Cisco 871W cannot access Internet 1

[hughng]

Hello,
Thank you for your help. I tried to setup my 871w router but could not get it to access anything outside my private network. I can use SDM ping function in the tool and ping external address but all the PC connected to the router can not access the Internet. Attached is my router running-config. The register is set at 0x2102. I also tried to setup the network with no wireless just VLAN1 with 4 Fastenthernet0-3 and nat to the dhcp pool. And again, no outside access. Please let me know what I did wrong. I will post the strip down version of running config when I get home today.
Thank you.


-----------------
!This is the running config of the router: 192.168.5.1
!----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname cisco871
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging message-counter syslog
logging buffered 51200
logging console critical
enable secret 5 $1$wOJB$2ClSWExyf0ewU9wp2As3W1
enable password 7 0829435B1A0D0A19
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
!
aaa session-id common
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-1931155717
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1931155717
revocation-check none
rsakeypair TP-self-signed-1931155717
!
!
crypto pki certificate chain TP-self-signed-1931155717
certificate self-signed 01
30820240 308201A9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31393331 31353537 3137301E 170D3038 30373034 32333139
30315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 39333131
35353731 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
81008E9B 491FEE05 E8478B80 F485274F 5563B53F 7AA2E30C 1F91A810 E5498013
11143E2A B3F2B0BB 89594814 89053A73 C4C02CA7 96C51142 34923197 110C32C8
9E14B2D7 4C8FCE47 640220D2 305DBC60 84023021 EA162D6F 4762F46C 298A7BF3
B4A5F100 E4B8C1F3 C77CA5EF B20C6A86 B4B9E261 32B58735 5C7D6AD3 89F76A3C
32F70203 010001A3 68306630 0F060355 1D130101 FF040530 030101FF 30130603
551D1104 0C300A82 08636973 636F3837 31301F06 03551D23 04183016 8014ADDB
3E380F5B 40429DB3 CA847B4F C8A65DC9 7C4A301D 0603551D 0E041604 14ADDB3E
380F5B40 429DB3CA 847B4FC8 A65DC97C 4A300D06 092A8648 86F70D01 01040500
03818100 8D1175D5 7A9A9A75 AB8B56D5 12B4B15E E944F711 830F6A5C 4ABEFFC6
54048178 88E9EBD8 F058836E CDBF3F90 CE67295B 13358D90 9276D9D2 24DB1F5B
0A5D3D44 5796B545 13D8AF1D DEFD6F17 39E2FD39 4246678F 8DB25679 3A2A36CE
BA8881FC C24A861A 838BB76D 37E13FAB A9FD149A 469E237C C306B1EA 8FDAF9ED 8148800E
quit
dot11 syslog
!
dot11 ssid GuestWLAN
vlan 20
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 011213174F02081B24544F1A
!
dot11 ssid homessid
vlan 10
authentication open
authentication key-management wpa
wpa-psk ascii 7 091D1A50495404060A07012E3B28293A3B31
!
no ip source-route
!
!
ip dhcp excluded-address 192.168.5.1 192.168.5.240
ip dhcp excluded-address 192.168.50.1 192.168.50.100
!
ip dhcp pool VLAN10
import all
network 192.168.5.0 255.255.255.0
default-router 192.168.5.1
domain-name YouDomain.com
lease 4
!
ip dhcp pool VLAN20
import all
network 192.168.50.0 255.255.255.0
default-router 192.168.50.1
domain-name YouDomain.com
lease 4
!
!
ip cef
no ip bootp server
ip domain name YouDomain.com
ip name-server 24.93.41.127
ip name-server 24.93.41.128
ip port-map user-protocol--1 port tcp 2100
!
no ipv6 cef
multilink bundle-name authenticated
!
parameter-map type protocol-info msn-servers
server name messenger.hotmail.com
server name gateway.messenger.hotmail.com
server name webmessenger.msn.com

parameter-map type protocol-info aol-servers
server name login.oscar.aol.com
server name toc.oscar.aol.com
server name oam-d09a.blue.aol.com

