SCCHIS
asked on
Win 2003/Exchange server network connection good but no internet connection
Have a 2003 server as a Domain controller and running Exchange.
After our ISP changed our public IP address and their DNS Servers Address's, we updated out records with network solutions, and changed the DNS Fowarders on the server, and the NATing in our router (Cisco1841) everything looks right and we now have access to the internet on everything except the server.
Can ping internal address's from the Server, but not external, can ping the router.
From work stations we can ping both internally and externally.
Any ideas where to look?
After our ISP changed our public IP address and their DNS Servers Address's, we updated out records with network solutions, and changed the DNS Fowarders on the server, and the NATing in our router (Cisco1841) everything looks right and we now have access to the internet on everything except the server.
Can ping internal address's from the Server, but not external, can ping the router.
From work stations we can ping both internally and externally.
Any ideas where to look?
Can you ping the default gateway from the server? Can you set up a syslog server and see what warnings are logged when you try to generate traffic from the server to the internet? If it is an ACL issue, you'll be notified.
Can you provide your cisco config with all public IP's and passwords removed?
Can you provide your cisco config with all public IP's and passwords removed?
Check NATing on your router for the server.
Check Forwarders in your DNS configured correctly or not.
On your TCP/IP Properties give primary DNS your own DNS server IP.
Check Forwarders in your DNS configured correctly or not.
On your TCP/IP Properties give primary DNS your own DNS server IP.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
NIC is set properly, flushdns didn't help.
Can ping the gateway and anything else internal to the network, not sure how to set up syslog, (on the router, right?)
Only thing changed int the NATing was the old Public IP to the new, and it was all working before, same with the forwarders, just added the new ones, took out the old ones, in TCP/IP Properties primary DNS is our own
DNS server IP.
Config below (hope I got everything out)
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
no ip dhcp use vrf connected
!
!
no ip ips deny-action ips-interface
ip ips notify SDEE
no ip domain lookup
ip name-server 10.57.9.250
ip name-server xx.xx.x.xx
ip name-server xx.xx.x.xx
!
!
!
!
username xxxxxx password xxxxxxxxx
!
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 11
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key xxxxxxxxxxxxxx address xx.xx.x.xx no-xauth
crypto isakmp key xxxxxxxxxxxxxx address xx.xx.x.xx no-xauth
crypto isakmp key xxxxxxx address 0.0.0.0 0.0.0.0
!
crypto isakmp client configuration group scch
key xxxxxxxxxxx
dns 10.57.9.250
pool ippool
acl 108
!
crypto isakmp client configuration group meditech
key xxxxxxxxxxxx
dns 10.57.9.250
pool newpool
acl 109
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set site esp-3des esp-md5-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map SDM_CMAP_1 xxxxxx ipsec-isakmp dynamic SDM_DYNMAP_1
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 1 ipsec-isakmp
set peer xx.xx.x.xx
set transform-set site
match address 120
crypto map clientmap 2 ipsec-isakmp
set peer xx.xx.x.xx
set transform-set ESP-3DES-SHA
match address 140
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
interface Loopback1
ip address 1.1.1.1 255.255.255.252
!
interface FastEthernet0/0
description $ETH-WAN$$FW_OUTSIDE$
ip address dhcp client-id FastEthernet0/0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
crypto map clientmap
!
interface FastEthernet0/1
description $FW_INSIDE$$ETH-LAN$
ip address 10.57.4.1 255.255.240.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1400
ip policy route-map static
speed auto
full-duplex
no cdp enable
no mop enabled
!
ip local pool ippool 192.168.1.1 192.168.1.10
ip local pool newpool 192.168.2.1 192.168.2.10
ip classless
ip route 10.57.16.0 255.255.255.0 10.57.7.20
!
