Rick

Thanks for this. I have added the ip route but still the same error message.

Show ip route looks as follows:

habsburg#show ip route   

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

       + - replicated route, % - next hop override

Gateway of last resort is 80.219.128.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 80.219.128.1, GigabitEthernet0/0

      10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

C        10.10.10.0/24 is directly connected, GigabitEthernet0/1

L        10.10.10.1/32 is directly connected, GigabitEthernet0/1

S        10.145.128.1/32 [254/0] via 80.219.128.1, GigabitEthernet0/0

      80.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C        80.219.128.0/22 is directly connected, GigabitEthernet0/0

L        80.219.128.170/32 is directly connected, GigabitEthernet0/0

Thanks for your help!

Peter

Hi,

what test are you doing?

add this command: ip inspect log drop-pkt  and tell us what you're doing and if you get a log message.

Regards.

Alain.

Hi

I am testing the interface status via CPP . Ping outside addresses seems to work fine but I cannot access them via http.

Thanks

Peter

Peter

I thought that clearly the lack of a default route was a problem and could logically lead to the error of Exit Interface Found: None. But now the router does have what appears to be a valid default route. If the same error is occurring then we need to look for something else.

When this error happens are you generating traffic from a PC connected to the router or are you on the router and generating the traffic from the router? And what kind of traffic are you generating?

I suggest that we start with something very simple and see how it works. Can you access the router (either through the console connection or through telnet or SSH) and from the router ping the gateway address of

80.219.128.1? Lets try that and see what happens.

HTH

Rick

Rick

I am using console connection. Pinging the gateway works fine from the terminal but also from a PC connected to the router:

habsburg#ping 80.219.128.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 80.219.128.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 8/10/12 ms

Peter

Peter

Thanks. It is helpful to know that ping to the gateway works from the router and even better that it also works from a PC connected to the router.

I am wondering if it may be an issue with DNS and name resolution. Can you try a test where you attempt to access something in the Internet by name and then by IP address?

HTH

Rick

Rick

Thanks. We seem to get closer... I tried to access yahoo.com which did not work, 98.137.149.56/ on the other side works fine.

Peter

Peter

Yes I believe that we are getting closer.

Perhaps the next step is to verify whether the PC is learning any DNS server. Could you post the output of ipconfig /all from a PC that is connected to the router?

It might also be helpful to know whether the router has learned a DNS server via DHCP from the ISP. Probably the easy way to check that is to try to ping something in the Internet by name. If the router can ping by name then it has learned a name server.

HTH

Rick

Rick

I pinged yahoo.com. Message: unknown host.

As I am using a Mac, I cannot provide an ipconfig but I think ifconfig -a comes closest to it.

Peter-Hubers-MacBook-Pro:~ phuber$ ifconfig -a

lo0: flags=8049 mtu 16384

options=3

inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1

inet 127.0.0.1 netmask 0xff000000

inet6 ::1 prefixlen 128

gif0: flags=8010 mtu 1280

stf0: flags=0<> mtu 1280

en1: flags=8823 mtu 1500

ether e0:f8:47:2b:63:ec

media: autoselect ()

status: inactive

p2p0: flags=8802 mtu 2304

ether 02:f8:47:2b:63:ec

media: autoselect

status: inactive

fw0: flags=8863 mtu 4078

lladdr 70:cd:60:ff:fe:d1:f8:8c

media: autoselect

status: inactive

en0: flags=8863 mtu 1500

options=2b

ether c8:2a:14:13:37:0f

inet6 fe80::ca2a:14ff:fe13:370f%en0 prefixlen 64 scopeid 0x7

inet 10.10.10.3 netmask 0xffffff00 broadcast 10.10.10.255

media: autoselect (1000baseT )

status: active

Looking at the CCP Test Connection, there seems to be a DNS server to be imported:

Hope this helps.

Thanks!

