Yury Merezhkov
asked on
Cisco 1841, can't access web sites
Hi guys,
we have a Cisco 1841-T1. Everything seems to work fine at this time but we can't access our websites. What can be the problem? Here is my current configuration:
Building configuration...
Current configuration : 388
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname <Our Hostname>
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 <xxxxxxxxxxxxxxxxxxxxxxxxx xx>
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -8
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
!
!
no ip bootp server
ip name-server <Our Primary DNS>
ip name-server <Our Secondary DNS>
!
username admin privilege 15 secret 5 <xxxxxxxxxxxxxxxxxxxxxxxxx xx>
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$I NTF-INFO-F E 0$$ES_LAN$$F
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $ES_WAN$$FW_OUTSIDE$
ip address <Our Outside IP> 255.255.255.248
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface Serial0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 <Our Default Gateway IP Address>
!
ip http server
ip http port 8080
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet0/1 overload
ip nat inside source static tcp 192.168.1.2 80 interface FastEthernet0/1 80
ip nat inside source static tcp 192.168.1.2 25 interface FastEthernet0/1 25
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit tcp any any established
access-list 100 permit udp any eq domain any
access-list 100 permit icmp any any
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq smtp
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq pop3
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq 143
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq 993
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq 465
access-list 100 permit tcp any host <Our Outside IP> eq telnet
access-list 100 permit tcp any host 192.168.1.2 eq ftp
access-list 100 permit tcp any host 192.168.1.2 eq ftp-data
access-list 100 permit tcp any host 192.168.1.2 eq smtp
access-list 100 permit tcp any host 192.168.1.2 eq 47
access-list 100 permit tcp any host 192.168.1.2 eq www
access-list 100 permit tcp any host 192.168.1.2 eq pop3
access-list 100 permit tcp any host 192.168.1.2 eq 1723
access-list 100 permit tcp any host 192.168.1.2 range 442 445
access-list 100 permit tcp any host 192.168.1.2 eq 443
access-list 100 permit tcp any host 192.168.1.2 eq 2120
access-list 100 permit tcp any host 192.168.1.2 eq 3389
access-list 100 permit tcp any host 192.168.1.2 eq 4125
access-list 100 permit tcp any host 192.168.1.3 eq ftp
access-list 100 permit tcp any host 192.168.1.3 eq ftp-data
access-list 100 deny ip any 192.168.1.0 0.0.0.255 log
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 4000 1000
end
we have a Cisco 1841-T1. Everything seems to work fine at this time but we can't access our websites. What can be the problem? Here is my current configuration:
Building configuration...
Current configuration : 388
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname <Our Hostname>
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 <xxxxxxxxxxxxxxxxxxxxxxxxx
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -8
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip dhcp use vrf connected
!
!
no ip bootp server
ip name-server <Our Primary DNS>
ip name-server <Our Secondary DNS>
!
username admin privilege 15 secret 5 <xxxxxxxxxxxxxxxxxxxxxxxxx
!
!
!
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$I
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $ES_WAN$$FW_OUTSIDE$
ip address <Our Outside IP> 255.255.255.248
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface Serial0/0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 <Our Default Gateway IP Address>
!
ip http server
ip http port 8080
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet0/1 overload
ip nat inside source static tcp 192.168.1.2 80 interface FastEthernet0/1 80
ip nat inside source static tcp 192.168.1.2 25 interface FastEthernet0/1 25
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit tcp any any established
access-list 100 permit udp any eq domain any
access-list 100 permit icmp any any
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq smtp
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq pop3
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq 143
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq 993
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq 465
access-list 100 permit tcp any host <Our Outside IP> eq telnet
access-list 100 permit tcp any host 192.168.1.2 eq ftp
access-list 100 permit tcp any host 192.168.1.2 eq ftp-data
access-list 100 permit tcp any host 192.168.1.2 eq smtp
access-list 100 permit tcp any host 192.168.1.2 eq 47
access-list 100 permit tcp any host 192.168.1.2 eq www
access-list 100 permit tcp any host 192.168.1.2 eq pop3
access-list 100 permit tcp any host 192.168.1.2 eq 1723
access-list 100 permit tcp any host 192.168.1.2 range 442 445
access-list 100 permit tcp any host 192.168.1.2 eq 443
access-list 100 permit tcp any host 192.168.1.2 eq 2120
access-list 100 permit tcp any host 192.168.1.2 eq 3389
access-list 100 permit tcp any host 192.168.1.2 eq 4125
access-list 100 permit tcp any host 192.168.1.3 eq ftp
access-list 100 permit tcp any host 192.168.1.3 eq ftp-data
access-list 100 deny ip any 192.168.1.0 0.0.0.255 log
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet
line vty 5 15
privilege level 15
login local
transport input telnet
!
scheduler allocate 4000 1000
end
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER