jdurdin
asked on
Unable to access internet with new Cisco 1841 ISR
I am installing a new Cisco 1841 ISR on an Ethernet connected T1 from XO Communications. There was a previous (inherited) Linksys router that was configured with a static IP address and all outbound traffic works so users can access the internet.
I am new to IOS so I was using SDM to configure the 1841. FE0/0 is being used for the LAN. FE0/1 for WAN. Here is the config:
Building configuration...
Current configuration : 6991 bytes
!
! Last configuration change at 11:18:26 PCTime Wed Jan 30 2008 by xxx
! NVRAM config last updated at 11:11:29 PCTime Wed Jan 30 2008 by xxx
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ctcordiis
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$qMEF$93Ibm0vhpH4JibrRnU Fyn/
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip tcp synwait-time 10
no ip dhcp use vrf connected
ip dhcp excluded-address 30.30.30.1 30.30.30.99
!
ip dhcp pool sdm-pool1
import all
network 30.30.30.0 255.255.255.0
default-router 30.30.30.1
!
!
no ip bootp server
ip name-server 65.106.1.196
ip name-server 65.107.7.196
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
crypto pki trustpoint TP-self-signed-325642744
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi cate-32564 2744
revocation-check none
rsakeypair TP-self-signed-325642744
!
!
crypto pki certificate chain TP-self-signed-325642744
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33323536 34323734 34301E17 0D303830 31333031 36333935
315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3332 35363432
37343430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
C1783A37 E75A4DE5 8D5986BF FEC50D07 848E3626 7A7EF81F B7A72B2E 05A4DEFA
D8C2C02A 698388E0 3536E486 A8A6138C 4D8E6535 42B52F59 312C9FD4 4DC2A119
CF59A284 C3DA3694 7A620EF5 46CB9081 27678FAB B51C24C8 E63B4432 0B193A67
157A4216 1DC9DE61 A7BC7AA6 6653ED1C BA016C21 6F4CFDC0 6EBD35C8 F3758D6B
02030100 01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D
11041B30 19821779 6F75726E 616D652E 796F7572 646F6D61 696E2E63 6F6D301F
0603551D 23041830 1680147E 45F67657 FA322C83 F1A43A93 38875286 4D653830
1D060355 1D0E0416 04147E45 F67657FA 322C83F1 A43A9338 8752864D 6538300D
06092A86 4886F70D 01010405 00038181 002894CF 7CDBB6CF CE819FB9 C5D138AE
83F0D20B EF7CF0B6 867B5DC8 298ACFA0 A7BC6CF7 18D741E3 F3CA7B8D F6E4D1B6
BC66086E D064674A 21010733 7D9A113B B3A05DAA 08746E97 71B37350 921C20C2
1E2874A6 0194DFF0 9A92A252 D59E6F97 AAD4E673 12ECD7D1 EDF2627D 32183EAE
3FCC4F39 F3FED97C DAB21CB5 DB0D0F72 24
quit
username xxx privilege 15 secret 5 $1$GZ4Z$.lWrh1nXusk0l785KY 0X4.
!
!
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$I NTF-INFO-F E 0$$ES_LAN$$FW_INSIDE$
ip address 30.30.30.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $ES_WAN$$FW_OUTSIDE$
ip address 64.50.28.163 255.255.255.248
ip access-group 102 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect SDM_LOW out
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
router rip
network 30.0.0.0
no auto-summary
!
ip classless
ip route 30.30.30.0 255.255.255.0 FastEthernet0/1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 3 interface FastEthernet0/1 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 30.30.30.0 0.0.0.255
access-list 3 permit 30.30.30.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip 64.50.28.160 0.0.0.7 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 65.107.7.196 eq domain host 64.50.28.163
access-list 101 permit udp host 65.106.1.196 eq domain host 64.50.28.163
access-list 101 deny ip 30.30.30.0 0.0.0.255 any
access-list 101 permit icmp any host 64.50.28.163 echo-reply
access-list 101 permit icmp any host 64.50.28.163 time-exceeded
access-list 101 permit icmp any host 64.50.28.163 unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 deny ip 30.30.30.0 0.0.0.255 any
access-list 102 permit icmp any host 64.50.28.163 echo-reply
access-list 102 permit icmp any host 64.50.28.163 time-exceeded
access-list 102 permit icmp any host 64.50.28.163 unreachable
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip host 0.0.0.0 any
access-list 102 deny ip any any log
no cdp run
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
end
I am new to IOS so I was using SDM to configure the 1841. FE0/0 is being used for the LAN. FE0/1 for WAN. Here is the config:
Building configuration...