Peter

Peter

I think that this is a step forward. I am not a MAC expert and am not sure of a way to know whether it has learned any DNS server. But I am assuming that it has not and that this is the main problem. And I believe that the error message from the MAC about unknown host is confirmation of this.

I am not familiar with CCP and do not know how to tell it to import DNS information. But if you can tell it to do that then I believe that the problem will be solved. If you have trouble getting this done in CCP then there are ways to configure in the DHCP pool to include the DNS server information.

Also I realized (for the first time) that the exit interface found: None was actually a CCP message. I had assumed that it was some more general error message.

So give a try for importing the DNS and lets see what happens.

HTH

Rick

Hi

Still no luck despite the two DNS I added. I really have no clue, what could be wrong.

My config looks as follows.

Thanks

Peter

Current configuration : 7204 bytes

!

! Last configuration change at 22:47:41 Berlin Sat Sep 24 2011 by phuber

! NVRAM config last updated at 22:47:30 Berlin Sat Sep 24 2011 by phuber

! NVRAM config last updated at 22:47:30 Berlin Sat Sep 24 2011 by phuber

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname habsburg

!

boot-start-marker

boot-end-marker

!

!

logging buffered 4096

enable secret 5 $1$MoY/$8a0962QftXIOGcDALI39X/

enable password XXXXX

!

no aaa new-model

!

clock timezone Berlin 1 0

clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00

!

no ipv6 cef

ip source-route

ip cef

!

!

!

ip dhcp excluded-address 10.10.10.1

!

ip dhcp pool ccp-pool1

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

!

!

ip name-server 62.2.17.60

ip name-server 62.2.24.158

!

multilink bundle-name authenticated

!

parameter-map type inspect global

log dropped-packets enable

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-1139877488

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1139877488

revocation-check none

rsakeypair TP-self-signed-1139877488

!

!

crypto pki certificate chain TP-self-signed-1139877488

certificate self-signed 01

  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 31313339 38373734 3838301E 170D3131 30393232 32303039

  33305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31333938

  37373438 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  81009781 CB60A527 8B809C47 DC331EC5 2D7271E3 34FF9D89 167928BD 4E810C16

  F0A4BAB0 10954AFF 88F8C409 9C3E0BF9 91E4A24A B2E1149D 2DEA157E 3D8118B0

  7A33B1C2 A678E459 DFBDB3E6 6D24044F BE469FC1 522B28C8 F2B8D81E 6195A59B

  607540AD 3A9F7010 DF6E95C9 4CDC3CBD E1FFA7CB E7B14657 94155B32 FA2DCFBE

  BD2F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

  551D2304 18301680 14538718 6BA50169 1FD5A5A5 BF0A3B65 8A577033 80301D06

  03551D0E 04160414 5387186B A501691F D5A5A5BF 0A3B658A 57703380 300D0609

  2A864886 F70D0101 05050003 8181000E 5BB064C1 9738637F 70074CA6 F140CC2D

  B61A79AB 8C0DED4D F79854E1 BE61B5C0 CBD10F4F E48305E9 272122E6 09C51198

  735A743F 3935DB44 C4DC5575 AD8F7006 232971C3 C7709BF9 359FB0BC 2C0822BB

  F544A8B9 E79F72A8 CDA7862F E7F265DC 4F61AE8F 375575CC 1E9E3B48 8899CF8D

  5CCAFE83 839E2A46 30F137E6 21ED9C

            quit

license udi pid CISCO1921/K9 sn FCZ1535C0XL

license boot module c1900 technology-package securityk9

!

!

username phuber privilege 15 secret 5 $1$1S2h$E9snHLA6FIjmj9lQnrd0I.

!

redundancy

!

!

!

!

