[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 578
  • Last Modified:

Cisco 2800 Series - Cannot Access Internet

I just got this guy out of the box and started to configure it using the SDM.  I could not figure out how some of it worked through SDM so I went to command line....Anyways, I can not get out to the net...I did run a test on the SDM for the connection and this is what it told me.

Troubleshooting Results
Failure Reason(s)       Recommended Action(s)
No configured DNS server(s) are routable through the selected interface.       Select 'Enter IP address or hostname' option or add a 'host specific/network specific/default' route through this interface and retest connection.


I have included the config below...I need this up and running but can not figure out what I am missing.....





Building configuration...

Current configuration : 9318 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname BergenW
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5
enable password b3r.g3n
!
no aaa new-model
!
resource policy
!
ip subnet-zero
no ip routing
!
!
no ip cef
!
!
ip domain name yourdomain.com
ip name-server xxx.xx.xx.x
ip name-server xxx.xx.xx.x
!
username cisco privilege 15 secret 5 hahahahahahaha
!
!
!
interface GigabitEthernet0/0
 description WAN
 ip address xxx.xx.xx.254 255.255.255.0
 ip nat outside
 no ip route-cache
 duplex auto
 speed auto
 no mop enabled
!
interface GigabitEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 no ip route-cache
 duplex auto
 speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 xxx.xx.xxx.1
ip route xxx.xx.xxx.0 255.255.255.0 GigabitEthernet0/0
!
ip http server
ip http authentication local
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 1 interface GigabitEthernet0/0 overload
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 101 permit tcp any any eq 10000
access-list 101 permit udp any any eq non500-isakmp
access-list 101 permit udp any eq non500-isakmp any
access-list 101 permit tcp any eq 10000 any
access-list 101 permit udp any any eq domain
access-list 101 permit tcp any eq www any gt 1023
access-list 101 permit tcp any eq 443 any gt 1023
access-list 101 permit tcp any eq domain any
access-list 101 permit udp any eq domain any
access-list 101 permit tcp any eq smtp any
access-list 101 permit tcp any eq pop3 any
access-list 101 permit tcp any eq ftp any gt 1023
access-list 101 permit tcp any eq 3389 any
access-list 101 permit tcp any eq 5900 any
access-list 101 permit tcp any any gt 2048
access-list 101 permit tcp any any eq 5631
access-list 101 permit udp any any eq 5632
access-list 101 permit tcp any eq 5631 any
access-list 101 permit udp any eq 5632 any
access-list 101 permit icmp any any echo
access-list 101 permit icmp any any echo-reply
access-list 101 permit tcp any any eq www
access-list 101 permit tcp any any eq ftp
access-list 101 permit tcp any any eq domain
access-list 101 permit tcp any any eq 5900
access-list 101 permit tcp any any eq pop3
access-list 101 permit tcp any any eq smtp
access-list 101 permit tcp any any eq 1723
access-list 101 permit tcp any any eq 3389
access-list 101 permit tcp any eq 1723 any
access-list 101 permit udp any any eq isakmp
access-list 101 permit esp any any
access-list 101 permit tcp any any eq telnet
access-list 101 permit tcp any eq telnet any
access-list 101 permit udp any eq isakmp any
access-list 101 permit gre any any
access-list 101 permit udp any any eq 1604
access-list 101 permit udp any eq 1604 any
access-list 101 permit tcp any any eq 161
access-list 101 permit tcp any eq 161 any
access-list 101 permit udp any eq snmp any
access-list 101 permit udp any any eq snmp
access-list 101 permit udp any any eq 1646
access-list 101 permit udp any eq 1646 any
access-list 101 permit tcp any any eq ftp-data
access-list 101 permit tcp any eq ftp-data any
access-list 101 permit tcp any any eq 8080
access-list 101 permit tcp any eq 8080 any
access-list 101 permit tcp any any eq 308
access-list 101 permit tcp any eq 308 any
access-list 101 permit tcp any eq 2931 any
access-list 101 permit tcp any any eq 2931
access-list 101 permit tcp any eq ftp any
access-list 101 permit tcp any eq 3306 any
access-list 101 permit tcp any any eq 3306
access-list 101 permit tcp any any eq lpd
access-list 101 permit tcp any eq lpd any
access-list 101 permit udp any any eq 631
access-list 101 permit udp any eq 631 any
access-list 101 permit tcp any eq 1782 any
access-list 101 permit tcp any any eq 1782
access-list 101 permit tcp any eq 4110 any
access-list 101 permit tcp any any eq 4110
