Unable to access internet with new Cisco 1841 ISR

I am installing a new Cisco 1841 ISR on an Ethernet connected T1 from XO Communications.  There was a previous (inherited) Linksys router that was configured with a static IP address and all outbound traffic works so users can access the internet.

I am new to IOS so I was using SDM to configure the 1841.  FE0/0 is being used for the LAN.  FE0/1 for WAN.  Here is the config:

Building configuration...

Current configuration : 6991 bytes
!
! Last configuration change at 11:18:26 PCTime Wed Jan 30 2008 by xxx
! NVRAM config last updated at 11:11:29 PCTime Wed Jan 30 2008 by xxx
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ctcordiis
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$qMEF$93Ibm0vhpH4JibrRnUFyn/
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip tcp synwait-time 10
no ip dhcp use vrf connected
ip dhcp excluded-address 30.30.30.1 30.30.30.99
!
ip dhcp pool sdm-pool1
   import all
   network 30.30.30.0 255.255.255.0
   default-router 30.30.30.1
!
!
no ip bootp server
ip name-server 65.106.1.196
ip name-server 65.107.7.196
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
crypto pki trustpoint TP-self-signed-325642744
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-325642744
 revocation-check none
 rsakeypair TP-self-signed-325642744
!
!
crypto pki certificate chain TP-self-signed-325642744
 certificate self-signed 01
  3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33323536 34323734 34301E17 0D303830 31333031 36333935
  315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3332 35363432
  37343430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  C1783A37 E75A4DE5 8D5986BF FEC50D07 848E3626 7A7EF81F B7A72B2E 05A4DEFA
  D8C2C02A 698388E0 3536E486 A8A6138C 4D8E6535 42B52F59 312C9FD4 4DC2A119
  CF59A284 C3DA3694 7A620EF5 46CB9081 27678FAB B51C24C8 E63B4432 0B193A67
  157A4216 1DC9DE61 A7BC7AA6 6653ED1C BA016C21 6F4CFDC0 6EBD35C8 F3758D6B
  02030100 01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D
  11041B30 19821779 6F75726E 616D652E 796F7572 646F6D61 696E2E63 6F6D301F
  0603551D 23041830 1680147E 45F67657 FA322C83 F1A43A93 38875286 4D653830
  1D060355 1D0E0416 04147E45 F67657FA 322C83F1 A43A9338 8752864D 6538300D
  06092A86 4886F70D 01010405 00038181 002894CF 7CDBB6CF CE819FB9 C5D138AE
  83F0D20B EF7CF0B6 867B5DC8 298ACFA0 A7BC6CF7 18D741E3 F3CA7B8D F6E4D1B6
  BC66086E D064674A 21010733 7D9A113B B3A05DAA 08746E97 71B37350 921C20C2
  1E2874A6 0194DFF0 9A92A252 D59E6F97 AAD4E673 12ECD7D1 EDF2627D 32183EAE
  3FCC4F39 F3FED97C DAB21CB5 DB0D0F72 24
  quit
username xxx privilege 15 secret 5 $1$GZ4Z$.lWrh1nXusk0l785KY0X4.
!
!
!
!
!
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$
 ip address 30.30.30.1 255.255.255.0
 ip access-group 100 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 description $ES_WAN$$FW_OUTSIDE$
 ip address 64.50.28.163 255.255.255.248
 ip access-group 102 in
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip inspect SDM_LOW out
 ip nat outside
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
router rip
 network 30.0.0.0
 no auto-summary
!
ip classless
ip route 30.30.30.0 255.255.255.0 FastEthernet0/1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 3 interface FastEthernet0/1 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 30.30.30.0 0.0.0.255
access-list 3 permit 30.30.30.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip 64.50.28.160 0.0.0.7 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 65.107.7.196 eq domain host 64.50.28.163
access-list 101 permit udp host 65.106.1.196 eq domain host 64.50.28.163
access-list 101 deny   ip 30.30.30.0 0.0.0.255 any
access-list 101 permit icmp any host 64.50.28.163 echo-reply
access-list 101 permit icmp any host 64.50.28.163 time-exceeded
access-list 101 permit icmp any host 64.50.28.163 unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 deny   ip 30.30.30.0 0.0.0.255 any
access-list 102 permit icmp any host 64.50.28.163 echo-reply
access-list 102 permit icmp any host 64.50.28.163 time-exceeded
access-list 102 permit icmp any host 64.50.28.163 unreachable
access-list 102 deny   ip 10.0.0.0 0.255.255.255 any
access-list 102 deny   ip 172.16.0.0 0.15.255.255 any
access-list 102 deny   ip 192.168.0.0 0.0.255.255 any
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 deny   ip host 255.255.255.255 any
access-list 102 deny   ip host 0.0.0.0 any
access-list 102 deny   ip any any log
no cdp run
!
!
control-plane
!
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 4000 1000
end

jdurdinAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
neos2k1Connect With a Mentor Commented:
Why are not doing NAT anymore ?

 r#sh ip nat translation  

 what does it says ?