ip http server
ip http access-class 1
no ip http secure-server
ip nat inside source route-map nonat interface FastEthernet0/0 overload
ip nat inside source static tcp 10.57.9.250 25 xx.xx.x.xx 25 route-map SDM_RMAP_4
extendable
ip nat inside source static tcp 10.57.9.250 80 xx.xx.x.xx 80 extendable
ip nat inside source static tcp 10.57.9.110 81 xx.xx.x.xx 81 route-map SDM_RMAP_1
extendable
ip nat inside source static tcp 10.57.9.110 443 xx.xx.x.xx 443 route-map SDM_RMAP_3
extendable
!
ip access-list extended sdm_fastethernet0/0_in
remark SDM_ACL Category=1
remark SMTP
permit tcp any eq smtp host 10.57.9.250 eq smtp
ip access-list extended sdm_fastethernet0/1_out
remark SDM_ACL Category=1
permit icmp any any
!
logging xx.xx.x.xx
access-list 1 permit 10.57.9.3
access-list 1 remark Auto generated by SDM Management Access feature
access-list 1 remark SDM_ACL Category=1
access-list 1 permit xx.xx.x.xx
access-list 1 permit 192.168.1.12
access-list 1 permit xx.xx.x.xx
access-list 56 permit 10.57.9.250
access-list 100 permit tcp any host 10.57.9.110 eq www
access-list 100 permit tcp any host 10.57.9.250 eq smtp
access-list 101 remark SDM_ACL Category=2
access-list 101 deny ip host 10.57.9.110 host 192.168.1.10
access-list 101 deny ip host 10.57.9.110 host 192.168.1.9
access-list 101 deny ip host 10.57.9.110 host 192.168.1.8
access-list 101 deny ip host 10.57.9.110 host 192.168.1.7
access-list 101 deny ip host 10.57.9.110 host 192.168.1.6
access-list 101 deny ip host 10.57.9.110 host 192.168.1.5
access-list 101 deny ip host 10.57.9.110 host 192.168.1.4
access-list 101 deny ip host 10.57.9.110 host 192.168.1.3
access-list 101 deny ip host 10.57.9.110 host 192.168.1.2
access-list 101 deny ip host 10.57.9.110 host 192.168.1.1
access-list 101 deny ip host 10.57.9.110 host 192.168.2.10
access-list 101 deny ip host 10.57.9.110 host 192.168.2.9
access-list 101 deny ip host 10.57.9.110 host 192.168.2.8
access-list 101 deny ip host 10.57.9.110 host 192.168.2.7
access-list 101 deny ip host 10.57.9.110 host 192.168.2.6
access-list 101 deny ip host 10.57.9.110 host 192.168.2.5
access-list 101 deny ip host 10.57.9.110 host 192.168.2.4
access-list 101 deny ip host 10.57.9.110 host 192.168.2.3
access-list 101 deny ip host 10.57.9.110 host 192.168.2.2
access-list 101 deny ip host 10.57.9.110 host 192.168.2.1
access-list 101 permit ip host 10.57.9.110 any
access-list 102 remark Auto generated by SDM Management Access feature
access-list 102 remark SDM_ACL Category=1
access-list 102 remark smtp
access-list 102 permit tcp any host 10.57.9.3 eq smtp
access-list 102 permit udp host 6xx.xx.x.xx eq domain any
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any time-exceeded
access-list 102 permit icmp any any unreachable
access-list 102 permit ip host xx.xx.x.xx any
access-list 102 permit ip host 10.57.9.3 any
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip 10.57.0.0 0.0.15.255 any
access-list 102 deny ip any any log
access-list 103 remark SDM_ACL Category=4
access-list 103 remark IPSec Rule
access-list 103 permit ip xx.xxx.xx.0 0.0.15.255 xx.xx.255.0 0.0.0.255
access-list 104 remark SDM_ACL Category=2
access-list 104 deny ip host 10.57.9.250 host 192.168.1.10
access-list 104 deny ip host 10.57.9.250 host 192.168.1.9
access-list 104 deny ip host 10.57.9.250 host 192.168.1.8