access-list 101 permit tcp any any eq 47273
access-list 101 permit tcp any eq 47273 any
access-list 101 permit tcp any any eq 20002
access-list 101 permit tcp any eq 20002 any
access-list 101 permit tcp any eq 3727 any
access-list 101 permit tcp any any eq 3727
access-list 101 permit tcp any any eq 1494
access-list 101 permit tcp any eq 1494 any
access-list 101 permit tcp any any eq 443
access-list 101 permit tcp any any eq 8200
access-list 101 permit tcp any eq 443 any
access-list 101 permit tcp any eq 8200 any
access-list 101 permit tcp any any eq 1701
access-list 101 permit tcp any eq 1701 any
access-list 101 permit tcp any any eq 9999
access-list 101 permit tcp any eq 9999 any
access-list 101 permit udp any eq 9999 any
access-list 101 permit tcp any any range 7776 7781
access-list 101 permit tcp any range 7776 7781 any
access-list 101 permit tcp any any eq 27900
access-list 101 permit tcp any eq 27900 any
access-list 101 permit tcp any eq 28902 any
access-list 101 permit tcp any any eq 28902
access-list 101 permit tcp any any eq 22
access-list 101 permit tcp any eq 22 any
access-list 101 permit udp any any range 7776 7781
access-list 101 permit udp any range 7776 7781 any
access-list 101 permit tcp any any eq 8443
access-list 101 permit tcp any eq 8443 any
access-list 101 permit tcp any any range 575 576
access-list 101 permit tcp any range 575 576 any
access-list 101 permit udp any range 575 576 any
access-list 101 permit udp any any range 575 576
access-list 101 permit tcp any any eq 50000
access-list 101 permit udp any any eq 50000
access-list 101 permit udp any eq 50000 any
access-list 101 permit tcp any eq 50000 any
access-list 101 permit tcp any any eq 6134
access-list 101 permit tcp any eq 6134 any
access-list 101 permit udp any eq 5004 any
access-list 101 permit udp any eq 5005 any
access-list 101 permit udp any eq 5006 any
access-list 101 permit udp any eq 5007 any
access-list 101 permit udp any eq 5008 any
access-list 101 permit udp any eq 5009 any
access-list 101 permit udp any any eq 5004
access-list 101 permit udp any any eq 5005
access-list 101 permit udp any any eq 5006
access-list 101 permit udp any any eq 5007
access-list 101 permit udp any any eq 5008
access-list 101 permit udp any any eq 5009
access-list 101 permit tcp any any range 5190 5193
access-list 101 permit tcp any range 5190 5193 any
access-list 101 permit tcp any any eq 8060
access-list 101 permit tcp any any eq 9000
access-list 101 permit tcp any any eq 1007
access-list 101 permit tcp any any eq 2007
access-list 101 permit tcp any any eq 1040
access-list 101 permit tcp any any eq 2210
access-list 101 permit tcp any eq 8060 any
access-list 101 permit tcp any eq 9000 any
access-list 101 permit tcp any eq 1007 any
access-list 101 permit tcp any eq 2007 any
access-list 101 permit tcp any eq 1040 any
access-list 101 permit tcp any eq 2210 any
access-list 101 permit tcp any any eq 3260
access-list 101 permit tcp any any eq 8448
access-list 101 permit tcp any eq 3260 any
access-list 101 permit tcp any eq 8448 any
access-list 101 permit udp any eq 8448 any
access-list 101 permit udp any eq 3260 any
access-list 101 permit udp any any eq 8448
access-list 101 permit udp any any eq 3260
access-list 101 permit tcp any any eq 81
access-list 101 permit tcp any eq 81 any
access-list 101 permit tcp any any range 1027 1030
access-list 101 permit tcp any range 1027 1030 any
access-list 101 permit tcp any any eq 8352
access-list 101 permit tcp any eq 8352 any
access-list 101 permit tcp any eq 9402 any
access-list 101 permit tcp any any eq 9402
access-list 101 permit udp any any eq 6971
access-list 101 permit udp any any eq 6972
access-list 101 permit udp any eq 6972 any
access-list 101 permit udp any eq 6971 any
access-list 101 permit udp any eq 6970 any
access-list 101 permit tcp any any eq 143
access-list 101 permit udp any any eq 143
access-list 101 permit tcp any eq 143 any
access-list 101 permit udp any eq 143 any
access-list 101 permit udp any any eq 4090
access-list 101 permit tcp any eq 6665 any
access-list 101 permit tcp any any eq 6664
access-list 101 permit udp any any eq 6664
access-list 101 permit udp any eq 6665 any
access-list 101 permit tcp any any eq 3101
access-list 101 permit tcp any eq 3101 any
access-list 101 permit udp any eq 20 any
snmp-server community public RO
!
control-plane
!
!
line con 0
 login local
line aux 0
line vty 0 4
 privilege level 15
 password b3rg3n
 login local
 transport input telnet
line vty 5 15
 privilege level 15
 password b3rg3n
 login local
 transport input telnet
!
scheduler allocate 20000 1000
!
end

