Develop Reference

First time configuring cisco router by myself Why can't I reach the internet?

I can ping from the router Google's DNS server at 8.8.8.8 and 8.8.4.4...I can reach all inside network devices attached in the 192.168.1.X range. Other than those few addresses, I can't reach outside of my router. I have pulled an IP from my ISP. I have a route built to my next-hop address provided by my ISP.
Below is my running-config. I used a guide FROM CISCO to set this up. If anyone sees any reason why I am only able to reach these two addresses, please let me know.
Current configuration : 1903 bytes
!
! Last configuration change at 14:49:37 UTC Wed Oct 14 2020
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname StorageRTR
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$3PFU$WQpG5ApsBE/6BZZpd7Oew1
enable password Probasco1!
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
!
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.2
ip dhcp excluded-address 192.168.1.3
ip dhcp excluded-address 192.168.1.4
ip dhcp excluded-address 192.168.1.5
ip dhcp excluded-address 192.168.1.6
ip dhcp excluded-address 192.168.1.7
ip dhcp excluded-address 192.168.1.8
ip dhcp excluded-address 192.168.1.9
ip dhcp excluded-address 192.168.1.10
!
ip dhcp pool CLIENT
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
!
!
ip name-server 8.8.8.8
ip name-server 8.8.4.4
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1941/K9 sn FJC1931E0DD
!
!
username Rob password 0 Probasco1
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache cef
no ip route-cache
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1
ip address dhcp
ip nat outside
ip virtual-reassembly in
no ip route-cache cef
no ip route-cache
duplex auto
speed auto
no cdp enable
!
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ip nat inside source list 102 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 10.255.77.69
!
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
!
no cdp run
!
!
control-plane
!
!
line con 0
exec-timeout 120 0
stopbits 1
line aux 0
line vty 0 4
exec-timeout 30 0
login local
length 0
transport input all
!
scheduler allocate 20000 1000
end

The configuration looks ok to me, but you should not need to configure your gateway IP statically when you are using DHCP, but I guess it's working since you are able to ping Google DNS. I would remove this line:
ip route 0.0.0.0 0.0.0.0 10.255.77.69
You can check if you have the right ip using this command:
show ip int brief
And check your route with this command:
show ip route
The gateway IP from your ISP is a private IP address, so the ISP will be doing NAT once more before you get to the Internet. Perhaps the ISP router is blocking stuff, like DNS to Google?
What happens if you connect a PC directly to the ISP router? Are you able to browse the Internet then? If the ISP hands out different DNS servers, try using those in the Cisco router.

Where does my traffic go when I use a VPN? Tcpdump shows no outgoing traffic when VPN enabled

I have two machines, machine A sending packets to machine B.
If I use
tcpdump -i <interface> udp port <port>
on machine A, I can see the traffic going out.
However when I enable the VPN, I then see nothing coming out of that port.
And I would like to understand why.
The VPN is IPsec based which I understand encrypts the packets, and has the tunneling mode as a typical default.
I was going through some stuff on IPsec VPNs and saw it mentioned that the VPN sends the packets out of different ports. I saw port 4500 mentioned in a number of places, as well as some other port numbers.
I did try these port listed but saw nothing at any of them.
Is my issue that I am preforming the traffic dump at the wrong port? If so is there a way to determine which port the outgoing traffic of machine A is leaving from?
If it is another issue, what might it be? Is it possible to monitor my outgoing traffic from a machine with a VPN tunnel enabled?

When you initially capture packets, you are seeing traffic on your default interface (whichever that is). When you enable your VPN, part of the setup process is to make the VPN virtual interface the default interface. Depending on your system, this will mean giving the VPN interface a higher routing metric or higher routing priority in the list.
After you enable your VPN connection, your routing table should change (see below). You should also see the name of your VPN connection with these commands (as new default interface), which can be used as the interface name with tcpdump. Note that depending on your system/VPN solution, you might need to do additional configuration to get the necessary vpn interface name.
Route metrics on various systems
netstat -rn will show you the routing table on most systems (Windows, Macos, Linux, BSD, ...), but won't show you the routing metrics.
The following commands will show you routing metrics (with sample output shown). As you can see, on Ubuntu/Windows, there's a routing metric number, but on Macos, there's a routing ordering. The way you change the routing ordering in Macos is to literally just change the list order like networksetup -ordernetworkservices service1, service2...
Ubuntu 18.04
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.2.2 0.0.0.0 UG 100 0 0 enp0s3
10.0.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp0s3
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 enp0s3
Macos 10.15
$ networksetup -listnetworkserviceorder
An asterisk (*) denotes that a network service is disabled.
(1) AX88179 USB 3.0 to Gigabit Ethernet
(Hardware Port: AX88179 USB 3.0 to Gigabit Ethernet, Device: en5)
(2) Wi-Fi
(Hardware Port: Wi-Fi, Device: en0)
(3) Bluetooth PAN
(Hardware Port: Bluetooth PAN, Device: en3)
(4) Thunderbolt Bridge
(Hardware Port: Thunderbolt Bridge, Device: bridge0)
(5) Corporate VPN
(Hardware Port: L2TP, Device: )
Windows 10
C:\Users\rj>route print
===========================================================================
Interface List
5...08 00 27 04 b9 fa ......Intel(R) PRO/1000 MT Desktop Adapter
3...02 00 4c 4f 4f 50 ......Npcap Loopback Adapter
1...........................Software Loopback Interface 1
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.2.2 10.0.2.15 25
10.0.2.0 255.255.255.0 On-link 10.0.2.15 281
10.0.2.15 255.255.255.255 On-link 10.0.2.15 281
...