Current configuration : 6991 bytes
!
! Last configuration change at 11:18:26 PCTime Wed Jan 30 2008 by xxx
! NVRAM config last updated at 11:11:29 PCTime Wed Jan 30 2008 by xxx
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ctcordiis
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$qMEF$93Ibm0vhpH4JibrRnU
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip tcp synwait-time 10
no ip dhcp use vrf connected
ip dhcp excluded-address 30.30.30.1 30.30.30.99
!
ip dhcp pool sdm-pool1
import all
network 30.30.30.0 255.255.255.0
default-router 30.30.30.1
!
!
no ip bootp server
ip name-server 65.106.1.196
ip name-server 65.107.7.196
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
crypto pki trustpoint TP-self-signed-325642744
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-325642744
!
!
crypto pki certificate chain TP-self-signed-325642744
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33323536 34323734 34301E17 0D303830 31333031 36333935
315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3332 35363432
37343430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
C1783A37 E75A4DE5 8D5986BF FEC50D07 848E3626 7A7EF81F B7A72B2E 05A4DEFA
D8C2C02A 698388E0 3536E486 A8A6138C 4D8E6535 42B52F59 312C9FD4 4DC2A119
CF59A284 C3DA3694 7A620EF5 46CB9081 27678FAB B51C24C8 E63B4432 0B193A67
157A4216 1DC9DE61 A7BC7AA6 6653ED1C BA016C21 6F4CFDC0 6EBD35C8 F3758D6B
02030100 01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D
11041B30 19821779 6F75726E 616D652E 796F7572 646F6D61 696E2E63 6F6D301F
0603551D 23041830 1680147E 45F67657 FA322C83 F1A43A93 38875286 4D653830
1D060355 1D0E0416 04147E45 F67657FA 322C83F1 A43A9338 8752864D 6538300D
06092A86 4886F70D 01010405 00038181 002894CF 7CDBB6CF CE819FB9 C5D138AE
83F0D20B EF7CF0B6 867B5DC8 298ACFA0 A7BC6CF7 18D741E3 F3CA7B8D F6E4D1B6
BC66086E D064674A 21010733 7D9A113B B3A05DAA 08746E97 71B37350 921C20C2
1E2874A6 0194DFF0 9A92A252 D59E6F97 AAD4E673 12ECD7D1 EDF2627D 32183EAE
3FCC4F39 F3FED97C DAB21CB5 DB0D0F72 24
quit
username xxx privilege 15 secret 5 $1$GZ4Z$.lWrh1nXusk0l785KY
!
!
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$I
ip address 30.30.30.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $ES_WAN$$FW_OUTSIDE$
ip address 64.50.28.163 255.255.255.248
ip access-group 102 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect SDM_LOW out
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
router rip
network 30.0.0.0
no auto-summary
!
ip classless
ip route 30.30.30.0 255.255.255.0 FastEthernet0/1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 3 interface FastEthernet0/1 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 30.30.30.0 0.0.0.255
access-list 3 permit 30.30.30.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip 64.50.28.160 0.0.0.7 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 65.107.7.196 eq domain host 64.50.28.163
access-list 101 permit udp host 65.106.1.196 eq domain host 64.50.28.163
access-list 101 deny ip 30.30.30.0 0.0.0.255 any
access-list 101 permit icmp any host 64.50.28.163 echo-reply
access-list 101 permit icmp any host 64.50.28.163 time-exceeded
access-list 101 permit icmp any host 64.50.28.163 unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 deny ip 30.30.30.0 0.0.0.255 any
access-list 102 permit icmp any host 64.50.28.163 echo-reply
access-list 102 permit icmp any host 64.50.28.163 time-exceeded
access-list 102 permit icmp any host 64.50.28.163 unreachable
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip host 0.0.0.0 any
access-list 102 deny ip any any log
no cdp run
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
end
ASKER
Ok, I added the dns server info and still nothing. If I log onto SDM and test the connection, FE0/1 checks out good but FE0/0 doesn't. Here is the current config and SDM test connection error message:
Building configuration...