!

class-map type inspect match-any SDM_BOOTPC

match access-group name SDM_BOOTPC

class-map type inspect match-any SDM_DHCP_CLIENT_PT

match class-map SDM_BOOTPC

class-map type inspect match-any ccp-skinny-inspect

match protocol skinny

class-map type inspect match-any sdm-cls-bootps

match protocol bootps

class-map type inspect match-any ccp-cls-insp-traffic

match protocol dns

match protocol ftp

match protocol https

match protocol icmp

match protocol imap

match protocol pop3

match protocol netshow

match protocol shell

match protocol realmedia

match protocol rtsp

match protocol smtp

match protocol sql-net

match protocol streamworks

match protocol tftp

match protocol vdolive

match protocol tcp

match protocol udp

class-map type inspect match-all ccp-insp-traffic

match class-map ccp-cls-insp-traffic

class-map type inspect match-any ccp-h323nxg-inspect

match protocol h323-nxg

class-map type inspect match-any ccp-cls-icmp-access

match protocol icmp

match protocol tcp

match protocol udp

class-map type inspect match-any ccp-h225ras-inspect

match protocol h225ras

class-map type inspect match-any ccp-h323annexe-inspect

match protocol h323-annexe

class-map type inspect match-any ccp-h323-inspect

match protocol h323

class-map type inspect match-all ccp-invalid-src

match access-group 100

class-map type inspect match-all ccp-icmp-access

match class-map ccp-cls-icmp-access

class-map type inspect match-any ccp-sip-inspect

match protocol sip

class-map type inspect match-all ccp-protocol-http

match protocol http

!

!

policy-map type inspect ccp-permit-icmpreply

class type inspect sdm-cls-bootps

  pass

class type inspect ccp-icmp-access

  inspect

class class-default

  pass

policy-map type inspect ccp-inspect

class type inspect ccp-invalid-src

  drop log

class type inspect ccp-protocol-http

  inspect

class type inspect ccp-insp-traffic

  inspect

class type inspect ccp-sip-inspect

  inspect

class type inspect ccp-h323-inspect

  inspect

class type inspect ccp-h323annexe-inspect

  inspect

class type inspect ccp-h225ras-inspect

  inspect

class type inspect ccp-h323nxg-inspect

  inspect

class type inspect ccp-skinny-inspect

  inspect

class class-default

  drop

policy-map type inspect ccp-permit

class type inspect SDM_DHCP_CLIENT_PT

  pass

class class-default

  drop

!

zone security in-zone

zone security out-zone

zone-pair security ccp-zp-out-self source out-zone destination self

service-policy type inspect ccp-permit

zone-pair security ccp-zp-in-out source in-zone destination out-zone

service-policy type inspect ccp-inspect

zone-pair security ccp-zp-self-out source self destination out-zone

service-policy type inspect ccp-permit-icmpreply

!

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description $ES_WAN$$FW_OUTSIDE$

ip address dhcp client-id GigabitEthernet0/0

ip nat outside

ip virtual-reassembly in

zone-member security out-zone

duplex auto

speed auto

!

interface GigabitEthernet0/1

description $ES_LAN$$FW_INSIDE$

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

zone-member security in-zone

duplex auto

speed auto

no mop enabled

!

ip forward-protocol nd

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source list 1 interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 80.219.128.1

ip route 0.0.0.0 0.0.0.0 80.219.128.1 254

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp

!

ip access-list extended SDM_BOOTPC

remark CCP_ACL Category=0

permit udp any any eq bootpc

!

logging trap debugging

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 10.10.10.0 0.0.0.255

access-list 100 remark CCP_ACL Category=128

access-list 100 permit ip host 255.255.255.255 any

access-list 100 permit ip 127.0.0.0 0.255.255.255 any

!

!

!

!

!

snmp-server community public RO

!

control-plane

!

!

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

privilege level 15

password XXXXXX

login local

transport input telnet ssh

transport output telnet ssh

line vty 5 15

privilege level 15

login local

transport input telnet ssh

transport output telnet ssh

!

scheduler allocate 20000 1000

end

Rick

Unfortunately it did not help.

br

Peter