access-list 104 deny ip host 10.57.9.250 host 192.168.1.7
access-list 104 deny ip host 10.57.9.250 host 192.168.1.6
access-list 104 deny ip host 10.57.9.250 host 192.168.1.5
access-list 104 deny ip host 10.57.9.250 host 192.168.1.4
access-list 104 deny ip host 10.57.9.250 host 192.168.1.3
access-list 104 deny ip host 10.57.9.250 host 192.168.1.2
access-list 104 deny ip host 10.57.9.250 host 192.168.1.1
access-list 104 deny ip host 10.57.9.250 host 192.168.2.10
access-list 104 deny ip host 10.57.9.250 host 192.168.2.9
access-list 104 deny ip host 10.57.9.250 host 192.168.2.8
access-list 104 deny ip host 10.57.9.250 host 192.168.2.7
access-list 104 deny ip host 10.57.9.250 host 192.168.2.6
access-list 104 deny ip host 10.57.9.250 host 192.168.2.5
access-list 104 deny ip host 10.57.9.250 host 192.168.2.4
access-list 104 deny ip host 10.57.9.250 host 192.168.2.3
access-list 104 deny ip host 10.57.9.250 host 192.168.2.2
access-list 104 deny ip host 10.57.9.250 host 192.168.2.1
access-list 104 permit ip host 10.57.9.250 any
access-list 105 remark SDM_ACL Category=2
access-list 105 deny ip host 10.57.9.110 host 192.168.1.10
access-list 105 deny ip host 10.57.9.110 host 192.168.1.9
access-list 105 deny ip host 10.57.9.110 host 192.168.1.8
access-list 105 deny ip host 10.57.9.110 host 192.168.1.7
access-list 105 deny ip host 10.57.9.110 host 192.168.1.6
access-list 105 deny ip host 10.57.9.110 host 192.168.1.5
access-list 105 deny ip host 10.57.9.110 host 192.168.1.4
access-list 105 deny ip host 10.57.9.110 host 192.168.1.3
access-list 105 deny ip host 10.57.9.110 host 192.168.1.2
access-list 105 deny ip host 10.57.9.110 host 192.168.1.1
access-list 105 deny ip host 10.57.9.110 host 192.168.2.10
access-list 105 deny ip host 10.57.9.110 host 192.168.2.9
access-list 105 deny ip host 10.57.9.110 host 192.168.2.8
access-list 105 deny ip host 10.57.9.110 host 192.168.2.7
access-list 105 deny ip host 10.57.9.110 host 192.168.2.6
access-list 105 deny ip host 10.57.9.110 host 192.168.2.5
access-list 105 deny ip host 10.57.9.110 host 192.168.2.4
access-list 105 deny ip host 10.57.9.110 host 192.168.2.3
access-list 105 deny ip host 10.57.9.110 host 192.168.2.2
access-list 105 deny ip host 10.57.9.110 host 192.168.2.1
access-list 105 permit ip host 10.57.9.110 any
access-list 106 remark SDM_ACL Category=2
access-list 106 deny ip host 10.57.9.250 host 192.168.1.10
access-list 106 deny ip host 10.57.9.250 host 192.168.1.9
access-list 106 deny ip host 10.57.9.250 host 192.168.1.8
access-list 106 deny ip host 10.57.9.250 host 192.168.1.7
access-list 106 deny ip host 10.57.9.250 host 192.168.1.6
access-list 106 deny ip host 10.57.9.250 host 192.168.1.5
access-list 106 deny ip host 10.57.9.250 host 192.168.1.4
access-list 106 deny ip host 10.57.9.250 host 192.168.1.3
access-list 106 deny ip host 10.57.9.250 host 192.168.1.2
access-list 106 deny ip host 10.57.9.250 host 192.168.1.1
access-list 106 deny ip host 10.57.9.250 host 192.168.2.10
access-list 106 deny ip host 10.57.9.250 host 192.168.2.9
access-list 106 deny ip host 10.57.9.250 host 192.168.2.8
access-list 106 deny ip host 10.57.9.250 host 192.168.2.7
access-list 106 deny ip host 10.57.9.250 host 192.168.2.6
access-list 106 deny ip host 10.57.9.250 host 192.168.2.5
access-list 106 deny ip host 10.57.9.250 host 192.168.2.4
access-list 106 deny ip host 10.57.9.250 host 192.168.2.3