Current configuration : 6937 bytes
!
! Last configuration change at 13:27:37 PCTime Wed Jan 30 2008 by xxx
! NVRAM config last updated at 13:12:20 PCTime Wed Jan 30 2008 by xxx
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ctcordiis
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$qMEF$93Ibm0vhpH4JibrRnU Fyn/
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip tcp synwait-time 10
no ip dhcp use vrf connected
ip dhcp excluded-address 30.30.30.1 30.30.30.99
!
ip dhcp pool sdm-pool1
import all
network 30.30.30.0 255.255.255.0
default-router 30.30.30.1
!
ip dhcp pool smd-pool1
dns-server 65.106.1.196 65.107.7.196
!
!
no ip bootp server
ip name-server 65.106.1.196
ip name-server 65.107.7.196
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
crypto pki trustpoint TP-self-signed-325642744
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi cate-32564 2744
revocation-check none
rsakeypair TP-self-signed-325642744
!
!
crypto pki certificate chain TP-self-signed-325642744
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33323536 34323734 34301E17 0D303830 31333031 36333935
315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3332 35363432
37343430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
C1783A37 E75A4DE5 8D5986BF FEC50D07 848E3626 7A7EF81F B7A72B2E 05A4DEFA
D8C2C02A 698388E0 3536E486 A8A6138C 4D8E6535 42B52F59 312C9FD4 4DC2A119
CF59A284 C3DA3694 7A620EF5 46CB9081 27678FAB B51C24C8 E63B4432 0B193A67
157A4216 1DC9DE61 A7BC7AA6 6653ED1C BA016C21 6F4CFDC0 6EBD35C8 F3758D6B
02030100 01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D
11041B30 19821779 6F75726E 616D652E 796F7572 646F6D61 696E2E63 6F6D301F
0603551D 23041830 1680147E 45F67657 FA322C83 F1A43A93 38875286 4D653830
1D060355 1D0E0416 04147E45 F67657FA 322C83F1 A43A9338 8752864D 6538300D
06092A86 4886F70D 01010405 00038181 002894CF 7CDBB6CF CE819FB9 C5D138AE
83F0D20B EF7CF0B6 867B5DC8 298ACFA0 A7BC6CF7 18D741E3 F3CA7B8D F6E4D1B6
BC66086E D064674A 21010733 7D9A113B B3A05DAA 08746E97 71B37350 921C20C2
1E2874A6 0194DFF0 9A92A252 D59E6F97 AAD4E673 12ECD7D1 EDF2627D 32183EAE
3FCC4F39 F3FED97C DAB21CB5 DB0D0F72 24
quit
username xxx privilege 15 secret 5 $1$GZ4Z$.lWrh1nXusk0l785KY 0X4.
!
!
!
!
!
interface FastEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO- FE 0$$ES_LAN$$FW_INSIDE$$ETH- LAN$
ip address 30.30.30.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $ES_WAN$$FW_OUTSIDE$$ETH-W AN$
ip address 64.50.28.163 255.255.255.248
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 3 interface FastEthernet0/1 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 30.30.30.0 0.0.0.255
access-list 3 permit 30.30.30.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip 64.50.28.160 0.0.0.7 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 65.107.7.196 eq domain host 64.50.28.163
access-list 101 permit udp host 65.106.1.196 eq domain host 64.50.28.163
access-list 101 deny ip 30.30.30.0 0.0.0.255 any
access-list 101 permit icmp any host 64.50.28.163 echo-reply
access-list 101 permit icmp any host 64.50.28.163 time-exceeded
access-list 101 permit icmp any host 64.50.28.163 unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 deny ip 30.30.30.0 0.0.0.255 any
access-list 102 permit icmp any host 64.50.28.163 echo-reply
access-list 102 permit icmp any host 64.50.28.163 time-exceeded
access-list 102 permit icmp any host 64.50.28.163 unreachable
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip host 0.0.0.0 any
access-list 102 deny ip any any log
no cdp run
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
end
WAN troubleshooting report details
Router Details
Attribute Value
Router Model 1841
Image Name c1841-advsecurityk9-mz.124 -3i.bin
IOS Version 12.4(3i)
Hostname ctcordiis
Interface Details
Attribute Value
Interface FastEthernet0/0
IP address 30.30.30.1
Description
Test Activity Summary
Activity Status
Checking interface status... Up
Checking for DNS settings... Successful
Checking interface IP address.. Successful
Checking exit interface... Failed
Test Activity Details
Activity Status
Checking interface status... Up
Interface physical status :Up
Line protocol status :Up
Checking for DNS settings... Successful
DNS lookup set :Yes
Statically configured DNS servers : 65.106.1.196 65.107.7.196
Dynamically imported DNS servers :None
Checking interface IP address.. Successful
Interface IP address :30.30.30.1
Interface IP address Type :Static
Checking exit interface... Failed
Exit interface found : FastEthernet0/1
Exit interface found : FastEthernet0/1
Troubleshooting Results Failure Reason(s) Recommended Action(s)
To test connectivity, SDM tries to ping the configured DNS servers. However, there is no configured route to any of the DNS servers through the selected interface. Select 'User-specified' option or add a 'host specific/network specific/default' route through this interface and retest connection.
