Solved

Cannot access Internet from behind Cisco 887

Posted on 2010-11-24
3
931 Views
Last Modified: 2012-05-10
I have just purchased an 887 ADSL Router to replace my ageing Netgear and have never setup one of the before. I have a small amount of experience with a PIX-501 firewall.

I followed the start up wizard and entered all the details as I understand them from my ISP. I have a static IP but I set the WAN address type as IP Negotiated as I do not know the IP address and on my old modem I had it set to DHCP and it worked ok.

My provider told me I was conencted but I could not browse. And using the built in interface to ping it timed out and got no responses.

Where should I be looking to rectify this issue?
yourname#show running-config

Building configuration...



Current configuration : 8063 bytes

!

! Last configuration change at 12:35:15 PCTime Thu Nov 25 2010 by cct

! NVRAM config last updated at 12:32:14 PCTime Thu Nov 25 2010 by cisco

!

version 15.0

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname yourname

!

boot-start-marker

boot-end-marker

!

security authentication failure rate 3 log

security passwords min-length 6

logging buffered 51200

logging console critical

enable secret 5 $1$GUhI$szUxF9mjhPtZ.mGKyd3Uy/

!

no aaa new-model

memory-size iomem 10

clock timezone PCTime 10

clock summer-time PCTime date Mar 30 2003 3:00 Oct 26 2003 2:00

!

crypto pki trustpoint TP-self-signed-1036814177

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-1036814177

 revocation-check none

 rsakeypair TP-self-signed-1036814177

!

!

crypto pki certificate chain TP-self-signed-1036814177

 certificate self-signed 01

  3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 31303336 38313431 3737301E 170D3130 31313235 30323238

  30385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30333638

  31343137 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100A331 4BBD09AA D0037B71 80D236A7 31B38AB7 E657B731 749E59A5 F4F99930

  4556C3D6 A36E5F6D 325BF7C6 A2606735 52BCCB59 146AE4DE 97723C72 27619300

  46619B55 6DE005F3 B710CFF1 608E6449 94CE0E4A F80136F7 12EB22D5 BC846958

  023CC029 24C1464B 01244CB6 9871E855 8A01790C 87F36D4E 49AFCDE8 0512255C

  ADA70203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603

  551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D

  301F0603 551D2304 18301680 141F1367 1D5CA2C1 8EF74B11 9E6FB7BD FC772C68

  42301D06 03551D0E 04160414 1F13671D 5CA2C18E F74B119E 6FB7BDFC 772C6842

  300D0609 2A864886 F70D0101 04050003 8181004B 5FEE1B31 3B437648 04BED8CE

  D61AE961 727B0FD9 B81E3F39 8CC9E911 61A448A2 98B586BB C54FBF5B 6D7E8091

  F1F0A494 599CD1F8 8860110F 267052BB 283EA906 88094A11 49117C29 8793E02D

  ECD9F0B7 0D7F5080 CE8C7EC7 ED5F35F4 2A559FDB 5AEF637F 85447398 3F305BC6

  77BBE1E4 29014DEA 24171997 174CE1CF 224C19

        quit

no ip source-route

!

!

ip dhcp excluded-address 10.10.10.1

!

ip dhcp pool ccp-pool1

   import all

   network 10.10.10.0 255.255.255.0

   default-router 10.10.10.1

!

!

ip cef

no ip bootp server

no ip domain lookup

ip domain name yourdomain.com

no ipv6 cef

!

!

license udi pid CISCO887-K9 sn FHK144574YL

!

!

username cct privilege 15 secret 5 $1$XDFZ$JC188p8JVxbEeRy8Rp6re/

!

!

ip tcp synwait-time 10

ip ssh time-out 60

ip ssh authentication-retries 2

!

class-map type inspect match-any SDM_BOOTPC

 match access-group name SDM_BOOTPC

class-map type inspect match-any SDM_DHCP_CLIENT_PT

 match class-map SDM_BOOTPC

class-map type inspect match-any sdm-cls-bootps

 match protocol bootps

class-map type inspect match-any ccp-cls-insp-traffic

 match protocol cuseeme

 match protocol dns

 match protocol ftp

 match protocol h323

 match protocol https

 match protocol icmp

 match protocol imap

 match protocol pop3

 match protocol netshow

 match protocol shell

 match protocol realmedia

 match protocol rtsp

 match protocol smtp

 match protocol sql-net

 match protocol streamworks

 match protocol tftp

 match protocol vdolive

 match protocol tcp

 match protocol udp

class-map type inspect match-all ccp-insp-traffic

 match class-map ccp-cls-insp-traffic

class-map type inspect match-any ccp-cls-icmp-access

 match protocol icmp

class-map type inspect match-all ccp-icmp-access

 match class-map ccp-cls-icmp-access

class-map type inspect match-all ccp-invalid-src

 match access-group 100

class-map type inspect match-all ccp-protocol-http

 match protocol http

!