access-list 106 deny ip host 10.57.9.250 host 192.168.2.2
access-list 106 deny ip host 10.57.9.250 host 192.168.2.1
access-list 106 permit ip host 10.57.9.250 any
access-list 108 permit ip 10.57.0.0 0.0.255.255 192.168.1.0 0.0.0.255
access-list 109 permit ip host 10.57.4.51 192.168.2.0 0.0.0.255
access-list 111 deny tcp host 10.57.9.250 eq smtp any
access-list 111 deny tcp host 10.57.9.250 eq www any
access-list 111 deny ip host 10.57.9.110 any
access-list 111 deny ip host 10.57.4.51 192.168.2.0 0.0.0.255
access-list 111 deny ip 10.57.9.0 0.0.0.255 172.17.17.0 0.0.0.255
access-list 111 deny ip 10.57.0.0 0.0.255.255 192.168.1.0 0.0.0.255
access-list 111 deny ip host 10.57.4.51 host xx.xx.x.xx
access-list 111 deny ip host 10.57.4.51 host xx.xx.x.xx
access-list 111 deny ip host 10.57.4.51 host xx.xx.x.xx
access-list 111 permit ip 10.57.0.0 0.0.15.255 any
access-list 111 permit ip 10.57.16.0 0.0.0.255 any
access-list 120 permit ip 10.57.9.0 0.0.0.255 xx.xx.xxx.0 0.0.0.255
access-list 121 permit ip 10.57.9.0 0.0.0.255 xx.xx.xxx.0 0.0.0.255
access-list 131 remark SDM_ACL Category=17
access-list 131 remark IPSec Rule
access-list 131 permit ip xx.xx.xxx.0 0.0.0.255 xx.xxx.xx.0 0.0.15.255
access-list 131 permit udp any host 10.57.4.1 eq non500-isakmp
access-list 131 permit udp any host 10.57.4.1 eq isakmp
access-list 131 permit esp any host 10.57.4.1
access-list 131 permit ahp any host 10.57.4.1
access-list 131 permit udp host 10.57.9.250 eq domain any
access-list 131 deny udp any any eq tftp
access-list 131 deny udp any any eq ntp
access-list 131 deny tcp any any eq 135
access-list 131 deny udp any any eq 135
access-list 131 deny tcp any any eq 137
access-list 131 deny udp any any eq netbios-ns
access-list 131 deny udp any any eq netbios-dgm
access-list 131 deny tcp any any eq 138
access-list 131 deny tcp any any eq 139
access-list 131 deny udp any any eq netbios-ss
access-list 131 deny tcp any any eq 445
access-list 131 deny udp any any eq 445
access-list 131 deny tcp any any eq 593
access-list 131 deny udp any any range 995 999
access-list 131 deny tcp any any eq 1034
access-list 131 deny tcp any any eq 1434
access-list 131 deny tcp any any eq 1604
access-list 131 deny udp any any eq 1434
access-list 131 deny udp any any eq 1604
access-list 131 deny tcp any any range 3127 3198
access-list 131 deny udp any any range 3127 3198
access-list 131 deny tcp any any eq 4444
access-list 131 deny tcp any any eq 5554
access-list 131 deny tcp any any eq 9996
access-list 131 permit ip any any
access-list 140 permit ip host 10.57.4.51 host xx.xx.x.xx
access-list 140 permit ip host 10.57.4.51 host xx.xx.x.xx
access-list 140 permit ip host 10.57.4.51 host xx.xx.x.xx
route-map static permit 10
match ip address 121
set interface Loopback1
!
route-map SDM_RMAP_4 permit 1
match ip address 106
!
route-map SDM_RMAP_1 permit 1
match ip address 101
!
route-map SDM_RMAP_2 permit 1
match ip address 104
!
route-map SDM_RMAP_3 permit 1
match ip address 105
!
route-map nonat permit 10
match ip address 111
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password vtpadmin1
transport input all
transport output all
!
no process cpu extended
no process cpu autoprofile hog
end
Can ping the gateway and anything else internal to the network, not sure how to set up syslog, (on the router, right?)