parameter-map type protocol-info yahoo-servers
server name scs.msg.yahoo.com
server name scsa.msg.yahoo.com
server name scsb.msg.yahoo.com
server name scsc.msg.yahoo.com
server name scsd.msg.yahoo.com
server name cs16.msg.dcn.yahoo.com
server name cs19.msg.dcn.yahoo.com
server name cs42.msg.dcn.yahoo.com
server name cs53.msg.dcn.yahoo.com
server name cs54.msg.dcn.yahoo.com
server name ads1.vip.scd.yahoo.com
server name radio1.launch.vip.dal.yahoo.com
server name in1.msg.vip.re2.yahoo.com
server name data1.my.vip.sc5.yahoo.com
server name address1.pim.vip.mud.yahoo.com
server name edit.messenger.yahoo.com
server name messenger.yahoo.com
server name http.pager.yahoo.com
server name privacy.yahoo.com
server name csa.yahoo.com
server name csb.yahoo.com
server name csc.yahoo.com

!
!
username xxxxx privilege 15 password 7 12181004060202
username xxxxxxxx privilege 5 secret 5 $1$/ErM$sqrL/WzYuP/DUYRePwO8p1
username yyyyyyy privilege 3 secret 5 $1$Hg65$qinDIn4Xs8ZXu97BhvROU1
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group xxxxxxxx
key vpnkey1
pool SDM_POOL_1
max-users 5
!
crypto isakmp client configuration group yyyyyyy
key vpnkey2
pool SDM_POOL_2
max-users 5
crypto isakmp profile sdm-ike-profile-1
match identity group xxxxxxxx
match identity group yyyyyyy
client authentication list sdm_vpn_xauth_ml_1
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile SDM_Profile1
set security-association idle-time 18000
set transform-set ESP-3DES-SHA
set isakmp-profile sdm-ike-profile-1
!
!
crypto ctcp port 10000
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
class-map type inspect match-all sdm-nat-http-1
match access-group 101
match protocol http
class-map type inspect match-all sdm-nat-user-protocol--1-1
match access-group 102
match protocol user-protocol--1
class-map type inspect match-any SDM_AH
match access-group name SDM_AH
class-map type inspect imap match-any sdm-app-imap
match invalid-command
class-map type inspect match-any sdm-cls-protocol-p2p
match protocol edonkey signature
match protocol gnutella signature
match protocol kazaa2 signature
match protocol fasttrack signature
match protocol bittorrent signature
class-map type inspect match-any sdm-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol h323
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp extended
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all sdm-insp-traffic
match class-map sdm-cls-insp-traffic
class-map type inspect gnutella match-any sdm-app-gnutella
match file-transfer
class-map type inspect match-any SDM-Voice-permit
match protocol h323
match protocol skinny
match protocol sip
class-map type inspect match-any SDM_IP
match access-group name SDM_IP
class-map type inspect match-any SDM_ESP
match access-group name SDM_ESP
class-map type inspect match-any SDM_EASY_VPN_SERVER_TRAFFIC
match protocol isakmp
match protocol ipsec-msft
match class-map SDM_AH
match class-map SDM_ESP
class-map type inspect match-all SDM_EASY_VPN_SERVER_PT
match class-map SDM_EASY_VPN_SERVER_TRAFFIC
class-map type inspect ymsgr match-any sdm-app-yahoo-otherservices
match service any
class-map type inspect msnmsgr match-any sdm-app-msn-otherservices
match service any
class-map type inspect match-all sdm-protocol-pop3
match protocol pop3
class-map type inspect match-any sdm-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any sdm-cls-protocol-im
match protocol ymsgr yahoo-servers
match protocol msnmsgr msn-servers
match protocol aol aol-servers
class-map type inspect aol match-any sdm-app-aol-otherservices
match service any
class-map type inspect pop3 match-any sdm-app-pop3
match invalid-command
class-map type inspect kazaa2 match-any sdm-app-kazaa2
match file-transfer
