I can Ping the Net, but cannot access the Net

Fatehalmsaddi · ‎01-04-2013

Hello Friends,

I have a new Cisco Router 1841. I believe this is the OS name ( c1841-ipbase-mz.150-1.m6.bin ) This is my first Router to configure. Now, PCs in the local network can ping or tracert 4.2.2.2... But, none of the PCs of the local network is able to surf the Net.

What could be the problem ???

This is the running configuration:

show startup-config

version 15.0

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname FAM

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

enable secret 5 $1$Ap7l$hzSdorZ7dk41thYsFl7ln0

!

no aaa new-model

ip source-route

!

ip dhcp excluded-address 192.168.1.1 192.168.1.100

ip dhcp excluded-address 192.168.1.201 192.168.1.254

!

ip dhcp pool fam

network 192.168.1.0 255.255.255.0

domain-name fam.local

dns-server 213.132.63.25 80.227.2.4

default-router 192.168.1.10

!

ip cef

ip domain name fat.com

ip name-server 213.132.63.25

ip name-server 80.227.2.4

multilink bundle-name authenticated

!

license udi pid CISCO1841 sn FGL15272272

username fateh privilege 15 secret 5 $1$RItg$CBURoBzeI1dMuoG3A2v3Q.

!

interface FastEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$

ip address 94.200.97.14 255.255.255.252

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.1.10 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

ip default-gateway 94.200.97.13

ip forward-protocol nd

!

ip http server

ip http access-class 23

ip http authentication local

ip http timeout-policy idle 60 life 86400 requests 10000

ip route 0.0.0.0 0.0.0.0 94.200.97.13

!

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 192.168.1.0 0.0.0.255

!

control-plane

!

banner exec ^C

% Password expiration warning.

-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device

and it provides the default username "cisco" for one-time use. If you have

already used the username "cisco" to login to the router and your IOS image

supports the "one-time" user option, then this username has already expired.

You will not be able to login to the router with this username after you exit

this session.

It is strongly suggested that you create a new username with a privilege level

of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to

use.

-----------------------------------------------------------------------

^C

banner login ^C

-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device.

This feature requires the one-time use of the username "cisco" with the

password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE PUBLICLY-KNOWN

CREDENTIALS

Here are the Cisco IOS commands.

username <myuser> privilege 15 secret 0 <mypassword>

no username cisco

Replace <myuser> and <mypassword> with the username and password you want

to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL NOT BE ABLE

TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the

QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp

-----------------------------------------------------------------------

^C

!

line con 0

exec-timeout 30 0

password cisco

logging synchronous

login

line aux 0

line vty 0 4

access-class 23 in

exec-timeout 30 0

privilege level 15

password cisco

logging synchronous

login local

transport input telnet

line vty 5 15

access-class 23 in

exec-timeout 30 0

privilege level 15

password cisco

logging synchronous

login local

transport input telnet

line vty 16 807

exec-timeout 30 0

password cisco

logging synchronous

login local

!

scheduler allocate 20000 1000

end

------------------

Regards,

Fateh

cadet alain · ‎01-04-2013

Hi,

I even wonder how your PCs can ping or do a traceroute to 4.2.2.2 as you're missing the NAT overload statement.

Add this in global config:

ip nat inside source list 1 interface f0/0

Regards.

Alain

Don't forget to rate helpful posts.

ALIAOF_ · ‎01-04-2013

You do not need this command:

"ip default-gateway 94.200.97.13"

You also need to setup NAT:

ip access-list extended inside-nat-pool

permit ip 192.168.1.0 0.0.0.255 any

!

ip nat inside source list inside-nat-pool interface FastEthernet0/0 overload

Also usually when you setup the name servers they are supposed to be your internal DNS servers. If you do not have an internal DNS server just leave them out.

On your computers are these the DNS servers showing up when you do "ipconfig /all"

213.132.63.25 80.227.2.4 (Are these provided by your ISP?)

Can you ping any of your DNS servers from the computer?

Fatehalmsaddi · ‎01-07-2013

Thanks,

I think the problem was in the DNS as I have already set up the NAT, but I posted the old configuration mistakenly...

But now, I come accorss another problem. I cannot access my web server. I tried to disable the HTTP server of the router using:

> no ip http server

Nevertheless, I was not able to access my web server. ???

By the way, When I changed the port of the HTTP Server of the router, using:

> ip http port 9999

I was not able to connect to the router using

Cisco Professional Configuration. How can I get around this also ??

---------------------

version 15.0

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname FAM

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

enable secret 5 $1$Ap7l$hzSdorZ7dk41thYsFl7ln0

!

no aaa new-model

ip source-route

!

ip dhcp excluded-address 192.168.1.1 192.168.1.100

ip dhcp excluded-address 192.168.1.201 192.168.1.254

!

ip dhcp pool fam

network 192.168.1.0 255.255.255.0

domain-name fam.local

dns-server 213.132.63.25 80.227.2.4

default-router 192.168.1.10

!

ip cef

no ip domain lookup

multilink bundle-name authenticated

!

license udi pid CISCO1841 sn FGL15272272

username fateh privilege 15 secret 5 $1$RItg$CBURoBzeI1dMuoG3A2v3Q.

!

no ip ftp passive

!

interface FastEthernet0/0

description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ETH-WAN$

ip address 94.200.97.14 255.255.255.252

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.1.10 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

ip forward-protocol nd

!

ip http server

ip http access-class 23

ip http authentication local

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source static tcp 192.168.1.50 80 interface FastEthernet0/0 80

ip nat inside source list 1 interface FastEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 94.200.97.13

!

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 192.168.1.0 0.0.0.255

!

control-plane

!

banner exec ^C

% Password expiration warning.

-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device

and it provides the default username "cisco" for one-time use. If you have

already used the username "cisco" to login to the router and your IOS image

supports the "one-time" user option, then this username has already expired.

You will not be able to login to the router with this username after you exit

this session.

It is strongly suggested that you create a new username with a privilege level

of 15 using the following command.

username privilege 15 secret 0

Replace and with the username and password you want to

use.

-----------------------------------------------------------------------

^C

banner login ^C

-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device.

This feature requires the one-time use of the username "cisco" with the

password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE PUBLICLY-KNOWN

CREDENTIALS

Here are the Cisco IOS commands.

username privilege 15 secret 0

no username cisco

Replace and with the username and password you want

to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL NOT BE ABLE

TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the

QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp

-----------------------------------------------------------------------

^C

!

line con 0

exec-timeout 30 0

password cisco

logging synchronous

login

line aux 0

line vty 0 4

access-class 23 in

exec-timeout 30 0

privilege level 15

password cisco

logging synchronous

login local

transport input telnet

line vty 5 15

access-class 23 in

exec-timeout 30 0

privilege level 15

password cisco

logging synchronous

login local

transport input telnet

line vty 16 807

exec-timeout 30 0

password cisco

logging synchronous

login local

!

scheduler allocate 20000 1000

end

Best Regards,

Fateh

ALIAOF_ · ‎01-07-2013

You can't because of this line:

ip nat inside source static tcp 192.168.1.50 80 interface FastEthernet0/0 80

You will need another public IP address and then setup a NAT from 192.168.1.50 to that public IP, however if you only have a single IP addres from your ISP and you want your internal webserver accessible to the outside world you will have to do it like this. I don't use the GUI and prefer the CLI so doesn't matter to me you can always do that as well.

Go with using the CLI. Also you can always enable "ip htp secure-server" and use port 443.