Change gateway sequence with network manager

My computer has 2 ethernet ports and 1 wireless port. One of the ethernet ports (eth5) and the wireless port (wlan0) are both configured to connect to a network server, and the other ethernet port (eth4) is configured to connect to a local network switch for communicating with some local devices. The route table of the computer looks like this (as I can not post image yet):
Destination Gateway Genmask Iface
0.0.0.0 141.21.32.1 0.0.0.0 eth5
10.10.10.0 0.0.0.0 255.255.255.0 eth4
141.21.12.0 0.0.0.0 255.255.252.0 wlan0
141.21.32.0 0.0.0.0 255.255.224.0 eth5
169.254.0.0 0.0.0.0 255.255.0.0 eth5
My question is that, how I could change the sequence of the gateways with the network-manager in ubuntu (permanently), so that the gateway of wlan0 will be used before the eth4's. Otherwise when I unplug the cable from eth5, I will lose connection to the network (the gateway of eth4 will be used by default).
I tried editing the /etc/network/interfaces file, but it conflicts with the network-manager, and it can not handle the dynamic events (e.g., when network cable is plugged or unplugged), meaning that its settings are static, while the network-manager can handle these things perfectly, and change the network configurations adaptively, so I would like to find a solution for this problem with network-manager.
The os is ubuntu 13.04 32bit. Thanks for viewing and I will appreciate for any advice!

Problem is solved by checking the option "use this connection only for resources on its network" in the "Routes" page of the IPv4 settings of the configuration interface for the local network (used by eth4) in network-manager.

CISCO router 827 - VPN ezvpn configuration

i'm facing with this simple configuration and i can't figure it out.
Scenario:
With a cisco vpn client (or ipad, iphone..) i can connect to my company vpn.
What i know is:
VPN GROUP NAME
VPN KEY
VPN SERVER PUBLIC IP
VPN USERNAME and PASSWORD
Ip address of virtual adapter created by cisco vpn client: 10.0.201.31 255.255.255.0
My lan 172.23.28.0 255.255.255.224
Company lan 172.19.248.0 255.255.252.0
The question is "How can i handle this for my home's lan with a cisco 827 router ?"
I think the steps are:
1) configuring eth0, dns and dhcp (done)
2) configuring ATM0 and Dialer0 to get internet access (done)
3) configuring access list and ip routes for my lan (done)
4)configuring ezvpn parameters (done)
5) configuring virtual interface with Ip 10.0.201.31 (What kind of interface?)
6) Set inside and outside nat for "crypto ipsec client ezvpn MYVPNTUNNELNAME" (which interfaces and how ?)
7) configuring route to 172.19.248.0 255.255.252.0 (how?)
Here is my configuration:
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R827
!
boot-start-marker
boot-end-marker
!
enable secret 5 cryptedSecret
enable password notcrypted
!
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 172.23.28.1
ip dhcp excluded-address 172.23.28.2
ip dhcp excluded-address 172.23.28.3
ip dhcp excluded-address 172.23.28.4
ip dhcp excluded-address 172.23.28.5
ip dhcp excluded-address 172.23.28.6
ip dhcp excluded-address 172.23.28.7
ip dhcp excluded-address 172.23.28.8
ip dhcp excluded-address 172.23.28.9
ip dhcp excluded-address 172.23.28.10
!
ip dhcp pool CeccoDhcp
network 172.23.28.0 255.255.255.224
default-router 172.23.28.1
dns-server 8.8.8.8
!
!
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
!
!
!
!
!
crypto ipsec client ezvpn MYVPNTUNNELNAME
connect auto
group MYGROUPNAME key MYGROUPKEY
mode network-extension
peer PUBLICIPOFVPNSERVER
username MYUSER password MYPASSWORD
!
!
!
interface Ethernet0
ip address 172.23.28.1 255.255.255.224
ip nat inside
ip virtual-reassembly
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
bundle-enable
dsl operating-mode auto
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp header-compression
dialer pool 1
dialer-group 1
no cdp enable
ppp pap sent-username aliceadsl password 7 15130705072F2A203B3F
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
no ip http secure-server
ip nat inside source list 101 interface Dialer0 overload
!
!
access-list 101 permit ip 172.23.28.0 0.0.0.31 any
dialer-list 1 protocol ip permit
!
!
control-plane
!
!
line con 0
stopbits 1
line vty 0 4
password MYTERMINALPASSWORD
login
!
scheduler max-task-time 5000
end
End of configuration.
Please note:
If i add
crypto ipsec client ezvpn MYVPNTUNNELNAME
to Dialer0
and
crypto ipsec client ezvpn MYVPNTUNNELNAME inside
to Ethernet0
i get this:
Tunnel name : MYVPNTUNNELNAME
Inside interface list: Ethernet0,
Outside interface: Dialer0
Current State: READY
Last Event: CONN_UP
Hope someone could help me.
Thanks in advance.
Cecco