Only thing changed int the NATing was the old Public IP to the new, and it was all working before, same with the forwarders, just added the new ones, took out the old ones, in TCP/IP Properties primary DNS is our own
DNS server IP.
Config below (hope I got everything out)
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
no ip dhcp use vrf connected
!
!
no ip ips deny-action ips-interface
ip ips notify SDEE
no ip domain lookup
ip name-server 10.57.9.250
ip name-server xx.xx.x.xx
ip name-server xx.xx.x.xx
!
!
!
!
username xxxxxx password xxxxxxxxx
!
!
!
crypto isakmp policy 10
encr 3des
authentication pre-share
group 2
!
crypto isakmp policy 11
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key xxxxxxxxxxxxxx address xx.xx.x.xx no-xauth
crypto isakmp key xxxxxxxxxxxxxx address xx.xx.x.xx no-xauth
crypto isakmp key xxxxxxx address 0.0.0.0 0.0.0.0
!
crypto isakmp client configuration group scch
key xxxxxxxxxxx
dns 10.57.9.250
pool ippool
acl 108
!
crypto isakmp client configuration group meditech
key xxxxxxxxxxxx
dns 10.57.9.250
pool newpool
acl 109
!
!
crypto ipsec transform-set myset esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set site esp-3des esp-md5-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
!
crypto dynamic-map dynmap 10
set transform-set myset
!
!
crypto map SDM_CMAP_1 xxxxxx ipsec-isakmp dynamic SDM_DYNMAP_1
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 1 ipsec-isakmp
set peer xx.xx.x.xx
set transform-set site
match address 120
crypto map clientmap 2 ipsec-isakmp
set peer xx.xx.x.xx
set transform-set ESP-3DES-SHA
match address 140
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
!
!
interface Loopback1
ip address 1.1.1.1 255.255.255.252
!
interface FastEthernet0/0
description $ETH-WAN$$FW_OUTSIDE$
ip address dhcp client-id FastEthernet0/0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
crypto map clientmap
!
interface FastEthernet0/1
description $FW_INSIDE$$ETH-LAN$
ip address 10.57.4.1 255.255.240.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1400
ip policy route-map static
speed auto
full-duplex
no cdp enable
no mop enabled
!
ip local pool ippool 192.168.1.1 192.168.1.10
ip local pool newpool 192.168.2.1 192.168.2.10
ip classless
ip route 10.57.16.0 255.255.255.0 10.57.7.20
!
ip http server
ip http access-class 1
no ip http secure-server
ip nat inside source route-map nonat interface FastEthernet0/0 overload
ip nat inside source static tcp 10.57.9.250 25 xx.xx.x.xx 25 route-map SDM_RMAP_4
extendable
ip nat inside source static tcp 10.57.9.250 80 xx.xx.x.xx 80 extendable
ip nat inside source static tcp 10.57.9.110 81 xx.xx.x.xx 81 route-map SDM_RMAP_1
extendable
ip nat inside source static tcp 10.57.9.110 443 xx.xx.x.xx 443 route-map SDM_RMAP_3
extendable
!
ip access-list extended sdm_fastethernet0/0_in
remark SDM_ACL Category=1
remark SMTP
permit tcp any eq smtp host 10.57.9.250 eq smtp
ip access-list extended sdm_fastethernet0/1_out
remark SDM_ACL Category=1
permit icmp any any
!