Building configuration...
Current configuration : 6937 bytes
!
! Last configuration change at 13:27:37 PCTime Wed Jan 30 2008 by xxx
! NVRAM config last updated at 13:12:20 PCTime Wed Jan 30 2008 by xxx
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ctcordiis
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$qMEF$93Ibm0vhpH4JibrRnU
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip tcp synwait-time 10
no ip dhcp use vrf connected
ip dhcp excluded-address 30.30.30.1 30.30.30.99
!
ip dhcp pool sdm-pool1
import all
network 30.30.30.0 255.255.255.0
default-router 30.30.30.1
!
ip dhcp pool smd-pool1
dns-server 65.106.1.196 65.107.7.196
!
!
no ip bootp server
ip name-server 65.106.1.196
ip name-server 65.107.7.196
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
crypto pki trustpoint TP-self-signed-325642744
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-325642744
!
!
crypto pki certificate chain TP-self-signed-325642744
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33323536 34323734 34301E17 0D303830 31333031 36333935
315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3332 35363432
37343430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
C1783A37 E75A4DE5 8D5986BF FEC50D07 848E3626 7A7EF81F B7A72B2E 05A4DEFA
D8C2C02A 698388E0 3536E486 A8A6138C 4D8E6535 42B52F59 312C9FD4 4DC2A119
CF59A284 C3DA3694 7A620EF5 46CB9081 27678FAB B51C24C8 E63B4432 0B193A67
157A4216 1DC9DE61 A7BC7AA6 6653ED1C BA016C21 6F4CFDC0 6EBD35C8 F3758D6B
02030100 01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D
11041B30 19821779 6F75726E 616D652E 796F7572 646F6D61 696E2E63 6F6D301F
0603551D 23041830 1680147E 45F67657 FA322C83 F1A43A93 38875286 4D653830
1D060355 1D0E0416 04147E45 F67657FA 322C83F1 A43A9338 8752864D 6538300D
06092A86 4886F70D 01010405 00038181 002894CF 7CDBB6CF CE819FB9 C5D138AE
83F0D20B EF7CF0B6 867B5DC8 298ACFA0 A7BC6CF7 18D741E3 F3CA7B8D F6E4D1B6
BC66086E D064674A 21010733 7D9A113B B3A05DAA 08746E97 71B37350 921C20C2
1E2874A6 0194DFF0 9A92A252 D59E6F97 AAD4E673 12ECD7D1 EDF2627D 32183EAE
3FCC4F39 F3FED97C DAB21CB5 DB0D0F72 24
quit
username xxx privilege 15 secret 5 $1$GZ4Z$.lWrh1nXusk0l785KY
!
!
!
!
