Cisco 1811 Ping fails, cannot access the internet

skinazi

Junior Member
Dec 29, 2009
4
0
0
I just purchased a Cisco 1811. It was set for factory default. Logged in and set it up with the SDM, following the “Basic Router Configuration using SDM” document from Cisco (doc ID: 71305).
After I completed the setup and run the Ping test, I got the following error:
“To test connectivity, SDM tries to ping the configured DNS servers. However, there is no configured route to any of the DNS servers through the selected interface.”
The recommended action is: “Select 'User-specified' option or add a 'host specific/network specific/default' route through this interface and retest connection. “
As far as I can tell the interface/routing is defined in the routing setup. I can ping the router from outside, but unable to access the web from the router.
The config file is attached:


!version 12.4
no service pad
hostname foobar
no aaa new-model
no ip source-route
ip domain name foobar.com
ip name-server 10.0.0.87
ip name-server 12.127.17.71
interface FastEthernet0
description $ETH-LAN$
ip address 63.81.34.55 255.255.255.192
ip mask-reply
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
interface FastEthernet1
no ip address
interface FastEthernet2
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$
ip address 10.0.0.111 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
router rip
passive-interface FastEthernet1
passive-interface Async1
network 10.0.0.0
no auto-summary
ip route 10.0.0.0 255.255.255.0 63.81.34.1
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface FastEthernet0 overload
 

drebo

Diamond Member
Feb 24, 2006
7,034
1
81
Unless the config you pasted is incomplete, you're missing a few things:

The source list for your NAT doesn't seem to be listed.

Also, what the error says is exactly right: you don't have a route to the network on which 12.127.17.71 resides. The one route that you do have doesn't make too much sense, anyway...10.0.0.0/24 is a connected network and thus does not need a route...particularly since the specified gateway is not on a connected network anyway.

I'd advise, at the very least, to paste your entire configuration, excluding nothing, but obfuscating passwords.
 

Cooky

Golden Member
Apr 2, 2002
1,408
0
76
Drebo is correct that your NAT config seems to be incomplete.
You're also missing a default route.
Need to specify it:
ip route 0.0.0.0 0.0.0.0 Defaut_Gateway_IP

If your ISP assigns the WAN IP via DHCP, you'll need to configure dhcp under interface, and import all options, which will include your DNS.
 

Pantlegz

Diamond Member
Jun 6, 2007
4,627
4
81
Drebo is correct that your NAT config seems to be incomplete.
You're also missing a default route.
Need to specify it:
ip route 0.0.0.0 0.0.0.0 Defaut_Gateway_IP

If your ISP assigns the WAN IP via DHCP, you'll need to configure dhcp under interface, and import all options, which will include your DNS.

setting DHCP on the outside interface would only have it serve IP's not set it up to receive IP's. I think if you leave no IP address it should send out the request and your ISP will respond, but I could be wrong there.. but the default route part is correct.

And your issue as some one else said, is that you're missing the NAT rule.
 

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
setting DHCP on the outside interface would only have it serve IP's not set it up to receive IP's. I think if you leave no IP address it should send out the request and your ISP will respond, but I could be wrong there.. but the default route part is correct.

And your issue as some one else said, is that you're missing the NAT rule.

If you set an interface as DHCP correctly it will take the default gateway and add it to the routing table. I think you may need to add a command similar to "ip default-route dhcp" to make this happen. Don't know, don't deal with this aspect of IOS. Remember default routes have special treatment.

There is a whole lot missing to that config. Might be best to just start over.
 

skinazi

Junior Member
Dec 29, 2009
4
0
0
Gents,

First of all thanks for your help.

Let me address the issues one by one

#1 missing ip route 0.0.0.0 0.0.0.0 Defaut_Gateway_IP , I fixed it, the mask was incorrect (ip route 10.0.0.0 255.255.255.0 63.81.34.1)

I have a fix IP address (so no DHCP issues exist), and the GW is 63.81.34.1

after the above change the PING works.

Not sure I clearly understand your remark about the missing NAT .
Currently I have an internal network 10.0.0.0, there are a few servers and PC's and the usual staff ..... All traffic should go to the gateway.
(I will set up the dynamic NAT later, to access the servers that need to be accessed from outside).

here is the current config:

version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
hostname router
boot-start-marker
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret
no aaa new-model
resource policy
clock timezone PCTime -8
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no ip source-route
ip cef
ip tcp synwait-time 10
no ip bootp server
ip domain name kinemo.com
ip name-server 10.0.0.87
ip name-server 12.127.17.71
ip ssh time-out 60
ip ssh authentication-retries 2
crypto pki trustpoint TP-self-signed-317560032
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-317560032
revocation-check none
rsakeypair TP-self-signed-317560032
crypto pki certificate chain TP-self-signed-317560032
certificate self-signed 01
AEF00E8F 2F677C98 3E30D87B 0029B431 61022330
9FD61665 1CC42122 D502DD85 4834C9DB 73
quit
username cisco privilege 15 secret 5
interface FastEthernet0
description $ETH-LAN$
ip address 63.81.34.55 255.255.255.192
ip mask-reply
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
interface FastEthernet1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
duplex auto
speed auto
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
interface FastEthernet5
interface FastEthernet6
interface FastEthernet7
interface FastEthernet8
interface FastEthernet9
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$
ip address 10.0.0.111 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
shutdown
router rip
passive-interface FastEthernet1
passive-interface Async1
network 10.0.0.0
no auto-summary
ip route 0.0.0.0 0.0.0.0 63.81.34.1
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet0 overload
logging trap debugging
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.0.0.0 0.0.0.255
no cdp run
control-plane
banner exec ^C
% Password expiration warning.
end
 

spidey07

No Lifer
Aug 4, 2000
65,469
5
76
Remove the crypto key please. Just trying to help. It's the cert self signed line. Remove from the crypto pki trust point to quit.
 

Cooky

Golden Member
Apr 2, 2002
1,408
0
76
setting DHCP on the outside interface would only have it serve IP's not set it up to receive IP's. I think if you leave no IP address it should send out the request and your ISP will respond, but I could be wrong there.. but the default route part is correct.

And your issue as some one else said, is that you're missing the NAT rule.

OP confirmed he has static IP from provider.
However, as an FYI:
Setting dhcp on the interface makes it retrieve dhcp offer from ISP:
interface Fa0
ip address dhcp client-id FastEthernet0

To set up the router as a DHCP server, command syntax is something like:
ip dhcp pool Home
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
lease 7
 

skinazi

Junior Member
Dec 29, 2009
4
0
0
The actual network architecture is a little bit more complicated. The bottom line I do not have dhcp. I am going through a Router and have half a dozen IP addresses assigned to me.
 

skinazi

Junior Member
Dec 29, 2009
4
0
0
Thanks for your warning re: the crypto key. Actually it is only less then 10% of the actual key, so I think it is not harmful. (was to chicken to leave out anything)