logging xx.xx.x.xx
access-list 1 permit 10.57.9.3
access-list 1 remark Auto generated by SDM Management Access feature
access-list 1 remark SDM_ACL Category=1
access-list 1 permit xx.xx.x.xx
access-list 1 permit 192.168.1.12
access-list 1 permit xx.xx.x.xx
access-list 56 permit 10.57.9.250
access-list 100 permit tcp any host 10.57.9.110 eq www
access-list 100 permit tcp any host 10.57.9.250 eq smtp
access-list 101 remark SDM_ACL Category=2
access-list 101 deny ip host 10.57.9.110 host 192.168.1.10
access-list 101 deny ip host 10.57.9.110 host 192.168.1.9
access-list 101 deny ip host 10.57.9.110 host 192.168.1.8
access-list 101 deny ip host 10.57.9.110 host 192.168.1.7
access-list 101 deny ip host 10.57.9.110 host 192.168.1.6
access-list 101 deny ip host 10.57.9.110 host 192.168.1.5
access-list 101 deny ip host 10.57.9.110 host 192.168.1.4
access-list 101 deny ip host 10.57.9.110 host 192.168.1.3
access-list 101 deny ip host 10.57.9.110 host 192.168.1.2
access-list 101 deny ip host 10.57.9.110 host 192.168.1.1
access-list 101 deny ip host 10.57.9.110 host 192.168.2.10
access-list 101 deny ip host 10.57.9.110 host 192.168.2.9
access-list 101 deny ip host 10.57.9.110 host 192.168.2.8
access-list 101 deny ip host 10.57.9.110 host 192.168.2.7
access-list 101 deny ip host 10.57.9.110 host 192.168.2.6
access-list 101 deny ip host 10.57.9.110 host 192.168.2.5
access-list 101 deny ip host 10.57.9.110 host 192.168.2.4
access-list 101 deny ip host 10.57.9.110 host 192.168.2.3
access-list 101 deny ip host 10.57.9.110 host 192.168.2.2
access-list 101 deny ip host 10.57.9.110 host 192.168.2.1
access-list 101 permit ip host 10.57.9.110 any
access-list 102 remark Auto generated by SDM Management Access feature
access-list 102 remark SDM_ACL Category=1
access-list 102 remark smtp
access-list 102 permit tcp any host 10.57.9.3 eq smtp
access-list 102 permit udp host 6xx.xx.x.xx eq domain any
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any time-exceeded
access-list 102 permit icmp any any unreachable
access-list 102 permit ip host xx.xx.x.xx any
access-list 102 permit ip host 10.57.9.3 any
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip 10.57.0.0 0.0.15.255 any
access-list 102 deny ip any any log
access-list 103 remark SDM_ACL Category=4
access-list 103 remark IPSec Rule
access-list 103 permit ip xx.xxx.xx.0 0.0.15.255 xx.xx.255.0 0.0.0.255
access-list 104 remark SDM_ACL Category=2
access-list 104 deny ip host 10.57.9.250 host 192.168.1.10
access-list 104 deny ip host 10.57.9.250 host 192.168.1.9
access-list 104 deny ip host 10.57.9.250 host 192.168.1.8
access-list 104 deny ip host 10.57.9.250 host 192.168.1.7
access-list 104 deny ip host 10.57.9.250 host 192.168.1.6
access-list 104 deny ip host 10.57.9.250 host 192.168.1.5
access-list 104 deny ip host 10.57.9.250 host 192.168.1.4
access-list 104 deny ip host 10.57.9.250 host 192.168.1.3
access-list 104 deny ip host 10.57.9.250 host 192.168.1.2
access-list 104 deny ip host 10.57.9.250 host 192.168.1.1
access-list 104 deny ip host 10.57.9.250 host 192.168.2.10
access-list 104 deny ip host 10.57.9.250 host 192.168.2.9
access-list 104 deny ip host 10.57.9.250 host 192.168.2.8
access-list 104 deny ip host 10.57.9.250 host 192.168.2.7
access-list 104 deny ip host 10.57.9.250 host 192.168.2.6
access-list 104 deny ip host 10.57.9.250 host 192.168.2.5