!
interface FastEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-
ip address 30.30.30.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $ES_WAN$$FW_OUTSIDE$$ETH-W
ip address 64.50.28.163 255.255.255.248
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 3 interface FastEthernet0/1 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 30.30.30.0 0.0.0.255
access-list 3 permit 30.30.30.0 0.0.0.255
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip 64.50.28.160 0.0.0.7 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 65.107.7.196 eq domain host 64.50.28.163
access-list 101 permit udp host 65.106.1.196 eq domain host 64.50.28.163
access-list 101 deny ip 30.30.30.0 0.0.0.255 any
access-list 101 permit icmp any host 64.50.28.163 echo-reply
access-list 101 permit icmp any host 64.50.28.163 time-exceeded
access-list 101 permit icmp any host 64.50.28.163 unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 deny ip 30.30.30.0 0.0.0.255 any
access-list 102 permit icmp any host 64.50.28.163 echo-reply
access-list 102 permit icmp any host 64.50.28.163 time-exceeded
access-list 102 permit icmp any host 64.50.28.163 unreachable
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip host 0.0.0.0 any
access-list 102 deny ip any any log
no cdp run
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
end
WAN troubleshooting report details
Router Details
Attribute Value
Router Model 1841
Image Name c1841-advsecurityk9-mz.124
IOS Version 12.4(3i)
Hostname ctcordiis
Interface Details
Attribute Value
Interface FastEthernet0/0
IP address 30.30.30.1
Description
Test Activity Summary
Activity Status
Checking interface status... Up
Checking for DNS settings... Successful
Checking interface IP address.. Successful
Checking exit interface... Failed
Test Activity Details
Activity Status
Checking interface status... Up
Interface physical status :Up
Line protocol status :Up
Checking for DNS settings... Successful
DNS lookup set :Yes
Statically configured DNS servers : 65.106.1.196 65.107.7.196
Dynamically imported DNS servers :None
Checking interface IP address.. Successful
Interface IP address :30.30.30.1
Interface IP address Type :Static
Checking exit interface... Failed
Exit interface found : FastEthernet0/1
Exit interface found : FastEthernet0/1
Troubleshooting Results Failure Reason(s) Recommended Action(s)
To test connectivity, SDM tries to ping the configured DNS servers. However, there is no configured route to any of the DNS servers through the selected interface. Select 'User-specified' option or add a 'host specific/network specific/default' route through this interface and retest connection.
could be a problem with your access-list on fa0/1. have you tried to disable it for a second ?
R(config)# inter fa0/1
R(config-if)# no ip access-group 102 in
See if everything it's ok like this. You add the ACL back with
R(config-if)# ip access-group 102 in (remove no)
If this is not working try the followings on your pc. Post here the result. (use command prompt - cmd)
1. ipconfig /all
2. route print
3. ping google.com
4. ping 65.107.7.196
5. tracert 65.107.7.196
let me know what happens.
R(config)# inter fa0/1
R(config-if)# no ip access-group 102 in
See if everything it's ok like this. You add the ACL back with
R(config-if)# ip access-group 102 in (remove no)
If this is not working try the followings on your pc. Post here the result. (use command prompt - cmd)
1. ipconfig /all
2. route print
3. ping google.com
4. ping 65.107.7.196
5. tracert 65.107.7.196
let me know what happens.
ASKER
That didn't help. I am going to go and do some deeper troubleshooting (as I did, I found that one of the DNS servers isn't able to ping even when you are configuring direct from a PC).
I am having the ISP email me all the IP addresses, DNS servers, ect.
One thing, since I am new to Cisco config and always dealt with simple routers, what does the IOS consider the "default gateway" as configured on simple routers?
I am having the ISP email me all the IP addresses, DNS servers, ect.
One thing, since I am new to Cisco config and always dealt with simple routers, what does the IOS consider the "default gateway" as configured on simple routers?
by default the router will route between his interfaces afaik. default-gateway is different.
Command:
ip default-gateway
Mode:
Router(config)#
Syntax:
ip default-gateway ip address
no ip default-gateway ip address
Syntax Description:
ip-address IP address of the router
Command Description:
To define a default gateway (router) when IP routing is disabled, use the ip default-gateway global configuration command. To disable this function, use the no form of this command.
Example:
Router(config)#ip default-gateway 192.31.7.18
Misconceptions:
The ip default-gateway command is often used to try to set the router's default route. This is incorrect. The ip default-gateway setting is only used when ip routing is disabled. This command does not set the router's default route.
Related Commands:
None
Command:
ip default-gateway
Mode:
Router(config)#
Syntax:
ip default-gateway ip address
no ip default-gateway ip address
Syntax Description:
ip-address IP address of the router
Command Description:
To define a default gateway (router) when IP routing is disabled, use the ip default-gateway global configuration command. To disable this function, use the no form of this command.