class-map type inspect match-all sdm-protocol-p2p
match class-map sdm-cls-protocol-p2p
class-map type inspect http match-any sdm-http-blockparam
match request port-misuse im
match request port-misuse p2p
match req-resp protocol-violation
class-map type inspect match-all sdm-protocol-im
match class-map sdm-cls-protocol-im
class-map type inspect match-all sdm-invalid-src
match access-group 100
class-map type inspect match-all sdm-icmp-access
match class-map sdm-cls-icmp-access
class-map type inspect ymsgr match-any sdm-app-yahoo
match service text-chat
class-map type inspect msnmsgr match-any sdm-app-msn
match service text-chat
class-map type inspect edonkey match-any sdm-app-edonkey
match file-transfer
match text-chat
match search-file-name
class-map type inspect http match-any sdm-app-httpmethods
match request method bcopy
match request method bdelete
match request method bmove
match request method bpropfind
match request method bproppatch
match request method connect
match request method copy
match request method delete
match request method edit
match request method getattribute
match request method getattributenames
match request method getproperties
match request method index
match request method lock
match request method mkcol
match request method mkdir
match request method move
match request method notify
match request method options
match request method poll
match request method propfind
match request method proppatch
match request method put
match request method revadd
match request method revlabel
match request method revlog
match request method revnum
match request method save
match request method search
match request method setattribute
match request method startrev
match request method stoprev
match request method subscribe
match request method trace
match request method unedit
match request method unlock
match request method unsubscribe
class-map type inspect edonkey match-any sdm-app-edonkeychat
match search-file-name
match text-chat
class-map type inspect http match-any sdm-http-allowparam
match request port-misuse tunneling
class-map type inspect fasttrack match-any sdm-app-fasttrack
match file-transfer
class-map type inspect match-all sdm-protocol-http
match protocol http
class-map type inspect edonkey match-any sdm-app-edonkeydownload
match file-transfer
class-map type inspect match-all sdm-protocol-imap
match protocol imap
class-map type inspect aol match-any sdm-app-aol
match service text-chat
!
!
policy-map type inspect sdm-permit-icmpreply
class type inspect sdm-icmp-access
inspect
class class-default
pass
policy-map type inspect p2p sdm-action-app-p2p
class type inspect edonkey sdm-app-edonkeychat
log
allow
class type inspect edonkey sdm-app-edonkeydownload
log
allow
class type inspect fasttrack sdm-app-fasttrack
log
allow
class type inspect gnutella sdm-app-gnutella
log
allow
class type inspect kazaa2 sdm-app-kazaa2
log
allow
policy-map type inspect sdm-pol-NATOutsideToInside-1
class type inspect sdm-nat-http-1
inspect
class type inspect sdm-nat-user-protocol--1-1
inspect
class class-default
drop
policy-map type inspect http sdm-action-app-http
class type inspect http sdm-http-blockparam
log
reset
class type inspect http sdm-app-httpmethods
log
reset
class type inspect http sdm-http-allowparam
log
allow
policy-map type inspect imap sdm-action-imap
class type inspect imap sdm-app-imap
log
policy-map type inspect pop3 sdm-action-pop3
class type inspect pop3 sdm-app-pop3
log
policy-map type inspect im sdm-action-app-im
class type inspect aol sdm-app-aol
log
allow
class type inspect msnmsgr sdm-app-msn
log
allow
class type inspect ymsgr sdm-app-yahoo
log
allow
class type inspect aol sdm-app-aol-otherservices
log
reset