!

policy-map type inspect ccp-permit-icmpreply

 class type inspect sdm-cls-bootps

  pass

 class type inspect ccp-icmp-access

  inspect

 class class-default

  pass

policy-map type inspect ccp-inspect

 class type inspect ccp-invalid-src

  drop log

 class type inspect ccp-protocol-http

  inspect

 class type inspect ccp-insp-traffic

  inspect

 class class-default

  drop

policy-map type inspect ccp-permit

 class type inspect SDM_DHCP_CLIENT_PT

  pass

 class class-default

  drop

!

zone security out-zone

zone security in-zone

zone-pair security ccp-zp-self-out source self destination out-zone

 service-policy type inspect ccp-permit-icmpreply

zone-pair security ccp-zp-in-out source in-zone destination out-zone

 service-policy type inspect ccp-inspect

zone-pair security ccp-zp-out-self source out-zone destination self

 service-policy type inspect ccp-permit

!

!

!

!

!

!

!

interface BRI0

 no ip address

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip flow ingress

 encapsulation hdlc

 shutdown

 isdn termination multidrop

!

interface ATM0

 no ip address

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip flow ingress

 no atm ilmi-keepalive

!

interface ATM0.1 point-to-point

 description $FW_OUTSIDE$$ES_WAN$

 ip flow ingress

 ip nat outside

 ip virtual-reassembly

 pvc 8/35

  encapsulation aal5mux ppp dialer

  dialer pool-member 1

 !

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Vlan1

 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$

 ip address 10.10.10.1 255.255.255.0

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip flow ingress

 ip nat inside

 ip virtual-reassembly

 zone-member security in-zone

 ip tcp adjust-mss 1452

!

interface Dialer0

 description $FW_OUTSIDE$

 ip address dhcp

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip flow ingress

 zone-member security out-zone

 encapsulation ppp

 dialer pool 1

 dialer-group 1

 ppp authentication chap pap callin

 ppp chap hostname cctas@internode.on.net

 ppp chap password 7 0501015A3B19460B4106

 ppp pap sent-username cctas@internode.on.net password 7 12130242085E04067228

 no cdp enable

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source list 1 interface ATM0.1 overload

!

ip access-list extended SDM_BOOTPC

 remark CCP_ACL Category=0

 permit udp any any eq bootpc

!

logging trap debugging

access-list 1 remark INSIDE_IF=Vlan1

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 10.10.10.0 0.0.0.255

access-list 100 remark CCP_ACL Category=128

access-list 100 permit ip host 255.255.255.255 any

access-list 100 permit ip 127.0.0.0 0.255.255.255 any

dialer-list 1 protocol ip permit

no cdp run



!

!

!

!

!

control-plane

!

banner exec ^C

% Password expiration warning.

-----------------------------------------------------------------------



Cisco Configuration Professional (Cisco CP) is installed on this device

and it provides the default username "cisco" for  one-time use. If you have

already used the username "cisco" to login to the router and your IOS image

supports the "one-time" user option, then this username has already expired.

You will not be able to login to the router with this username after you exit

this session.



It is strongly suggested that you create a new username with a privilege level

of 15 using the following command.



username <myuser> privilege 15 secret 0 <mypassword>



Replace <myuser> and <mypassword> with the username and password you

want to use.



-----------------------------------------------------------------------

^C

banner login ^CAuthorized access only!

 Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

 login local

 no modem enable

 transport output telnet

line aux 0

 login local

 transport output telnet

line vty 0 4

 privilege level 15

 login local

 transport input telnet ssh

!

scheduler max-task-time 5000

scheduler allocate 4000 1000

scheduler interval 500

end

Open in new window

0
Comment
Question by:Rondog_88
  • 2
3 Comments
 
LVL 10

Accepted Solution

by:
Wolfhere earned 500 total points
Comment Utility
Is your DNS dynamic? or static? I do not see any DNS entries. There are no "ip name-server 'address'"
0
 

Author Comment

by:Rondog_88
Comment Utility
DNS is static, I'm using my ISP's DNS. I realised that and have now input that. So I will accept your answer as the solution.

However my NAT isnt working correctly, some entries are working: IE: 80, 25, 443. But 5721 is not and the local IP is correct its functioning. I'm using canyouseeme.org to check.

Any thoughts there?
0
 
LVL 10

Expert Comment

by:Wolfhere
Comment Utility
I think you are on the right track Ron (https://supportforums.cisco.com/message/3234238)
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

In a WLAN, anything you broadcast over the air can be intercepted.  By default a wireless network is wide open to all until security is configured. Even when security is configured information can still be intercepted! It is very important that you …
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now