Example:
Router(config)#ip default-gateway 192.31.7.18
Misconceptions:
The ip default-gateway command is often used to try to set the router's default route. This is incorrect. The ip default-gateway setting is only used when ip routing is disabled. This command does not set the router's default route.
Related Commands:
None
ASKER
So, the default route and next hop address are what? Sorry for asking newbie questions but I am just trying to wrap my head around this
The default route is the IP address of the next hop when no other routes are known. If you have a default route set up all your packets will go that route if they don't have a route to destination.
Command:
ip route
Mode:
Router(config)#
Syntax:
ip route prefix mask {address | interface} [distance] [tag tag] [permanent]
no ip route prefix mask {address | interface} [distance] [tag tag] [permanent]
Syntax Description:
prefix
IP route prefix for the destination
mask
Prefix mask for the destination
address
IP address of the next hop that can be used to reach that network
interface
Network interface to use
distance
(Optional) An administrative distance
tag tag
(Optional) Tag value that can be used as a "match" value for controlling redistribution via route maps
permanent
(Optional) Specifies that the route will not be removed, even if the interface shuts down
Command Description:
To establish static routes, use the ip route global configuration command. To remove static routes, use the no form of this command.
Example:
Router(config)#ip route 10.0.0.0 255.0.0.0 131.108.3.4 110
Misconceptions:
None
Related Commands:
show ip route
Look for ciscopedia v3 on google.
Command:
ip route
Mode:
Router(config)#
Syntax:
ip route prefix mask {address | interface} [distance] [tag tag] [permanent]
no ip route prefix mask {address | interface} [distance] [tag tag] [permanent]
Syntax Description:
prefix
IP route prefix for the destination
mask
Prefix mask for the destination
address
IP address of the next hop that can be used to reach that network
interface
Network interface to use
distance
(Optional) An administrative distance
tag tag
(Optional) Tag value that can be used as a "match" value for controlling redistribution via route maps
permanent
(Optional) Specifies that the route will not be removed, even if the interface shuts down
Command Description:
To establish static routes, use the ip route global configuration command. To remove static routes, use the no form of this command.
Example:
Router(config)#ip route 10.0.0.0 255.0.0.0 131.108.3.4 110
Misconceptions:
None
Related Commands:
show ip route
Look for ciscopedia v3 on google.
Add a default route to your ISP gateway.
If you need to add a default route use
R (config)# ip route 0.0.0.0 0.0.0.0 <next hop ip address / router interface to next hop>
Sorry don't know how to edit posts . :)
R (config)# ip route 0.0.0.0 0.0.0.0 <next hop ip address / router interface to next hop>
Sorry don't know how to edit posts . :)
ASKER
I verified the info from the ISP and I added a NAT pool of the IP addresses. Here is the latest config. I still can't access or ping outside:
!This is the show startup-config output of the router: show startup-config
!------------------------- ---------- ---------- ---------- ---------- ---------- -
Using 2863 out of 196600 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname cc1
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$S7OX$RShss0eLJU17jr.VXL qJg1
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.99
!
ip dhcp pool sdm-pool1
import all
network 10.10.10.0 255.255.255.0
dns-server 65.106.1.196 65.107.7.196
!
!
no ip bootp server
ip name-server 65.106.1.196
ip name-server 65.106.7.196
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
crypto pki trustpoint TP-self-signed-325642744
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi cate-32564 2744
revocation-check none
rsakeypair TP-self-signed-325642744
!
!
crypto pki certificate chain TP-self-signed-325642744
certificate self-signed 01 nvram:IOS-Self-Sig#3401.ce r
username wrkstnmgr privilege 15 secret 5 $1$Ex3O$A.DgHlKYOduPpt.hbe NNJ/
!
!
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$I NTF-INFO-F E 0$$ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $FW_OUTSIDE$$ES_WAN$
ip address 64.50.28.165 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 permanent
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool XO 64.50.28.162 64.50.28.166 netmask 255.255.255.248
ip nat inside source list XO pool XO overload
!
ip access-list extended XO
remark XO
remark SDM_ACL Category=2
remark XO
permit ip any any
!
logging trap debugging
no cdp run
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
end
!This is the show startup-config output of the router: show startup-config
!-------------------------
Using 2863 out of 196600 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname cc1
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$S7OX$RShss0eLJU17jr.VXL
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.99
!
ip dhcp pool sdm-pool1
import all
network 10.10.10.0 255.255.255.0
dns-server 65.106.1.196 65.107.7.196
!
