Cisco 2651XM - No Internet Access

[Oliver1]

I am a complete Cisco Newbie and am need some help with a Cisco 2651XM router - my computer (WindowsXP) says I am connected at 100Mbps but I have no internet access below is a copy of my "startup script", "ip route" and "ip interface" files. Thanks


"STARTUP-CONFIG"
enable
configure terminal
no service config
ip dhcp pool silver1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 72.240.1.105
import all
lease 7
exit
interface FastEthernet0/0
ip add dhcp
ip nat outside
no ip redirects
no shutdown
exit
interface FastEthernet0/1
ip add 192.168.1.1 255.255.255.0
ip nat inside
no shutdown
exit
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source list 1 interface FastEthernet0/0 overload
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.151 192.168.1.254
ip name-server 72.240.1.105
ip http server
ip http secure-server
ip http authentication local
access-list 101 deny tcp any 192.168.1.0 0.0.0.255
access-list 101 permit ip any
no service tcp-small-servers
no service udp-small-servers
no ip source-route
ip cef
no ip dhcp use vrf connected
no ip bootp server
ip name-server 72.240.1.105
hostname 2651XM
line con 0
logg sync
exit
end
copy run start

"IP ROUTE"
2651XM#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.11.1 to network 0.0.0.0

C 192.168.11.0/24 is directly connected, FastEthernet0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/1
S* 0.0.0.0/0 [254/0] via 192.168.11.1

"IP INTERFACE"
2651XM#sh ip interface
FastEthernet0/0 is up, line protocol is up
Internet address is 192.168.11.5/24
Broadcast address is 255.255.255.255
Address determined by DHCP
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are never sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Probe proxy name replies are disabled
Policy routing is disabled
Network address translation is enabled, interface in domain outside
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
BGP Policy Mapping is disabled
FastEthernet0/1 is up, line protocol is up
Internet address is 192.168.1.1/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Probe proxy name replies are disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
BGP Policy Mapping is disabled

 

[jlazzaro]

which network is your PC plugged into, 192.168.1.0/24?

can you ping your default gateway, 192.168.11.1, from both the router and PC?

does the router at 192.168.11.1 know to route 192.168.1.0/24 back to your 2651?

 

[MtnMan]

What are you connecting to that you believe would give you internet access? Cable moden, DLS, etc.... ISP?
What is the device for your next hop for your default route (192.168.11.1)?
Assuming your PC is on the 192.168.1.0 network, can you ping 192.168.11.1?

 

[freegeeks]

you are getting a private ip address on your WAN which is totally weird to me. It would mean that your ISP is doing NAT to give you internet access. Combined with your own NAT this would mean double NAT which is a pain in the ass. To what is your WAN (fastethernet0/0) connected? Cable providers are normally DHCP, DSL is normally pppoe (at least here in Europe).

 

[MtnMan]

you are getting a private ip address on your WAN which is totally weird to me. It would mean that your ISP is doing NAT to give you internet access. Combined with your own NAT this would mean double NAT which is a pain in the ass. To what is your WAN (fastethernet0/0) connected? Cable providers are normally DHCP, DSL is normally pppoe (at least here in Europe).

I've seen AT&T DSL provide private IP's to subscribers, so that is possibly the case.

 

[freegeeks]

I've seen AT&T DSL provide private IP's to subscribers, so that is possibly the case.

Seriously? I don't know of any ISP around here doing this. How do you configure NAT port forwarding? Are they running 1 to 1 NAT or NAT overload

Must suck to have an ISP like this

 

[MtnMan]

Seriously? I don't know of any ISP around here doing this. How do you configure NAT port forwarding? Are they running 1 to 1 NAT or NAT overload

Must suck to have an ISP like this

Yea seriously, a friend was getting a new laptop and router to hook to his DSL (old PC was connected the DSL modem) and I told him I would set it up vs. him having the Geek Squad doing it.

He was getting a 192.168.xxx.xxx address from AT&T DSL.

Port forwarding, you don't.:$ Of course for him, not an issue.

 

[drebo]

Uhg. Stop shouting like the world is falling. AT&T's "one computer" modem is simply configured by default to NAT. It's NOT just giving you a private IP from their DSLAM.

You can reconfigure it to provide a public IP via DHCP to the attached device or even in a complete bridge mode where your connected device supplies PPPoE credentials and negotiation.

Rest assured, each and every AT&T DSL customer does, indeed, get at least one public IP.

Also, he is NATing via his 2651, so it doesn't matter whether the router on the other side knows about the 192.168.1.0/24 network. What may be important, though, are some pings, traceroutes, and further troubleshooting in the form of: "if you plug your laptop into the place where the router is expecting to get DHCP, can you get on the internet?"