--- NAT in place------

interface FastEthernet0/0
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$$ETH-LAN$
 ip address 10.10.10.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled

==============================================


---- NO NAT IN PLACE -----------
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$
 ip address 10.10.10.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
0
 
neos2k1Commented:
I think you don't send your dns servers to your clients through DHCP .
this is what you should do.
Router# conf t
Router (config)# ip dhcp pool sdm-pool1
Router(dhcp-config)# dns-server <ip adress of  first dns server>  <ip address of second dns server>
Router(dhcp-config)# exit
Router(config)# do wr

That should do the trick. If this is not working try to ping ip address from your local pc.
64.233.167.99 > google.com

let me know if it's working or not.
0
 
jdurdinAuthor Commented:
Ok, I added the dns server info and still nothing.  If I log onto SDM and test the connection, FE0/1 checks out good but FE0/0 doesn't.  Here is the current config and SDM test connection error message:


Building configuration...

Current configuration : 6937 bytes
!
! Last configuration change at 13:27:37 PCTime Wed Jan 30 2008 by xxx
! NVRAM config last updated at 13:12:20 PCTime Wed Jan 30 2008 by xxx
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ctcordiis
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$qMEF$93Ibm0vhpH4JibrRnUFyn/
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip tcp synwait-time 10
no ip dhcp use vrf connected
ip dhcp excluded-address 30.30.30.1 30.30.30.99
!
ip dhcp pool sdm-pool1
   import all
   network 30.30.30.0 255.255.255.0
   default-router 30.30.30.1
!
ip dhcp pool smd-pool1
   dns-server 65.106.1.196 65.107.7.196
!
!
no ip bootp server
ip name-server 65.106.1.196
ip name-server 65.107.7.196
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
crypto pki trustpoint TP-self-signed-325642744
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-325642744
 revocation-check none
 rsakeypair TP-self-signed-325642744
!
!
crypto pki certificate chain TP-self-signed-325642744
 certificate self-signed 01
  3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33323536 34323734 34301E17 0D303830 31333031 36333935
  315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3332 35363432
  37343430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  C1783A37 E75A4DE5 8D5986BF FEC50D07 848E3626 7A7EF81F B7A72B2E 05A4DEFA
  D8C2C02A 698388E0 3536E486 A8A6138C 4D8E6535 42B52F59 312C9FD4 4DC2A119
  CF59A284 C3DA3694 7A620EF5 46CB9081 27678FAB B51C24C8 E63B4432 0B193A67
  157A4216 1DC9DE61 A7BC7AA6 6653ED1C BA016C21 6F4CFDC0 6EBD35C8 F3758D6B
  02030100 01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D
  11041B30 19821779 6F75726E 616D652E 796F7572 646F6D61 696E2E63 6F6D301F
  0603551D 23041830 1680147E 45F67657 FA322C83 F1A43A93 38875286 4D653830
  1D060355 1D0E0416 04147E45 F67657FA 322C83F1 A43A9338 8752864D 6538300D
  06092A86 4886F70D 01010405 00038181 002894CF 7CDBB6CF CE819FB9 C5D138AE
  83F0D20B EF7CF0B6 867B5DC8 298ACFA0 A7BC6CF7 18D741E3 F3CA7B8D F6E4D1B6
  BC66086E D064674A 21010733 7D9A113B B3A05DAA 08746E97 71B37350 921C20C2
  1E2874A6 0194DFF0 9A92A252 D59E6F97 AAD4E673 12ECD7D1 EDF2627D 32183EAE
  3FCC4F39 F3FED97C DAB21CB5 DB0D0F72 24
  quit
username xxx privilege 15 secret 5 $1$GZ4Z$.lWrh1nXusk0l785KY0X4.
!
!
!
!
!
interface FastEthernet0/0
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$$ETH-LAN$
 ip address 30.30.30.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$
 ip address 64.50.28.163 255.255.255.248
 ip verify unicast reverse-path
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 3 interface FastEthernet0/1 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 30.30.30.0 0.0.0.255
access-list 3 permit 30.30.30.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip 64.50.28.160 0.0.0.7 any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 65.107.7.196 eq domain host 64.50.28.163
access-list 101 permit udp host 65.106.1.196 eq domain host 64.50.28.163
access-list 101 deny   ip 30.30.30.0 0.0.0.255 any
access-list 101 permit icmp any host 64.50.28.163 echo-reply
access-list 101 permit icmp any host 64.50.28.163 time-exceeded
access-list 101 permit icmp any host 64.50.28.163 unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 deny   ip 30.30.30.0 0.0.0.255 any
access-list 102 permit icmp any host 64.50.28.163 echo-reply
access-list 102 permit icmp any host 64.50.28.163 time-exceeded
access-list 102 permit icmp any host 64.50.28.163 unreachable
access-list 102 deny   ip 10.0.0.0 0.255.255.255 any
access-list 102 deny   ip 172.16.0.0 0.15.255.255 any
access-list 102 deny   ip 192.168.0.0 0.0.255.255 any
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 deny   ip host 255.255.255.255 any
access-list 102 deny   ip host 0.0.0.0 any
access-list 102 deny   ip any any log
no cdp run
!
!
control-plane
!
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 4000 1000
end

