1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cisco 837 DSL Router - NATing But No Internet Traffic

Discussion in 'General Cisco Certifications' started by craigie, Mar 16, 2010.

  1. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    I think I'm going completely mad, and would appreciate a fresh pair of eyes to have a look at this with me.

    I performed a couple migrations for a client involing ASA's and PIX's recently, from a ADSL line to a ADSL Max line.

    All went well apart from the Cisco 837 DSL Router they had wouldn't dial out to there ISP (BT). So I lashed in a Draytek router which worked perfectly and informed the client I would investigate and get back to them.

    So I now have the Cisco 837 Router at home, when I adjusted the config for my home settings I couldn't get it to dial out. However, when I erased the config and rebuilt it, I now have the following:

    - Authenticate with ISP and pick up a IP Address
    - Checked ISP Settings for Dialer0 and ATM
    - Show IP NAT Translations shows nat ing for ping's and websites.
    - Show IP Int Dial 0 shows correct information
    - Show Int DSL shows correct information
    - Show IP Interface Brief shows correct information

    I have my laptop on a static IP so ruling out DHCP etc, but I cannot access any websites and ping doesn't work to the outside world. Works internally from the Router to the Laptop and vice versa.

    I have changed around the DSL leads, which hasn't made a difference.

    On the following two articles it mentions that Cisco 837 do not work with ADSL Max:

    http://forums.whirlpool.net.au/forum-replies-archive.cfm/388911.html

    http://www.velocityreviews.com/forums/t528597-adsl2-on-cisco-837-a.html

    Copy of the running config, if anyone has any ideas would be appreciated (as I'm sure that I'm missing something quite obvious).

    Current configuration : 1506 bytes
    !
    version 12.2
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname aarouter
    !
    logging queue-limit 100
    enable secret 5 $1$9Vcf$WfnXKvY/U7C/g3C7O2lvR.
    !
    username admin privilege 15 secret 5 $1$O7pY$icf0arZqVQ6KMUDcwPwtk0
    aaa new-model
    !
    !
    aaa authentication login default local
    aaa session-id common
    ip subnet-zero
    ip domain name xxxxxxxxxx.com
    !
    !
    ip audit notify log
    ip audit po max-events 100
    no ftp-server write-enable
    !
    !
    !
    !
    !
    !
    !
    interface Ethernet0
    ip address 192.168.0.254 255.255.255.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    hold-queue 100 out
    !
    interface ATM0
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    no atm ilmi-keepalive
    pvc 0/38
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    dsl operating-mode auto
    !
    interface Dialer0
    ip address negotiated
    ip nat outside
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    no cdp enable
    ppp authentication pap chap callin
    ppp chap hostname xxxxxxxxx
    ppp chap password 7 xxxxxxxxxx
    !
    ip nat inside source list 1 interface Dialer0 overload
    ip classless
    ip route 0.0.0.0 0.0.0.0 Dialer0
    no ip http server
    no ip http secure-server
    ip dns server
    !
    access-list 1 permit 192.168.0.0 0.0.0.255
    !
    line con 0
    no modem enable
    stopbits 1
    line aux 0
    stopbits 1
    line vty 0 4
    password 7 xxxxxxxxxxxx
    transport input ssh
    !
    scheduler max-task-time 5000
    !
    end
     
    Last edited: Mar 16, 2010
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  2. danielno8

    danielno8 Gigabyte Poster

    1,305
    48
    92
    I don't get it, it says it doesn't work with ADSL MAX yet has synced with the exchange ok and picked up an IP address...

    can you do a ping using the source IP of the ADSL interface?
     
    Certifications: CCENT, CCNA
    WIP: CCNP
  3. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    Cheers mate, I shall give that a go and see what happens.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  4. danielno8

    danielno8 Gigabyte Poster

    1,305
    48
    92
    Can you also double check the default route when connected.

    I see you have the default route to be out the dialer0 int, but when you are connected and have picked up a DHCP IP address from the ISP, just do a "show ip route" and make sure it has added the default route. If it is having any funnies with the MAX (despite you picking up the DHCP address from the ISP) it may have not added the default route.
     
    Certifications: CCENT, CCNA
    WIP: CCNP
  5. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    Cheers mate, didn't even think to look at that as the show ip int brief shows the IP Address assigned.

    I shall take a look later when I get home and see what results I get.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  6. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    Just a shot in the dark... maybe the provider's got some sort of port security/MAC filtering going on... they see the new router and decide to not let traffic pass since the MAC has changed.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  7. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    Thanks for the suggestion, but I regularly configure routers at home to test and never had an issue with MAC Addresses before.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  8. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    OK, not had chance to test this as I have been building 4 new Site To Site VPN Tunnels for a Client on Cisco PIX's.

    Cheers for the suggestions so far.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  9. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    Cool... maybe it's just something that providers in the States do. For instance, if I swap my cable router at home, I've gotta call my provider and have them reset the MAC assignment on their end (or wait for the record to expire). The new router then tells the provider its MAC and I'm good to go.

    That said... I don't think the provider will even issue me a DHCP address if the aforementioned port security is going on... so you're probably right, that's not likely to be the problem. Sorry, man.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  10. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    OK this is proper gay, I changed my own router settings from automatic to manual for the PVC and MTU to confirm these where right (which they where) then I lashed in the Cisco again and it freckin worked.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  11. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,190
    296
    319
    It does happen now and again but if you leave the router unplugged for 10-15mins and then plug the new one in then the router should connect ok. Think it’s more of a ARP cache issue than a security thing.
     
    Last edited: Mar 17, 2010
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010

Share This Page

Loading...