Jumping to conclusions about anything else is stupid and irrelevant.

 

[her209]

Post the full config...

 

[Oliver1]

I tried this and still cant get to the internet any suggestions

Iping from inside the cisco router

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
2651XM#

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
2651XM#

Can ping both ports from outside the router

192.168.1.1
182.168.11.5

Port FE 0/0 is hooked up to the dsl modem
FastEthernet0/0 is up, line protocol is up
Internet address is 192.168.11.5/24
Broadcast address is 255.255.255.255
Address determined by DHCP

and port FE 0/1 if hooked to the computer

FastEthernet0/1 is up, line protocol is up
Internet address is 192.168.1.1/24
Broadcast address is 255.255.255.255


SHOW IP INTERFACE
2651XM>enable
2651XM#sh ip interface
FastEthernet0/0 is up, line protocol is up
Internet address is 192.168.11.5/24
Broadcast address is 255.255.255.255
Address determined by DHCP
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is 101
Inbound access list is not set
Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are never sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Probe proxy name replies are disabled
Policy routing is disabled
Network address translation is enabled, interface in domain outside
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
BGP Policy Mapping is disabled
FastEthernet0/1 is up, line protocol is up
Internet address is 192.168.1.1/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Multicast reserved groups joined: 224.0.0.5 224.0.0.6
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF Feature Fast switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Probe proxy name replies are disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
BGP Policy Mapping is disabled

NEW ROUTER SCRIPT
enable
configure terminal
hostname 2651XM
no service config
ip dhcp pool silver1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 72.240.1.105
import all
lease infinite
exit
exit
configure terminal
interface FastEthernet0/0
ip add dhcp
ip access-group 101 out
ip nat outside
no ip redirects
no shutdown
exit
exit
configure terminal
interface FastEthernet0/1
ip add 192.168.1.1 255.255.255.0
ip nat inside
no shutdown
exit
router ospf 1
network 192.168.0.0 0.0.0.255 area 0
network 192.168.1.0 0.0.0.255 area 0
exit
enable

access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source list 1 interface FastEthernet0/0 overload
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.151 192.168.1.254
ip name-server 72.240.1.105

access-list 101 permit ip any 192.168.1.0 0.0.0.255
access-list 101 permit ip any any
no service tcp-small-servers
no service udp-small-servers
no ip source-route
ip cef
ip routing
no ip bootp server
ip name-server 72.240.1.105
line con 0
logg sync
exit
end

 

[bobdole369]

Port FE 0/0 is hooked up to the dsl modem

Its really weird (but not unheard of) to get a local IP (Internet address is 192.168.11.5/24) assigned on the LAN port of your DSL modem. WHat kind of modem is this? And what DSL service is this?

Plug your computer directly to the LAN port and see what iP you get. Possible that this new MAC address is walled-gardened. (noting that the address WAS determined by dhcp so that does seem to be what the dsl modem is handing out).

Just noting that the ospf stuff is misconfigured. You don't seem to have a 192.168.0.0/24 network, but its defined as the backbone.

But the problem is here:

"IP ROUTE"
2651XM#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.11.1 to network 0.0.0.0

C 192.168.11.0/24 is directly connected, FastEthernet0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/1
S* 0.0.0.0/0 [254/0] via 192.168.11.1

the default route is to 192.168.11.1

OP type:

conf t
no ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 192.168.11.1
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 192.168.11.5


and report.

 

[freegeeks]

Uhg. Stop shouting like the world is falling. AT&T's "one computer" modem is simply configured by default to NAT. It's NOT just giving you a private IP from their DSLAM.

You can reconfigure it to provide a public IP via DHCP to the attached device or even in a complete bridge mode where your connected device supplies PPPoE credentials and negotiation.

Rest assured, each and every AT&T DSL customer does, indeed, get at least one public IP.

Also, he is NATing via his 2651, so it doesn't matter whether the router on the other side knows about the 192.168.1.0/24 network. What may be important, though, are some pings, traceroutes, and further troubleshooting in the form of: "if you plug your laptop into the place where the router is expecting to get DHCP, can you get on the internet?"

Jumping to conclusions about anything else is stupid and irrelevant.

nobody is shouting, all I'm saying is that he has a private ip address on his WAN and that he will have a double NAT

 

[Oliver1]

Thanks for all the advice it works now I can hit the internet

 

[Dadofamunky]

Glad you got it working! Did you try Bobdole's advice?

 

[Oliver1]

Yes