!
no ip bootp server
ip name-server 65.106.1.196
ip name-server 65.106.7.196
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
crypto pki trustpoint TP-self-signed-325642744
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-325642744
!
!
crypto pki certificate chain TP-self-signed-325642744
certificate self-signed 01 nvram:IOS-Self-Sig#3401.ce
username wrkstnmgr privilege 15 secret 5 $1$Ex3O$A.DgHlKYOduPpt.hbe
!
!
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$I
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $FW_OUTSIDE$$ES_WAN$
ip address 64.50.28.165 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 permanent
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool XO 64.50.28.162 64.50.28.166 netmask 255.255.255.248
ip nat inside source list XO pool XO overload
!
ip access-list extended XO
remark XO
remark SDM_ACL Category=2
remark XO
permit ip any any
!
logging trap debugging
no cdp run
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
end
try ping from the router to google.com and google ip. tell me if that's working or not?
ASKER
I was able to ping google.com from the router. It isn't always 100% but most of the time it is. Here is the latest config:
Using 2727 out of 196600 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname cc1
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$S7OX$RShss0eLJU17jr.VXL qJg1
!
no aaa new-model
resource policy
!
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.99
!
ip dhcp pool sdm-pool1
network 10.10.10.0 255.255.255.0
!
!
no ip bootp server
ip name-server 65.106.1.196
ip name-server 65.106.7.196
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
crypto pki trustpoint TP-self-signed-325642744
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi cate-32564 2744
revocation-check none
rsakeypair TP-self-signed-325642744
!
!
crypto pki certificate chain TP-self-signed-325642744
certificate self-signed 01 nvram:IOS-Self-Sig#3401.ce r
username wrkstnmgr privilege 15 secret 5 $1$Ex3O$A.DgHlKYOduPpt.hbe NNJ/
!
!
!
!
!
interface FastEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO- FE 0$$ES_LAN$$FW_INSIDE$$ETH- LAN$
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $FW_OUTSIDE$$ES_WAN$$ETH-W AN$
ip address 64.50.28.165 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 64.50.28.161
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool XO 64.50.28.162 64.50.28.166 netmask 255.255.255.248
!
ip access-list extended XO
remark XO
remark SDM_ACL Category=2
remark XO
permit ip any any
!
logging trap debugging
no cdp run
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
end
Using 2727 out of 196600 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname cc1
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$S7OX$RShss0eLJU17jr.VXL
!
no aaa new-model
resource policy
!
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.99
!
ip dhcp pool sdm-pool1
network 10.10.10.0 255.255.255.0
!
!
no ip bootp server
ip name-server 65.106.1.196
ip name-server 65.106.7.196
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
crypto pki trustpoint TP-self-signed-325642744
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-325642744
!
!
crypto pki certificate chain TP-self-signed-325642744
certificate self-signed 01 nvram:IOS-Self-Sig#3401.ce
username wrkstnmgr privilege 15 secret 5 $1$Ex3O$A.DgHlKYOduPpt.hbe
!
!
!
!
!
interface FastEthernet0/0
description $ETH-SW-LAUNCH$$INTF-INFO-
ip address 10.10.10.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $FW_OUTSIDE$$ES_WAN$$ETH-W
ip address 64.50.28.165 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 64.50.28.161
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool XO 64.50.28.162 64.50.28.166 netmask 255.255.255.248
!
ip access-list extended XO
remark XO
remark SDM_ACL Category=2
remark XO
permit ip any any
!
logging trap debugging
no cdp run
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 4000 1000
end
ASKER
Anyone had an idea of what could be wrong?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
this is what you should do.
Router# conf t
Router (config)# ip dhcp pool sdm-pool1
Router(dhcp-config)# dns-server <ip adress of first dns server> <ip address of second dns server>
Router(dhcp-config)# exit
Router(config)# do wr
That should do the trick. If this is not working try to ping ip address from your local pc.
64.233.167.99 > google.com
let me know if it's working or not.