Solved

Cisco 1841, can't access web sites

Posted on 2007-04-02
2
447 Views
Last Modified: 2010-04-17
Hi guys,

we have a Cisco 1841-T1. Everything seems to work fine at this time but we can't access our websites. What can be the problem? Here is my current configuration:

Building configuration...                        

Current configuration : 388                          
!
version 12.4            
no service pad              
service tcp-keepalives-in                        
service tcp-keepalives-out                          
service timestamps debug datetime msec localtime show-timezone                                                              
service timestamps log datetime msec localtime show-timezone                                                            
service password-encryption                          
service sequence-numbers                        
!
hostname <Our Hostname>              
!
boot-start-marker                
boot-end-marker              
!
security authentication failure rate 3 log                                          
security passwords min-length 6                              
logging buffered 51200 debugging                                
logging console critical                        
enable secret 5 <xxxxxxxxxxxxxxxxxxxxxxxxxxx>                                            
!
no aaa new-model                
!
resource policy              
!
clock timezone PCTime -8                        
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00                                                              
mmi polling-interval 60                      
no mmi auto-configure                    
no mmi pvc          
mmi snmp-timeout 180                    
ip subnet-zero              
no ip source-route                  
ip cef      
!
!
ip tcp synwait-time 10                      
no ip dhcp use vrf connected                            
!
!
no ip bootp server                  
ip name-server <Our Primary DNS>                          
ip name-server <Our Secondary DNS>                          
!
username admin privilege 15 secret 5 <xxxxxxxxxxxxxxxxxxxxxxxxxxx>                                                                  
!
!
!
interface FastEthernet0/0                        
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$F                                                              
 ip address 192.168.1.1 255.255.255.0                                    
 no ip redirects                
 no ip unreachables                  
 no ip proxy-arp                
 ip nat inside              
 ip route-cache flow                    
 duplex auto            
 speed auto          
 no mop enabled              
!
interface FastEthernet0/1                        
 description $ES_WAN$$FW_OUTSIDE$                                
 ip address <Our Outside IP> 255.255.255.248                                        
 ip access-group 100 in                      
 no ip redirects                
 no ip unreachables                  
 no ip proxy-arp                
 ip nat outside              
 ip route-cache flow                    
 duplex auto            
 speed auto          
 no mop enabled              
!
interface Serial0/0/0                    
 no ip address              
 no ip redirects                
 no ip unreachables                  
 no ip proxy-arp                
 ip route-cache flow                    
 shutdown        
!
ip classless            
ip route 0.0.0.0 0.0.0.0 <Our Default Gateway IP Address>                                    
!
ip http server              
ip http port 8080                
ip http authentication local                            
ip http timeout-policy idle 60 life 86400 requests 10000                                                        
ip nat inside source list 1 interface FastEthernet0/1 overload                                                              
ip nat inside source static tcp 192.168.1.2 80 interface FastEthernet0/1 80                                                                          
ip nat inside source static tcp 192.168.1.2 25 interface FastEthernet0/1 25                                                                          
!
logging trap debugging                      
access-list 1 remark INSIDE_IF=FastEthernet0/0                                              
access-list 1 remark SDM_ACL                          
access-list 1 permit 192.168.1.0 0.0.0.255                                          
access-list 100 permit tcp any any established                                              
access-list 100 permit udp any eq domain any                                            
access-list 100 permit icmp any any                                  
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq smtp                                                            
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq pop3                                                            
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq 143                                                          
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq 993                                                          
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq 465                                                          
access-list 100 permit tcp any host <Our Outside IP> eq telnet                                          
access-list 100 permit tcp any host 192.168.1.2 eq ftp                                                      
access-list 100 permit tcp any host 192.168.1.2 eq ftp-data                                                          
access-list 100 permit tcp any host 192.168.1.2 eq smtp                                                      
access-list 100 permit tcp any host 192.168.1.2 eq 47                                                    
access-list 100 permit tcp any host 192.168.1.2 eq www                                                      
access-list 100 permit tcp any host 192.168.1.2 eq pop3                                                      
access-list 100 permit tcp any host 192.168.1.2 eq 1723                                                      
access-list 100 permit tcp any host 192.168.1.2 range 442 445                                                            
access-list 100 permit tcp any host 192.168.1.2 eq 443                                                      
access-list 100 permit tcp any host 192.168.1.2 eq 2120                                                      
access-list 100 permit tcp any host 192.168.1.2 eq 3389                                                      
access-list 100 permit tcp any host 192.168.1.2 eq 4125                                                      
access-list 100 permit tcp any host 192.168.1.3 eq ftp                                                      
access-list 100 permit tcp any host 192.168.1.3 eq ftp-data                                                          
access-list 100 deny ip any 192.168.1.0 0.0.0.255 log                                                      
no cdp run          
!
control-plane            
!
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 privilege level 15
 login local
 transport input telnet
!
scheduler allocate 4000 1000
end


0
Comment
Question by:RealSnaD
2 Comments
 
LVL 7

Author Comment

by:RealSnaD
Comment Utility
Btw, 192.168.1.2 is our main server that hosts the websites.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
Comment Utility
You are trying to access your own web sites by using the same public URL http://www.mywebsite.com ?
If this IP address resolves to the same public IP address, then you cannot access them and this is a design 'feature' of Cisco IOS.
You need to have an internal DNS for internal clients that resolves the same URL to the private 192.168.1.2 IP address for internal clients.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now