ADSL Router Config

[thaboloko]

Hi,

I'm trying to configure a Cisco 877 Router (No Wireless). After set it up via SDM Express, the only thing that I was able to do, is to ping any external website, but if I try to use the Internet Explorer, it doesnt show anything

I was reviewing in other websites that this situation could be happening due a MTU-MSS configuration. I guess I tried every MTU MSS value suggested without good results.

I have not configured any rule for filtering (Firewall).

Also Here is the running-config file, any suggestion is Welcome! Thanks!!:

Current configuration : 4480 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname EPSPRODIGY
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 xxxxxxxxxxxxxxxxx
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
ip subnet-zero
no ip source-route
ip cef
!
!
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name na.enpad.org
ip name-server 200.33.148.209
ip name-server 200.33.148.217
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-1873719710
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1873719710
revocation-check none
rsakeypair TP-self-signed-1873719710
!
!
crypto pki certificate chain TP-self-signed-1873719710
certificate self-signed 01
xxxxxxxxx xxxxxxxxx
quit
username administrator privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxx
!
!
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 155.139.1.23 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxxxxxxxx
ppp chap password 7 xxxxxxxxxxxxx
ppp pap sent-username xxxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxx
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 155.139.1.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

 

[helpdeskdan]

Assuming it's not a simple DNS problem... can you telnet to port 80 from the 877?

 

[thaboloko]

Yes I Can, and even I can telnet any webpage with the domain name (telnet

http://www.google.com

80) but only inside of the 877, and... if I try to do the same thing on a client computer, it doesnt work. I got the ISP DNS Servers, if I set them on the TCP/IP configuration of the Clients PCs, it works, but if I try to set the 877 as the DNS Server on the PC's, there's no response. what should I do, if I want to operate my 877 as a DNS server? Thanks. Gustavo.

 

[helpdeskdan]

Do you have the correct gateway set on your PC's? What does their configuration look like? Why do you have an inside nat address of 155.139.1.23/24? That's an odd number. I guess it works, but you will have to set it as the gateway.

 

[FaiTHLeSS]

Im not 100% sure but i dont think that 877 supports dns forwarding/relaying someone else might be able to comfirm this.

So you have a couple options, setup an internal dns server for your clients and get that to serve all dns requests with forwarders set on that.

On the DHCP scope options put your ISP dns servers instead of your router.

 

[3wsparky]

forget dns if you can ping -l

http://www.google.co.uk

look at the ip address should be a google site not local router ip

once this is obtained you could enter the ip into ie and see if the google page loads if so its a dns error else its a acl issue i would think.

 

[thaboloko]

Thanks to you all for your replies.

The TCP/IP conf of the client PCs looks like this one:

IP ADDRESS: 155.139.1.X
SUBNET MASK: 255.255.255.0
DEFAULT GW: 155.139.1.23

PRI DNS SERVER: 155.139.1.23 (IT DOESN'T WORK)
PRI DNS SERVER: 155.177.254.253 (IT WORKS, DUE IT IS AN INTERNAL DNS SERVER, ALSO I ADDED STATIC ROUTES TO POINT TO THE DNS SERVER NETWORK, AND IT'S WORKING)

the reason of the odd ip address is because I'm inside of a corporate network, and the 155.139.1.0 range was assigned to my location.

The main purpose if this router is to provide VPN access to people connected outside of the facility through an ADSL Line, but first I would like to configure this router as a gateway and DNS Server, in case I would like to provide this connection as a backup Internet Line.

Probably FaithLess is right, this 877 doesn't support DNS forwarding... =(

Thanks 3wsparky, I will check the ACL Rules.

and about the VPN connection... I configured already this part; IPSec Shared Key, VPN Group, etc. But what about my clients? Could they use the Microsoft VPN Client, or should I buy the Easy VPN Client from Cisco? Thanks Again, Gustavo.

 

[3wsparky]

out of intrest is this a standard adsl with web access or an ip stream service where you have a private cloud within an isp that links back to a main office ?
the setups will give very different results and one of the symptoms of you being able to ping but not browse the web would indicate u have an ip stream setup