WAN troubleshooting report details



Router Details

Attribute Value
Router Model  1841  
Image Name  c1841-advsecurityk9-mz.124-3i.bin  
IOS Version  12.4(3i)  
Hostname  ctcordiis  


Interface Details

Attribute Value
Interface  FastEthernet0/0  
IP address  30.30.30.1  
Description  


Test Activity Summary

Activity Status
Checking interface status...  Up  
Checking for DNS settings...  Successful  
Checking interface IP address..  Successful  
Checking exit interface...  Failed  


Test Activity Details

Activity Status
Checking interface status...  Up  
    Interface physical status :Up  
    Line protocol status :Up  
Checking for DNS settings...  Successful  
    DNS lookup set :Yes  
    Statically configured DNS servers : 65.106.1.196 65.107.7.196  
    Dynamically imported DNS servers :None  
Checking interface IP address..  Successful  
    Interface IP address :30.30.30.1  
    Interface IP address Type :Static  
Checking exit interface...  Failed  
    Exit interface found : FastEthernet0/1  
    Exit interface found : FastEthernet0/1  


Troubleshooting Results Failure Reason(s) Recommended Action(s)

 To test connectivity, SDM tries to ping the configured DNS servers. However, there is no configured route to any of the DNS servers through the selected interface.  Select 'User-specified' option or add a 'host specific/network specific/default' route through this interface and retest connection.  
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
neos2k1Commented:
could be a problem with your access-list on fa0/1. have you tried to disable it for a second ?
   R(config)# inter fa0/1
   R(config-if)# no  ip access-group 102 in

 See if everything it's ok like this. You add the ACL back with
 R(config-if)# ip access-group 102 in (remove no)

 If this is not working try the followings on your pc.  Post here the result. (use command prompt - cmd)
1. ipconfig /all
2. route print
3. ping google.com
4. ping 65.107.7.196
5. tracert 65.107.7.196
 
 let me know what happens.
0
 
jdurdinAuthor Commented:
That didn't help.  I am going to go and do some deeper troubleshooting (as I did, I found that one of the DNS servers isn't able to ping even when you are configuring direct from a PC).

I am having the ISP email me all the IP addresses, DNS servers, ect.

One thing, since I am new to Cisco config and always dealt with simple routers, what does the IOS consider the "default gateway" as configured on simple routers?
0
 
neos2k1Commented:
by default the router will route between his interfaces afaik. default-gateway is different.

Command:
ip default-gateway

Mode:
Router(config)#

Syntax:
ip default-gateway ip address

no ip default-gateway ip address

Syntax Description:

ip-address IP address of the router

Command Description:
To define a default gateway (router) when IP routing is disabled, use the ip default-gateway global configuration command. To disable this function, use the no form of this command.

Example:
Router(config)#ip default-gateway 192.31.7.18  

Misconceptions:
The ip default-gateway command is often used to try to set the router's default route. This is incorrect. The ip default-gateway setting is only used when ip routing is disabled. This command does not set the router's default route.

Related Commands:
 
 None
 
0
 
jdurdinAuthor Commented:
So, the default route and next hop address are what?  Sorry for asking newbie questions but I am just trying to wrap my head around this
0
 
neos2k1Commented:
The default route is the IP address of the next hop when no other routes are known. If you have a default route set up all your packets will go that route if they don't have a route to destination.

