TOPIC: cisco 1841 DNS Resolve problem

I would like to replace the Linux router with cisco 1841, but cannot open any webpage...

WinXP -> cisco 1841 -> wireless bridge -> Internet.
-The Page cannot be displayed, cannot find server or DNS Error.

WinXP -> cisco 1841 -> Linux router -> wireless bridge -> Internet.
-Everything work fine, all webpages can display, no problem.

Has anyone come accross the problem before, thanks for any advise.
:roll:

pp1dt,

Can you provide more information on your setup ?

e.g is there any NAT performed on the Linux router? What ip addresses are you using for each network and what is the configuration of your 1841?

The above info will help us understand your setup and allow us to guide you to the solution.

Cheers,

Hi Chris,

we are existing using Linux box as a router, connect it through the wireless bridge to the ISP and everything is working fine, but we want to change it to cisco 1841 that why we install it but is not working after I remove the Linux box and replace it with the cisco 1841 as I post above, below are my router config:-

Current configuration : 1442 bytes
[code:1]
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 $1$0sus$!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip cef
!
crypto ipsec client ezvpn 555
connect auto
group group1 key ciscoxyz
mode client
peer 201.xxx.xxx.xxx
xauth userid mode interactive
!
interface FastEthernet0/0
ip address 10.0.9.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
crypto ipsec client ezvpn 555 inside
!
interface FastEthernet0/1
ip address 201.xxx.xxx.xxx 255.255.255.224
no ip proxy-arp
ip nat outside
ip virtual-reassembly
no ip mroute-cache
duplex auto
speed auto
crypto ipsec client ezvpn 555
!
ip route 0.0.0.0 0.0.0.0 201.xxx.xxx.225
!
no ip http server
no ip http secure-server
ip nat inside source route-map nonat interface FastEthernet0/1 overload
!
access-list 101 deny ip 10.0.9.0 0.0.0.255 10.0.1.0 0.0.0.255
access-list 101 permit ip 10.0.9.0 0.0.0.255 any
route-map nonat permit 10
match ip address 101
[/code:1]

I think your problem just might reside in your ACL. Lets take a look at what you wrote:


Now, if you were to add the command:
access-list 101 permit ip any any
or
access-list 101 permit any

Your stations should be able to access the internet. It's not guaranteed, but it's a start. Chris, what do you think?
[/quote]

I don't think the ACL is the problem but it might be worth trying to permit everything.

access-list 101 deny ip 10.0.9.0 0.0.0.255 10.0.1.0 0.0.0.255
access-list 101 permit ip 10.0.9.0 0.0.0.255 any

The first statement denies traffic from 10.0.9.x /24 to 10.0.1.x /24, my guess this is another internal net that he doesn't want to be connected. Second statement permits everything from 10.0.9.x /24. So it should work.

I noticed the 1841 router is configured for Easy VPN. Have you verified the peer IP address as well as the group and key are correct? Also, is it your intent to have all traffic go over the VPN tunnel, or just certain types? You can do what is called a split tunnel (in .pdf format) that sends certain traffic always over the tunnel, and the rest directly to the internet.

The access list is having no affect on the configuration, it's applied to a route map that's not applied to any interface, at least not from what is given in pp1dt's post. Anyways, the configuration looks OK from what I see, my suggestion is check the VPN portion.