class type inspect msnmsgr sdm-app-msn-otherservices
log
reset
class type inspect ymsgr sdm-app-yahoo-otherservices
log
reset
policy-map type inspect sdm-inspect
class type inspect sdm-invalid-src
drop log
class type inspect sdm-protocol-http
inspect
service-policy http sdm-action-app-http
class type inspect sdm-protocol-imap
inspect
service-policy imap sdm-action-imap
class type inspect sdm-protocol-pop3
inspect
service-policy pop3 sdm-action-pop3
class type inspect sdm-protocol-p2p
inspect
service-policy p2p sdm-action-app-p2p
class type inspect sdm-protocol-im
inspect
service-policy im sdm-action-app-im
class type inspect sdm-insp-traffic
inspect
class type inspect SDM-Voice-permit
inspect
class class-default
pass
policy-map type inspect sdm-permit
class type inspect SDM_EASY_VPN_SERVER_PT
pass
class class-default
policy-map type inspect sdm-permit-ip
class type inspect SDM_IP
pass
class class-default
drop log
!
zone security ezvpn-zone
zone security out-zone
zone security in-zone
zone-pair security sdm-zp-in-ezvpn1 source in-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-out-ezpn1 source out-zone destination ezvpn-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-ezvpn-out1 source ezvpn-zone destination out-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-self-out source self destination out-zone
service-policy type inspect sdm-permit-icmpreply
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
service-policy type inspect sdm-pol-NATOutsideToInside-1
zone-pair security sdm-zp-ezvpn-in1 source ezvpn-zone destination in-zone
service-policy type inspect sdm-permit-ip
zone-pair security sdm-zp-out-self source out-zone destination self
zone-pair security sdm-zp-in-out source in-zone destination out-zone
service-policy type inspect sdm-inspect
!
bridge irb
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet1
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet2
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet3
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet4
description $ETH-WAN$$FW_OUTSIDE$
ip address dhcp client-id FastEthernet4
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
zone-member security out-zone
duplex auto
speed auto
!
interface Virtual-Template1 type tunnel
description $FW_INSIDE$
ip unnumbered FastEthernet4
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
zone-member security ezvpn-zone
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
no dot11 extension aironet
!
encryption vlan 10 mode ciphers tkip
!
encryption vlan 20 mode ciphers tkip
!
ssid GuestWLAN
!
ssid homessid
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2412
station-role root
no cdp enable
!
interface Dot11Radio0.10
encapsulation dot1Q 10
ip flow ingress
bridge-group 10
bridge-group 10 subscriber-loop-control
bridge-group 10 spanning-disabled
bridge-group 10 block-unknown-source
no bridge-group 10 source-learning
no bridge-group 10 unicast-flooding
!
interface Dot11Radio0.20
encapsulation dot1Q 20
ip flow ingress
bridge-group 20
bridge-group 20 subscriber-loop-control
bridge-group 20 spanning-disabled
bridge-group 20 block-unknown-source
no bridge-group 20 source-learning
no bridge-group 20 unicast-flooding
!
interface Vlan1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Vlan10
description Internal Network
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 10
bridge-group 10 spanning-disabled
!
interface Vlan20
description Guest Network
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 20
bridge-group 20 spanning-disabled
!
interface BVI20
description Bridge to Guest Network$FW_INSIDE$
ip address 192.168.50.1 255.255.255.0
ip access-group Guest-ACL in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
