Link to home
Start Free TrialLog in
Avatar of Rondog_88
Rondog_88Flag for Australia

asked on

Cannot access Internet from behind Cisco 887

I have just purchased an 887 ADSL Router to replace my ageing Netgear and have never setup one of the before. I have a small amount of experience with a PIX-501 firewall.

I followed the start up wizard and entered all the details as I understand them from my ISP. I have a static IP but I set the WAN address type as IP Negotiated as I do not know the IP address and on my old modem I had it set to DHCP and it worked ok.

My provider told me I was conencted but I could not browse. And using the built in interface to ping it timed out and got no responses.

Where should I be looking to rectify this issue?
yourname#show running-config
Building configuration...

Current configuration : 8063 bytes
!
! Last configuration change at 12:35:15 PCTime Thu Nov 25 2010 by cct
! NVRAM config last updated at 12:32:14 PCTime Thu Nov 25 2010 by cisco
!
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$GUhI$szUxF9mjhPtZ.mGKyd3Uy/
!
no aaa new-model
memory-size iomem 10
clock timezone PCTime 10
clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-1036814177
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1036814177
 revocation-check none
 rsakeypair TP-self-signed-1036814177
!
!
crypto pki certificate chain TP-self-signed-1036814177
 certificate self-signed 01
  3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31303336 38313431 3737301E 170D3130 31313235 30323238
  30385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30333638
  31343137 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100A331 4BBD09AA D0037B71 80D236A7 31B38AB7 E657B731 749E59A5 F4F99930
  4556C3D6 A36E5F6D 325BF7C6 A2606735 52BCCB59 146AE4DE 97723C72 27619300
  46619B55 6DE005F3 B710CFF1 608E6449 94CE0E4A F80136F7 12EB22D5 BC846958
  023CC029 24C1464B 01244CB6 9871E855 8A01790C 87F36D4E 49AFCDE8 0512255C
  ADA70203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
  551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
  301F0603 551D2304 18301680 141F1367 1D5CA2C1 8EF74B11 9E6FB7BD FC772C68
  42301D06 03551D0E 04160414 1F13671D 5CA2C18E F74B119E 6FB7BDFC 772C6842
  300D0609 2A864886 F70D0101 04050003 8181004B 5FEE1B31 3B437648 04BED8CE
  D61AE961 727B0FD9 B81E3F39 8CC9E911 61A448A2 98B586BB C54FBF5B 6D7E8091
  F1F0A494 599CD1F8 8860110F 267052BB 283EA906 88094A11 49117C29 8793E02D
  ECD9F0B7 0D7F5080 CE8C7EC7 ED5F35F4 2A559FDB 5AEF637F 85447398 3F305BC6
  77BBE1E4 29014DEA 24171997 174CE1CF 224C19
        quit
no ip source-route
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool1
   import all
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
!
!
ip cef
no ip bootp server
no ip domain lookup
ip domain name yourdomain.com
no ipv6 cef
!
!
license udi pid CISCO887-K9 sn FHK144574YL
!
!
username cct privilege 15 secret 5 $1$XDFZ$JC188p8JVxbEeRy8Rp6re/
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
class-map type inspect match-any SDM_BOOTPC
 match access-group name SDM_BOOTPC
class-map type inspect match-any SDM_DHCP_CLIENT_PT
 match class-map SDM_BOOTPC
class-map type inspect match-any sdm-cls-bootps
 match protocol bootps
class-map type inspect match-any ccp-cls-insp-traffic
 match protocol cuseeme
 match protocol dns
 match protocol ftp
 match protocol h323
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol netshow
 match protocol shell
 match protocol realmedia
 match protocol rtsp
 match protocol smtp
 match protocol sql-net
 match protocol streamworks
 match protocol tftp
 match protocol vdolive
 match protocol tcp
 match protocol udp
class-map type inspect match-all ccp-insp-traffic
 match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-cls-icmp-access
 match protocol icmp
class-map type inspect match-all ccp-icmp-access
 match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-invalid-src
 match access-group 100
class-map type inspect match-all ccp-protocol-http
 match protocol http
!
!
policy-map type inspect ccp-permit-icmpreply
 class type inspect sdm-cls-bootps
  pass
 class type inspect ccp-icmp-access
  inspect
 class class-default
  pass
policy-map type inspect ccp-inspect
 class type inspect ccp-invalid-src
  drop log
 class type inspect ccp-protocol-http
  inspect
 class type inspect ccp-insp-traffic
  inspect
 class class-default
  drop
policy-map type inspect ccp-permit
 class type inspect SDM_DHCP_CLIENT_PT
  pass
 class class-default
  drop
!
zone security out-zone
zone security in-zone
zone-pair security ccp-zp-self-out source self destination out-zone
 service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
 service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
 service-policy type inspect ccp-permit
!
!
!
!
!
!
!
interface BRI0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 encapsulation hdlc
 shutdown
 isdn termination multidrop
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
 description $FW_OUTSIDE$$ES_WAN$
 ip flow ingress
 ip nat outside
 ip virtual-reassembly
 pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 10.10.10.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
 zone-member security in-zone
 ip tcp adjust-mss 1452
!
interface Dialer0
 description $FW_OUTSIDE$
 ip address dhcp
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 zone-member security out-zone
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname cctas@internode.on.net
 ppp chap password 7 0501015A3B19460B4106
 ppp pap sent-username cctas@internode.on.net password 7 12130242085E04067228
 no cdp enable
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface ATM0.1 overload
!
ip access-list extended SDM_BOOTPC
 remark CCP_ACL Category=0
 permit udp any any eq bootpc
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
dialer-list 1 protocol ip permit
no cdp run

!
!
!
!
!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 no modem enable
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of Wolfhere
Wolfhere
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Rondog_88
Rondog_88
Flag of Australia image

ASKER

DNS is static, I'm using my ISP's DNS. I realised that and have now input that. So I will accept your answer as the solution.

However my NAT isnt working correctly, some entries are working: IE: 80, 25, 443. But 5721 is not and the local IP is correct its functioning. I'm using canyouseeme.org to check.

Any thoughts there?
Avatar of Wolfhere
Wolfhere
Flag of United States of America image
I think you are on the right track Ron (https://supportforums.cisco.com/message/3234238)