Hey everyone,
I have spent over 4 days trying to get this to work. I have been on the spiceworks forum and its apparent they dont know how to help cause the issues that did get resolved in the 4 days were done by me a straight cisco newb. It started by me needing to bring home a cisco router and get it to do a site to site VPN with the new sonicwall I have at work but sadly after 4 fays I have yet to even get it to connect to the internet properly. At first it would not pull a ip address from my ISP but I was able to resolve that with permit udp any eq bootps any eq bootpc and ip tcp adjust-mss 1460 (which I am not sure i even need with comcast) then rebooted the modem and the router and BAM finally it pulled a DHCP IP address from my ISP. Sadly however still no internet. Below is my config, ip interface, show ip route, and various ping and nat translation tests (IP Address is XXX out for security). Please help me I am at my wits end with this thing. (Its a Cisco 881)(Can ignore the VPN stuff I havent been able to use or test that stuff yet)
Labrouter#show run
Building configuration...
Current configuration : 2658 bytes
!
! Last configuration change at 16:33:36 SUMMER Thu Oct 1 2015
! NVRAM config last updated at 16:02:24 SUMMER Thu Oct 1 2015
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Labrouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$VVP3$S54zJ7vK9sYUDlDnruCZm.
enable password XXXXXXXX
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
!
!
memory-size iomem 10
clock timezone EST -5
clock summer-time SUMMER recurring
!
!
ip source-route
!
!
ip dhcp excluded-address 192.168.90.1 192.168.90.50
!
ip dhcp pool LAN1
import all
network 192.168.90.0 255.255.255.0
default-router 192.168.90.1
dns-server 8.8.8.8
lease 7
!
!
ip cef
no ip domain lookup
ip multicast-routing
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO881-SEC-K9 sn FTX155382K0
!
!
vtp mode transparent
!
!
ip ssh version 2
!
!
crypto isakmp policy 1
encr aes 256
authentication pre-share
group 5
lifetime 28800
crypto isakmp key XXXXXXXX address XXX.XXX.XXX.XXX
!
!
crypto ipsec transform-set Chris-Home esp-3des esp-sha-hmac
!
crypto map cisco_1_to_sonicwall_1 10 ipsec-isakmp
set peer XXX.XXX.XXX.XXX
set transform-set Chris-Home
match address 102
!
!
!
!
!
interface FastEthernet0
switchport access vlan 10
spanning-tree portfast
!
!
interface FastEthernet1
switchport access vlan 10
spanning-tree portfast
!
!
interface FastEthernet2
switchport access vlan 10
spanning-tree portfast
!
!
interface FastEthernet3
no cdp enable
spanning-tree portfast
!
!
interface FastEthernet4
ip address dhcp client-id FastEthernet4
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1460
duplex auto
speed auto
no cdp enable
!
!
interface Vlan1
description LAN
ip address dhcp
!
!
interface Vlan10
description LAN
ip address 192.168.90.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list NAT interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
ip access-list extended NAT
permit ip 192.168.90.0 0.0.0.255 any
permit udp any eq bootps any eq bootpc
permit icmp any any
ip access-list extended VPN
permit ip 192.168.10.0 0.0.0.255 192.168.90.0 0.0.0.255
!
access-list 101 permit ip 192.168.90.0 0.0.0.255 any
access-list 102 permit ip 192.168.90.0 0.0.0.255 192.168.10.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
!
line con 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
password XXXXXXXX
transport preferred ssh
transport input ssh
!
scheduler max-task-time 5000
end
Labrouter#sho ip int brie
Interface IP-Address OK? Method Status Protocol
FastEthernet0 unassigned YES unset up up
FastEthernet1 unassigned YES unset down down
FastEthernet2 unassigned YES unset down down
FastEthernet3 unassigned YES unset down down
FastEthernet4 98.231.XXX.XXX YES DHCP up up
NVI0 unassigned YES unset administratively down down
Vlan1 unassigned YES NVRAM down down
Vlan10 192.168.90.1 YES NVRAM down down
Labrouter#sho ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, FastEthernet4
76.0.0.0/32 is subnetted, 1 subnets
S 76.96.92.132 [254/0] via 98.231.XX.X, FastEthernet4
98.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 98.231.XX.X/21 is directly connected, FastEthernet4
L 98.231.XX.XX/32 is directly connected, FastEthernet4
Labrouter#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Labrouter#ping 8.8.8.8 source 192.168.90.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.90.1
.....
Success rate is 0 percent (0/5)
Labrouter#ping 8.8.8.8 source fa 4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 98.231.XXX.XXX
.....
Success rate is 0 percent (0/5)
Labrouter#sh ip nat trans
Pro Inside global Inside local Outside local Outside global
icmp 98.231.XXX.XXX:8 98.231.XXX.XXX:8 8.8.8.8:8 8.8.8.8:8
icmp 98.231.XXX.XXX:10 98.231.XXX.XXX:10 8.8.8.8:10 8.8.8.8:10
icmp 98.231.XXX.XXX:9 192.168.90.1:9 8.8.8.8:9 8.8.8.8:9
Labrouter#
