?
Solved

Cisco 1841, can't access web sites

Posted on 2007-04-02
2
Medium Priority
?
456 Views
Last Modified: 2010-04-17
Hi guys,

we have a Cisco 1841-T1. Everything seems to work fine at this time but we can't access our websites. What can be the problem? Here is my current configuration:

Building configuration...                        

Current configuration : 388                          
!
version 12.4            
no service pad              
service tcp-keepalives-in                        
service tcp-keepalives-out                          
service timestamps debug datetime msec localtime show-timezone                                                              
service timestamps log datetime msec localtime show-timezone                                                            
service password-encryption                          
service sequence-numbers                        
!
hostname <Our Hostname>              
!
boot-start-marker                
boot-end-marker              
!
security authentication failure rate 3 log                                          
security passwords min-length 6                              
logging buffered 51200 debugging                                
logging console critical                        
enable secret 5 <xxxxxxxxxxxxxxxxxxxxxxxxxxx>                                            
!
no aaa new-model                
!
resource policy              
!
clock timezone PCTime -8                        
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00                                                              
mmi polling-interval 60                      
no mmi auto-configure                    
no mmi pvc          
mmi snmp-timeout 180                    
ip subnet-zero              
no ip source-route                  
ip cef      
!
!
ip tcp synwait-time 10                      
no ip dhcp use vrf connected                            
!
!
no ip bootp server                  
ip name-server <Our Primary DNS>                          
ip name-server <Our Secondary DNS>                          
!
username admin privilege 15 secret 5 <xxxxxxxxxxxxxxxxxxxxxxxxxxx>                                                                  
!
!
!
interface FastEthernet0/0                        
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$F                                                              
 ip address 192.168.1.1 255.255.255.0                                    
 no ip redirects                
 no ip unreachables                  
 no ip proxy-arp                
 ip nat inside              
 ip route-cache flow                    
 duplex auto            
 speed auto          
 no mop enabled              
!
interface FastEthernet0/1                        
 description $ES_WAN$$FW_OUTSIDE$                                
 ip address <Our Outside IP> 255.255.255.248                                        
 ip access-group 100 in                      
 no ip redirects                
 no ip unreachables                  
 no ip proxy-arp                
 ip nat outside              
 ip route-cache flow                    
 duplex auto            
 speed auto          
 no mop enabled              
!
interface Serial0/0/0                    
 no ip address              
 no ip redirects                
 no ip unreachables                  
 no ip proxy-arp                
 ip route-cache flow                    
 shutdown        
!
ip classless            
ip route 0.0.0.0 0.0.0.0 <Our Default Gateway IP Address>                                    
!
ip http server              
ip http port 8080                
ip http authentication local                            
ip http timeout-policy idle 60 life 86400 requests 10000                                                        
ip nat inside source list 1 interface FastEthernet0/1 overload                                                              
ip nat inside source static tcp 192.168.1.2 80 interface FastEthernet0/1 80                                                                          
ip nat inside source static tcp 192.168.1.2 25 interface FastEthernet0/1 25                                                                          
!
logging trap debugging                      
access-list 1 remark INSIDE_IF=FastEthernet0/0                                              
access-list 1 remark SDM_ACL                          
access-list 1 permit 192.168.1.0 0.0.0.255                                          
access-list 100 permit tcp any any established                                              
access-list 100 permit udp any eq domain any                                            
access-list 100 permit icmp any any                                  
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq smtp                                                            
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq pop3                                                            
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq 143                                                          
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq 993                                                          
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq 465                                                          
access-list 100 permit tcp any host <Our Outside IP> eq telnet                                          
access-list 100 permit tcp any host 192.168.1.2 eq ftp                                                      
access-list 100 permit tcp any host 192.168.1.2 eq ftp-data                                                          
access-list 100 permit tcp any host 192.168.1.2 eq smtp                                                      
access-list 100 permit tcp any host 192.168.1.2 eq 47                                                    
access-list 100 permit tcp any host 192.168.1.2 eq www                                                      
access-list 100 permit tcp any host 192.168.1.2 eq pop3                                                      
access-list 100 permit tcp any host 192.168.1.2 eq 1723                                                      
access-list 100 permit tcp any host 192.168.1.2 range 442 445                                                            
access-list 100 permit tcp any host 192.168.1.2 eq 443                                                      
access-list 100 permit tcp any host 192.168.1.2 eq 2120                                                      
access-list 100 permit tcp any host 192.168.1.2 eq 3389                                                      
access-list 100 permit tcp any host 192.168.1.2 eq 4125                                                      
access-list 100 permit tcp any host 192.168.1.3 eq ftp                                                      
access-list 100 permit tcp any host 192.168.1.3 eq ftp-data                                                          
access-list 100 deny ip any 192.168.1.0 0.0.0.255 log                                                      
no cdp run          
!
control-plane            
!
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 privilege level 15
 login local
 transport input telnet
!
scheduler allocate 4000 1000
end


0
Comment
Question by:Yury Merezhkov
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 7

Author Comment

by:Yury Merezhkov
ID: 18836456
Btw, 192.168.1.2 is our main server that hosts the websites.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 2000 total points
ID: 18836731
You are trying to access your own web sites by using the same public URL http://www.mywebsite.com ?
If this IP address resolves to the same public IP address, then you cannot access them and this is a design 'feature' of Cisco IOS.
You need to have an internal DNS for internal clients that resolves the same URL to the private 192.168.1.2 IP address for internal clients.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month14 days, 3 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question