Command:
ip route

Mode:
Router(config)#

Syntax:
ip route prefix mask {address | interface} [distance] [tag tag] [permanent]
no ip route prefix mask {address | interface} [distance] [tag tag] [permanent]

Syntax Description:
prefix
 IP route prefix for the destination
 mask
 Prefix mask for the destination
 address
 IP address of the next hop that can be used to reach that network
 interface
 Network interface to use
 distance
 (Optional) An administrative distance
 tag tag
 (Optional) Tag value that can be used as a "match" value for controlling redistribution via route maps
 permanent
 (Optional) Specifies that the route will not be removed, even if the interface shuts down
 
Command Description:
To establish static routes, use the ip route global configuration command. To remove static routes, use the no form of this command.

Example:
Router(config)#ip route 10.0.0.0 255.0.0.0 131.108.3.4 110

Misconceptions:
 None

Related Commands:
 show ip route
 
 Look for ciscopedia v3 on google.

0
 
neos2k1Commented:
Add a default route to your ISP gateway.
0
 
neos2k1Commented:
If you need to add a default route use
R (config)# ip route 0.0.0.0 0.0.0.0 <next hop ip address / router interface to next hop>

Sorry don't know how to edit posts . :)
0
 
jdurdinAuthor Commented:
I verified the info from the ISP and I added a NAT pool of the IP addresses.  Here is the latest config.  I still can't access or ping outside:

!This is the show startup-config output of the router: show startup-config
!----------------------------------------------------------------------------

Using 2863 out of 196600 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname cc1
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$S7OX$RShss0eLJU17jr.VXLqJg1
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.99
!
ip dhcp pool sdm-pool1
   import all
   network 10.10.10.0 255.255.255.0
   dns-server 65.106.1.196 65.107.7.196
!
!
no ip bootp server
ip name-server 65.106.1.196
ip name-server 65.106.7.196
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
crypto pki trustpoint TP-self-signed-325642744
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-325642744
 revocation-check none
 rsakeypair TP-self-signed-325642744
!
!
crypto pki certificate chain TP-self-signed-325642744
 certificate self-signed 01 nvram:IOS-Self-Sig#3401.cer
username wrkstnmgr privilege 15 secret 5 $1$Ex3O$A.DgHlKYOduPpt.hbeNNJ/
!
!
!
!
!
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$
 ip address 10.10.10.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 description $FW_OUTSIDE$$ES_WAN$
 ip address 64.50.28.165 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 permanent
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool XO 64.50.28.162 64.50.28.166 netmask 255.255.255.248
ip nat inside source list XO pool XO overload
!
ip access-list extended XO
 remark XO
 remark SDM_ACL Category=2
 remark XO
 permit ip any any
!
logging trap debugging
no cdp run
!
!
control-plane
!
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 4000 1000
end

0
 
neos2k1Commented:
try ping from the router to google.com and google ip. tell me if that's working or not?
0
 
jdurdinAuthor Commented:
I was able to ping google.com from the router.  It isn't always 100% but most of the time it is.  Here is the latest config:

Using 2727 out of 196600 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname cc1
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$S7OX$RShss0eLJU17jr.VXLqJg1
!
no aaa new-model
resource policy
!
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.99
!
ip dhcp pool sdm-pool1
   network 10.10.10.0 255.255.255.0
!
!
no ip bootp server
ip name-server 65.106.1.196
ip name-server 65.106.7.196
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
crypto pki trustpoint TP-self-signed-325642744
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-325642744
 revocation-check none
 rsakeypair TP-self-signed-325642744
!
!
crypto pki certificate chain TP-self-signed-325642744
 certificate self-signed 01 nvram:IOS-Self-Sig#3401.cer
username wrkstnmgr privilege 15 secret 5 $1$Ex3O$A.DgHlKYOduPpt.hbeNNJ/
!
!
!
!
!
interface FastEthernet0/0
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$$ETH-LAN$
 ip address 10.10.10.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 description $FW_OUTSIDE$$ES_WAN$$ETH-WAN$
 ip address 64.50.28.165 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 64.50.28.161
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool XO 64.50.28.162 64.50.28.166 netmask 255.255.255.248
!
ip access-list extended XO
 remark XO
 remark SDM_ACL Category=2
 remark XO
 permit ip any any
!
logging trap debugging
no cdp run
!
!
control-plane
!
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 4000 1000
end
0
 
jdurdinAuthor Commented:
Anyone had an idea of what could be wrong?
0
All Courses

From novice to tech pro — start learning today.