to router and then router goes to my internal dns for resolution. My other routers having same configuration works fine in this way but this router (A new installation) does not allow internet access. i have to manually add dns settings in client computer rather than router IP. ALso i am not using any DHCP .

balaji.bandi · ‎05-30-2024

add that DNS Server configuration on the router and test it.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help