zone-member security in-zone
!
interface BVI10
description Bridge to Internal Network$FW_INSIDE$
ip address 192.168.5.1 255.255.255.0
ip access-group 103 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
zone-member security in-zone
!
ip local pool SDM_POOL_2 192.168.10.1 192.168.10.50
ip local pool SDM_POOL_1 192.168.6.1 192.168.6.100
ip forward-protocol nd
ip http server
ip http access-class 4
ip http secure-server
!
!
ip nat pool yyyyvpn 192.168.10.1 192.168.10.50 netmask 255.255.255.0
ip nat pool xxxxvpn 192.168.6.1 192.168.6.100 netmask 255.255.255.0
ip nat inside source list 2 interface FastEthernet4 overload
ip nat inside source list 3 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.5.155 80 interface FastEthernet4 80
ip nat inside source static tcp 192.168.5.240 2100 interface FastEthernet4 2100
ip nat inside source list vpnconnection interface FastEthernet4 overload
!
ip access-list standard vpnconnection
remark VPN Connection
remark SDM_ACL Category=2
permit 192.168.6.0 0.0.0.255
permit 192.168.10.0 0.0.0.255
!
ip access-list extended Guest-ACL
deny ip any 192.168.5.0 0.0.0.255
permit ip any any
ip access-list extended SDM_AH
remark SDM_ACL Category=1
permit ahp any any
ip access-list extended SDM_ESP
remark SDM_ACL Category=1
permit esp any any
ip access-list extended SDM_IP
remark SDM_ACL Category=1
permit ip any any
!
logging trap debugging
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 1 permit 192.168.50.0 0.0.0.255
access-list 2 remark SDM_ACL Category=2
access-list 2 permit 192.168.5.0 0.0.0.255
access-list 3 remark SDM_ACL Category=2
access-list 3 permit 192.168.50.0 0.0.0.255
access-list 4 remark Auto generated by SDM Management Access feature
access-list 4 remark SDM_ACL Category=1
access-list 4 permit 192.168.6.0 0.0.0.255
access-list 4 permit 192.168.5.0 0.0.0.255
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip 192.168.50.0 0.0.0.255 any
access-list 100 permit ip 192.168.5.0 0.0.0.255 any
access-list 101 remark SDM_ACL Category=0
access-list 101 permit ip any host 192.168.5.155
access-list 102 remark SDM_ACL Category=0
access-list 102 permit ip any host 192.168.5.240
access-list 103 remark Auto generated by SDM Management Access feature
access-list 103 remark SDM_ACL Category=1
access-list 103 permit tcp 192.168.6.0 0.0.0.255 host 192.168.5.1 eq telnet
access-list 103 permit tcp 192.168.5.0 0.0.0.255 host 192.168.5.1 eq telnet
access-list 103 permit tcp 192.168.6.0 0.0.0.255 host 192.168.5.1 eq 22
access-list 103 permit tcp 192.168.5.0 0.0.0.255 host 192.168.5.1 eq 22
access-list 103 permit tcp 192.168.6.0 0.0.0.255 host 192.168.5.1 eq www
access-list 103 permit tcp 192.168.5.0 0.0.0.255 host 192.168.5.1 eq www
access-list 103 permit tcp 192.168.6.0 0.0.0.255 host 192.168.5.1 eq 443
access-list 103 permit tcp 192.168.5.0 0.0.0.255 host 192.168.5.1 eq 443
access-list 103 permit tcp 192.168.6.0 0.0.0.255 host 192.168.5.1 eq cmd
access-list 103 permit tcp 192.168.5.0 0.0.0.255 host 192.168.5.1 eq cmd
access-list 103 permit udp 192.168.6.0 0.0.0.255 host 192.168.5.1 eq snmp
access-list 103 permit udp 192.168.5.0 0.0.0.255 host 192.168.5.1 eq snmp
access-list 103 deny tcp any host 192.168.5.1 eq telnet
access-list 103 deny tcp any host 192.168.5.1 eq 22
access-list 103 deny tcp any host 192.168.5.1 eq www
access-list 103 deny tcp any host 192.168.5.1 eq 443
access-list 103 deny tcp any host 192.168.5.1 eq cmd
access-list 103 deny udp any host 192.168.5.1 eq snmp
access-list 103 permit ip any any
access-list 104 remark Auto generated by SDM Management Access feature
access-list 104 remark SDM_ACL Category=1
access-list 104 permit ip 192.168.6.0 0.0.0.255 any
access-list 104 permit ip 192.168.5.0 0.0.0.255 any
no cdp run