Ok, I compared your config to some old notes I had. I did work turning up Cisco VPNs in the past so this jogged my memory.
I think the READY state and CONN_UP last event mean that it sits there, prior to authentication. And this may be because you're not telling the 871 how to handle XAUTH.
Try adding the below to your crypto ipsec client ezvpn section:
xauth userid mode interactive
That and turning debugging on should give you something to work on. Let me know how it goes.

Solved!!
Thanks to James help i switched ezvpn conf to "mode client" and with debug i noticed that the problem was on server side, cause "storage-password enable" was not set.
When company's net admin told me that "storage-password enable" was set i just did:
conf t
int Dia0
crypto ipsec client ezvpn MYVPNTUNNELNAME
....and everything works perfectly :-)

Cisco 1800 NAT configuration

I have Cisco 1812 router which I would like to setup as our office internet gateway. Although I followed guides on Cisco web site, I cannot get NAT to work.
My problem is that NAT is not happening, and I cannot get why.
When I connect to router, I get IP address from DHCP, and I can ping both local interface IP (192.168.210.254) and public IP (212.94.196.71 slightly changed), but I cannot get pass to internet. I cannot ping default gateway from machine connected to local interface, but I can ping it from the router itself, as well as any site on the internet.
Lastly, show ip nat translations is showing empty list.
What am I doing wrong?
Here is my configuration
Current configuration : 2022 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$FXW9$XXXXXXXXXXXXXXXXXXX.
!
no aaa new-model
!
resource policy
!
no ip routing
!
!
no ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.210.240 192.168.210.254
ip dhcp excluded-address 192.168.210.1 192.168.210.4
!
ip dhcp pool lan1
network 192.168.210.0 255.255.255.0
dns-server 192.168.210.100
default-router 192.168.210.254
domain-name mydomain.com
!
ip name-server 210.127.96.3
ip name-server 210.127.96.4
!
interface FastEthernet0
ip address 192.168.210.254 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
speed auto
full-duplex
!
interface FastEthernet1
ip address 212.94.196.71 255.255.255.240
ip nat outside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
!
interface BRI0
no ip address
encapsulation hdlc
no ip route-cache
shutdown
!
interface FastEthernet2
shutdown
!
interface FastEthernet3
shutdown
!
interface FastEthernet4
shutdown
!
interface FastEthernet5
shutdown
!
interface FastEthernet6
shutdown
!
interface FastEthernet7
shutdown
!
interface FastEthernet8
shutdown
!
interface FastEthernet9
shutdown
!
interface Vlan1
ip address 192.168.1.254 255.255.255.0
no ip route-cache
!
interface Vlan10
ip address 10.28.10.254 255.255.255.0
no ip route-cache
!
interface Vlan11
ip address 10.1.11.254 255.255.255.0
no ip route-cache
!
interface Vlan55
ip address 10.28.55.254 255.255.255.0
no ip route-cache
!
ip default-gateway 212.94.196.65
!
!
no ip http server
no ip http secure-server
ip nat pool ovrld 212.94.196.71 212.94.196.71 prefix-length 28
!
access-list 7 permit 192.168.210.0 0.0.0.31
snmp-server community public RO
!
control-plane
!
line con 0
line aux 0
line vty 0 4
login
!
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end

You forgot enable translation of inside source addresses.
ip nat inside source { list <acl> pool <name> [overload] |
static <local-ip><global-ip> }
I see you already have an access-list so (according to your private addressing) in global config add:
ip nat inside source list 7 pool ovrld
Additional Edit:
With IP routing enabled ip routing it works

Your DHCP is for the lower subnet and your gateway is in another subnet the top .224-254
your nat list is for the .0 subnet