access-list 104 deny ip host 10.57.9.250 host 192.168.2.4
access-list 104 deny ip host 10.57.9.250 host 192.168.2.3
access-list 104 deny ip host 10.57.9.250 host 192.168.2.2
access-list 104 deny ip host 10.57.9.250 host 192.168.2.1
access-list 104 permit ip host 10.57.9.250 any
access-list 105 remark SDM_ACL Category=2
access-list 105 deny ip host 10.57.9.110 host 192.168.1.10
access-list 105 deny ip host 10.57.9.110 host 192.168.1.9
access-list 105 deny ip host 10.57.9.110 host 192.168.1.8
access-list 105 deny ip host 10.57.9.110 host 192.168.1.7
access-list 105 deny ip host 10.57.9.110 host 192.168.1.6
access-list 105 deny ip host 10.57.9.110 host 192.168.1.5
access-list 105 deny ip host 10.57.9.110 host 192.168.1.4
access-list 105 deny ip host 10.57.9.110 host 192.168.1.3
access-list 105 deny ip host 10.57.9.110 host 192.168.1.2
access-list 105 deny ip host 10.57.9.110 host 192.168.1.1
access-list 105 deny ip host 10.57.9.110 host 192.168.2.10
access-list 105 deny ip host 10.57.9.110 host 192.168.2.9
access-list 105 deny ip host 10.57.9.110 host 192.168.2.8
access-list 105 deny ip host 10.57.9.110 host 192.168.2.7
access-list 105 deny ip host 10.57.9.110 host 192.168.2.6
access-list 105 deny ip host 10.57.9.110 host 192.168.2.5
access-list 105 deny ip host 10.57.9.110 host 192.168.2.4
access-list 105 deny ip host 10.57.9.110 host 192.168.2.3
access-list 105 deny ip host 10.57.9.110 host 192.168.2.2
access-list 105 deny ip host 10.57.9.110 host 192.168.2.1
access-list 105 permit ip host 10.57.9.110 any
access-list 106 remark SDM_ACL Category=2
access-list 106 deny ip host 10.57.9.250 host 192.168.1.10
access-list 106 deny ip host 10.57.9.250 host 192.168.1.9
access-list 106 deny ip host 10.57.9.250 host 192.168.1.8
access-list 106 deny ip host 10.57.9.250 host 192.168.1.7
access-list 106 deny ip host 10.57.9.250 host 192.168.1.6
access-list 106 deny ip host 10.57.9.250 host 192.168.1.5
access-list 106 deny ip host 10.57.9.250 host 192.168.1.4
access-list 106 deny ip host 10.57.9.250 host 192.168.1.3
access-list 106 deny ip host 10.57.9.250 host 192.168.1.2
access-list 106 deny ip host 10.57.9.250 host 192.168.1.1
access-list 106 deny ip host 10.57.9.250 host 192.168.2.10
access-list 106 deny ip host 10.57.9.250 host 192.168.2.9
access-list 106 deny ip host 10.57.9.250 host 192.168.2.8
access-list 106 deny ip host 10.57.9.250 host 192.168.2.7
access-list 106 deny ip host 10.57.9.250 host 192.168.2.6
access-list 106 deny ip host 10.57.9.250 host 192.168.2.5
access-list 106 deny ip host 10.57.9.250 host 192.168.2.4
access-list 106 deny ip host 10.57.9.250 host 192.168.2.3
access-list 106 deny ip host 10.57.9.250 host 192.168.2.2
access-list 106 deny ip host 10.57.9.250 host 192.168.2.1
access-list 106 permit ip host 10.57.9.250 any
access-list 108 permit ip 10.57.0.0 0.0.255.255 192.168.1.0 0.0.0.255
access-list 109 permit ip host 10.57.4.51 192.168.2.0 0.0.0.255
access-list 111 deny tcp host 10.57.9.250 eq smtp any
access-list 111 deny tcp host 10.57.9.250 eq www any
access-list 111 deny ip host 10.57.9.110 any
access-list 111 deny ip host 10.57.4.51 192.168.2.0 0.0.0.255
access-list 111 deny ip 10.57.9.0 0.0.0.255 172.17.17.0 0.0.0.255
access-list 111 deny ip 10.57.0.0 0.0.255.255 192.168.1.0 0.0.0.255
access-list 111 deny ip host 10.57.4.51 host xx.xx.x.xx
