I have a Cisco 819 with a Verizon Sim card in it and have it setup to be transparent to handoff to a Meraki network. We seem to hav e connection to the site and I am able to vpn in but some web pages are not working, and external services, like slack and socket comms seem to be not working.
For instance, I can go to bing.com and search and that works, but can't go to some URL's like yahoo.com. I am able to ping yahoo.com, get DNS resolution, and then I tried to use that IP the site still times out. Doesn't appear to be a DNS issue. Wondering if anyone here can help me out and check over my config to see if maybe its something in here doing it? The only thing that changed at this site was moving over to this box instead of using an USB stick modem in the MX.
Thanks
Current configuration : 8936 bytes
!
! Last configuration change at 17:54:40 UTC Thu Aug 30 2018 by admin
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service internal
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
ethernet lmi ce
!
crypto pki trustpoint TP-self-signed-1840704989
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1840704989
revocation-check none
rsakeypair TP-self-signed-1840704989
!
!
crypto pki certificate chain TP-self-signed-1840704989
certificate self-signed 01
#####
quit
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
import all
network 10.0.0.0 255.255.255.0
default-router 10.10.10.1
lease 0 2
!
!
!
ip domain name yourdomain.com
ip name-server 8.8.8.8
ip inspect WAAS flush-timeout 10
ip cef
no ipv6 cef
!
!
flow record nbar-appmon
match ipv4 source address
match ipv4 destination address
match application name
collect interface output
collect counter bytes
collect counter packets
collect timestamp absolute first
collect timestamp absolute last
!
!
flow monitor application-mon
cache timeout active 60
record nbar-appmon
!
parameter-map type inspect global
max-incomplete low 18000
max-incomplete high 20000
nbar-classify
!
!
!
!
multilink bundle-name authenticated
!
!
chat-script lte "" "AT!CALL" TIMEOUT 20 "OK"
!
!
!
!
!
license udi pid C819HG-LTE-MNA-K9 sn FTX2137Z05V
!
!
object-group service INTERNAL_UTM_SERVICE
!
object-group network Others_dst_net
any
!
object-group network Others_src_net
any
!
object-group service Others_svc
ip
!
object-group network Web_dst_net
any
!
object-group network Web_src_net
any
!
object-group service Web_svc
ip
!
object-group network local_cws_net
!
object-group network local_lan_subnets
any
!
object-group network vpn_remote_subnets
any
!
username admin privilege 15 secret 5 password
!
redundancy
notification-timer 120000
!
!
!
!
!
controller Cellular 0
lte sim data-profile 1 attach-profile 1 slot 0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
no cdp run
!
!
class-map type inspect match-any INTERNAL_DOMAIN_FILTER
match protocol msnmsgr
match protocol ymsgr
class-map type inspect match-any Others_app
match protocol https
match protocol smtp
match protocol pop3
match protocol imap
match protocol sip
match protocol ftp
match protocol dns
match protocol icmp
class-map type inspect match-any Web_app
match protocol http
class-map type inspect match-all Others
match class-map Others_app
match access-group name Others_acl
class-map type inspect match-all Web
match class-map Web_app
match access-group name Web_acl
!
policy-map type inspect LAN-WAN-POLICY
class type inspect Web
inspect
class type inspect Others
inspect
class type inspect INTERNAL_DOMAIN_FILTER
inspect
class class-default
drop log
!
zone security LAN
zone security WAN
zone security VPN
zone security DMZ
zone-pair security LAN-WAN source LAN destination WAN
service-policy type inspect LAN-WAN-POLICY
!
!
!
!
!
!
!
!
!
!
!
interface Loopback1
description ### always-on interface ###
ip address 1.2.3.9 255.255.255.255
ip nat inside
ip virtual-reassembly in
!
interface Cellular0
ip address negotiated
no ip unreachables
ip nat outside
ip virtual-reassembly in
encapsulation slip
load-interval 30
dialer in-band
dialer idle-timeout 0
dialer string lte
dialer string ltescript
dialer watch-group 1
async mode interactive
!
interface Cellular1
no ip address
encapsulation slip
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface GigabitEthernet0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0
no ip address
shutdown
clock rate 2000000
!
interface Vlan1
description $ETH_LAN$
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source static 10.0.0.2 interface Cellular0
ip route 0.0.0.0 0.0.0.0 Cellular0
!
ip access-list extended NAT
permit ip 10.0.0.0 0.0.0.255 any
ip access-list extended Others_acl
permit object-group Others_svc object-group Others_src_net object-group Others_dst_net
ip access-list extended Web_acl
permit object-group Web_svc object-group Web_src_net object-group Web_dst_net
ip access-list extended nat-list
permit ip object-group local_lan_subnets any
!
dialer watch-list 1 ip 5.6.7.8 0.0.0.0
dialer watch-list 1 delay route-check initial 60
dialer watch-list 1 delay connect 1
dialer-list 1 protocol ip permit
ipv6 ioam timestamp
!
access-list 23 permit 10.10.10.0 0.0.0.127
access-list 23 permit 10.0.0.0 0.0.0.255
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
line con 0
login local
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line 3
script dialer lte
no exec
rxspeed 100000000
txspeed 50000000
line 8
no exec
rxspeed 100000000
txspeed 50000000
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
!
!
!
!
!
end
No comments:
Post a Comment