!
!
!
!
!
control-plane
!
bridge 10 route ip
bridge 20 route ip
banner login ^CPersonal system. Please do not enter.^C
!
line con 0
password 7 15131E1F102325
no modem enable
transport output telnet
line aux 0
transport output telnet
line vty 0 4
access-class 104 in
password 7 130402011F050A
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
===============================

 

[Alterac]

Your missing your default route

ip route 0.0.0.0 0.0.0.0 FastEthernet4

or use your ISP's default gateway, or the DHCP as the next hop.

----------------------------------
Bill

 

[hughng]

Hi Bill,
Thank you for the reply. I will give it a shot.

 

[CAPPBC]

Hey Bill or anyone who can give help. I setup the router with SDM Express. Since I cannot configure the ISP Gateway through the GUI, I tried through Telnet. I get to the part where I can configure the ip route so I enter

ip route xxx.xxx.xxx.xxx FastEthernet4

When I hit enter, it states invalid marker at the beginning of FastEthernet4.

What am I doing wrong?

 

[brianinms]

It should be ...

ip route 0.0.0.0 0.0.0.0 Fa4

 

[CAPPBC]

Thank you Brian...After I input the command, I get an inconsistent address and mask...I read other posts and it states that it is an error check/validation that Cisco added. Posts show to enter:

ip route 192.168.1.0 255.255.255.0 fa4

I want to specify my ISP Gateway.

I tried this:

ip route 12.51.147.0 255.255.255.248 fa4

It validated fine but I cannot ping the gateway or any website. (My DNS servers are setup adn correct.)

The gateway address my ISP supplied is:

Gateway: 12.51.147.217
Mask: 255.255.255.248

Was that the proper command to input?

Thank you

 

[travis06]

You have DHCP defined in your FE4 Interface, thus, you must route to DHCP, not the IP your provider is handing off. If your provider is handing off DHCP, keep FE4 DHCP. You only use a static IP if the ISP provided you with an IP block assignment.

Insert your default route as:

ip route 0.0.0.0 0.0.0.0 dhcp

That should fix it!

-Travis

 

[CAPPBC]

I inputed the ISP Gateway and it works but at a crawl.

If I input that command (ip route 0.0.0.0 0.0.0.0 dhcp
), it states invalid hop address, it's this router.

I have connectivity now but madly slow. MTU size is 1500 and firewall off.

What could be the issue?

 

[F1lby]

See this URL - it may shed some light on getting your router working properly. I wrote this some months ago to help a friend out who couldn't get his Cisco box working.

http://philstechstuff.blogspot.com/2008/03/cisco-adsl-router-getting-it-to-work.html

This getting an ADSL router working so it's not quite the same.

I'm no great fan of SDM - I've never got any Cisco device configured properly with it.
It's a good monitoring tool - but that's about it IMHO.

Your config could be simplified. I'd erase and start again with a very simple config. Sometimes you can't see the wood for the trees.

Good luck

Phil B

 

[travis06]

SDM can be a useless piece of software. Don't let it setup your router without looking at the configurations that are being sent to the router.

I agree with the above post, delete your config and start over. To keep it simple, dont use zone based policies. Simple simple, add all the fancy features later.

Tip: You should only use SDM to "estimate" commands. In the preferences, tick the checkbox that forces SDM to show you the commands before commiting them to the router. This way you can review what you're configuring from the GUI to what is actually going in to the router command line. Then copy and paste those commands to the router.

Example... Modifying Access Lists, if you know how to do it from cli, SDM is a joke, not only in the way it displays, but in the way it commits the ACL to the router. Huge mistake I made in the beginning of time... Modifying an ACL on a live router with SDM. SDM deletes your entire ACL and reconfigures it if you change just one line. This closes all active connections and angers everyone on the internal network !!

 

[CAPPBC]

F1lby

Thnak you for the link. Issue was that I did not correctly set the NAT. The guide showed me the proper commands to use.

Thanks,

 

[F1lby]

I'm glad you found it useful.

I wrote the this document about 3 years ago as a reminder to myself and recently blogged it to hopefully help others.

Good luck with Cisco. It's fine equipment... just not very intuitive!!

Best Regards

 

[CAPPBC]

It is great equipment. AT&T supplied a 2800 series csu/dsu which connects to my 871W. The 871w feeds catalyst 2960 switches. The network is fully powered by Cisco. Big difference from netgear, smc, trendnet, devices.

Once again thank you!