access-list 111 deny ip host 10.57.4.51 host xx.xx.x.xx
access-list 111 deny ip host 10.57.4.51 host xx.xx.x.xx
access-list 111 permit ip 10.57.0.0 0.0.15.255 any
access-list 111 permit ip 10.57.16.0 0.0.0.255 any
access-list 120 permit ip 10.57.9.0 0.0.0.255 xx.xx.xxx.0 0.0.0.255
access-list 121 permit ip 10.57.9.0 0.0.0.255 xx.xx.xxx.0 0.0.0.255
access-list 131 remark SDM_ACL Category=17
access-list 131 remark IPSec Rule
access-list 131 permit ip xx.xx.xxx.0 0.0.0.255 xx.xxx.xx.0 0.0.15.255
access-list 131 permit udp any host 10.57.4.1 eq non500-isakmp
access-list 131 permit udp any host 10.57.4.1 eq isakmp
access-list 131 permit esp any host 10.57.4.1
access-list 131 permit ahp any host 10.57.4.1
access-list 131 permit udp host 10.57.9.250 eq domain any
access-list 131 deny udp any any eq tftp
access-list 131 deny udp any any eq ntp
access-list 131 deny tcp any any eq 135
access-list 131 deny udp any any eq 135
access-list 131 deny tcp any any eq 137
access-list 131 deny udp any any eq netbios-ns
access-list 131 deny udp any any eq netbios-dgm
access-list 131 deny tcp any any eq 138
access-list 131 deny tcp any any eq 139
access-list 131 deny udp any any eq netbios-ss
access-list 131 deny tcp any any eq 445
access-list 131 deny udp any any eq 445
access-list 131 deny tcp any any eq 593
access-list 131 deny udp any any range 995 999
access-list 131 deny tcp any any eq 1034
access-list 131 deny tcp any any eq 1434
access-list 131 deny tcp any any eq 1604
access-list 131 deny udp any any eq 1434
access-list 131 deny udp any any eq 1604
access-list 131 deny tcp any any range 3127 3198
access-list 131 deny udp any any range 3127 3198
access-list 131 deny tcp any any eq 4444
access-list 131 deny tcp any any eq 5554
access-list 131 deny tcp any any eq 9996
access-list 131 permit ip any any
access-list 140 permit ip host 10.57.4.51 host xx.xx.x.xx
access-list 140 permit ip host 10.57.4.51 host xx.xx.x.xx
access-list 140 permit ip host 10.57.4.51 host xx.xx.x.xx
route-map static permit 10
match ip address 121
set interface Loopback1
!
route-map SDM_RMAP_4 permit 1
match ip address 106
!
route-map SDM_RMAP_1 permit 1
match ip address 101
!
route-map SDM_RMAP_2 permit 1
match ip address 104
!
route-map SDM_RMAP_3 permit 1
match ip address 105
!
route-map nonat permit 10
match ip address 111
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password vtpadmin1
transport input all
transport output all
!
no process cpu extended
no process cpu autoprofile hog
end
I am not going to read that much
ASKER
Ummm.... OK, I'm not really sure why someone would post to say they're not going to read a post, but OK :)
Seriously though, I actually posted the config because two other members who were trying to to help asked to see it.
Later.
Seriously though, I actually posted the config because two other members who were trying to to help asked to see it.
Later.
ASKER
Points to livedrive777, you got it exactly right.
Thanks a Lot !
(and to everyone else also)
Thanks a Lot !
(and to everyone else also)
on the server do a ipconfig /flushdns
If the workstations are set to use the domain controller for DNS, and they can see the internet fine, but the server doesn't, I think that means the server itself is doing a lookup on the old DNS server addresses, and the flush should fix that