----------------------------------------------------------

0
lttech
Asked:
lttech
  • 3
  • 3
1 Solution
 
kfullartonCommented:
>ip route 0.0.0.0 0.0.0.0 xxx.xx.xxx.1

Can you ping the next hop address from any of your clients or the router?
0
 
lttechAuthor Commented:
That address is the gateway that the ISP has provided.  And I can ping it.  But no further than that.
0
 
lrmooreCommented:
Looks like you're almost there...
Suggestions:

remove this line, you never want to add static routes to directly connected networks, and you never want to use a broadcast interface (Ethernet) as the destination
 >ip route xxx.xx.xxx.0 255.255.255.0 GigabitEthernet0/0
no ip route xxx.xx.xxx.0 255.255.255.0 GigabitEthernet0/0

>ip route 0.0.0.0 0.0.0.0 xxx.xx.xxx.1
Can you ping xx.xx.xx.1 from the router console?
router#ping xxx.xx.xxx.1

Yes? Then we look at the following:
Is your workstation set with the proper IP address/subnet mask and default gateway =
192.168.1.xx
255.255.255.0
192.168.1.1
Primary DNS = ???? Do you have your own internal DNS server, or are you using public DNS?
Try using 198.6.1.2  <== UUNET/MCI public caching dns server

No? Then we look at other issues. What is your upstream connectivity through the Ethernet port? Is it a cable modem or what? If yes, reboot the cable modem to clear it's arp cache. Power it off for a good 2 minutes before you power it back up.
Post output of "show ip interface brief" This will show if any interfaces are "administratively down". Look for Line UP, Protocol UP on both inside and outside interfaces..

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
lttechAuthor Commented:
I removed the line you said to remove.

I should clarify...I can not get out from the router.  I can not hit any public IP Addresses.
0
 
lrmooreCommented:
Now we must look at what is beyond your router.
What are you connected to? Cable/DSL modem, or another router? Have you tried the reboot?
What is the next hop? If you have cable modem, it is pass-through and the next hop is at the ISP where there could be a routing problem/peering issue.

0
 
lttechAuthor Commented:
Its not a routing issue. Other off the shelf routers will work with no problems.The feed is a wireless feed that we plug straight into. No modem on the outside.
0
 
lrmooreCommented:
Can you post output of "show interface GigabitEthernet0/0"

0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now