Solved

Cisco 1841, can't access web sites

Posted on 2007-04-02
2
450 Views
Last Modified: 2010-04-17
Hi guys,

we have a Cisco 1841-T1. Everything seems to work fine at this time but we can't access our websites. What can be the problem? Here is my current configuration:

Building configuration...                        

Current configuration : 388                          
!
version 12.4            
no service pad              
service tcp-keepalives-in                        
service tcp-keepalives-out                          
service timestamps debug datetime msec localtime show-timezone                                                              
service timestamps log datetime msec localtime show-timezone                                                            
service password-encryption                          
service sequence-numbers                        
!
hostname <Our Hostname>              
!
boot-start-marker                
boot-end-marker              
!
security authentication failure rate 3 log                                          
security passwords min-length 6                              
logging buffered 51200 debugging                                
logging console critical                        
enable secret 5 <xxxxxxxxxxxxxxxxxxxxxxxxxxx>                                            
!
no aaa new-model                
!
resource policy              
!
clock timezone PCTime -8                        
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00                                                              
mmi polling-interval 60                      
no mmi auto-configure                    
no mmi pvc          
mmi snmp-timeout 180                    
ip subnet-zero              
no ip source-route                  
ip cef      
!
!
ip tcp synwait-time 10                      
no ip dhcp use vrf connected                            
!
!
no ip bootp server                  
ip name-server <Our Primary DNS>                          
ip name-server <Our Secondary DNS>                          
!
username admin privilege 15 secret 5 <xxxxxxxxxxxxxxxxxxxxxxxxxxx>                                                                  
!
!
!
interface FastEthernet0/0                        
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$F                                                              
 ip address 192.168.1.1 255.255.255.0                                    
 no ip redirects                
 no ip unreachables                  
 no ip proxy-arp                
 ip nat inside              
 ip route-cache flow                    
 duplex auto            
 speed auto          
 no mop enabled              
!
interface FastEthernet0/1                        
 description $ES_WAN$$FW_OUTSIDE$                                
 ip address <Our Outside IP> 255.255.255.248                                        
 ip access-group 100 in                      
 no ip redirects                
 no ip unreachables                  
 no ip proxy-arp                
 ip nat outside              
 ip route-cache flow                    
 duplex auto            
 speed auto          
 no mop enabled              
!
interface Serial0/0/0                    
 no ip address              
 no ip redirects                
 no ip unreachables                  
 no ip proxy-arp                
 ip route-cache flow                    
 shutdown        
!
ip classless            
ip route 0.0.0.0 0.0.0.0 <Our Default Gateway IP Address>                                    
!
ip http server              
ip http port 8080                
ip http authentication local                            
ip http timeout-policy idle 60 life 86400 requests 10000                                                        
ip nat inside source list 1 interface FastEthernet0/1 overload                                                              
ip nat inside source static tcp 192.168.1.2 80 interface FastEthernet0/1 80                                                                          
ip nat inside source static tcp 192.168.1.2 25 interface FastEthernet0/1 25                                                                          
!
logging trap debugging                      
access-list 1 remark INSIDE_IF=FastEthernet0/0                                              
access-list 1 remark SDM_ACL                          
access-list 1 permit 192.168.1.0 0.0.0.255                                          
access-list 100 permit tcp any any established                                              
access-list 100 permit udp any eq domain any                                            
access-list 100 permit icmp any any                                  
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq smtp                                                            
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq pop3                                                            
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq 143                                                          
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq 993                                                          
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq 465                                                          
access-list 100 permit tcp any host <Our Outside IP> eq telnet                                          
access-list 100 permit tcp any host 192.168.1.2 eq ftp                                                      
access-list 100 permit tcp any host 192.168.1.2 eq ftp-data                                                          
access-list 100 permit tcp any host 192.168.1.2 eq smtp                                                      
access-list 100 permit tcp any host 192.168.1.2 eq 47                                                    
access-list 100 permit tcp any host 192.168.1.2 eq www                                                      
access-list 100 permit tcp any host 192.168.1.2 eq pop3                                                      
access-list 100 permit tcp any host 192.168.1.2 eq 1723                                                      
access-list 100 permit tcp any host 192.168.1.2 range 442 445                                                            
access-list 100 permit tcp any host 192.168.1.2 eq 443                                                      
access-list 100 permit tcp any host 192.168.1.2 eq 2120                                                      
access-list 100 permit tcp any host 192.168.1.2 eq 3389                                                      
access-list 100 permit tcp any host 192.168.1.2 eq 4125                                                      
access-list 100 permit tcp any host 192.168.1.3 eq ftp                                                      
access-list 100 permit tcp any host 192.168.1.3 eq ftp-data                                                          
access-list 100 deny ip any 192.168.1.0 0.0.0.255 log                                                      
no cdp run          
!
control-plane            
!
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 privilege level 15
 login local
 transport input telnet
!
scheduler allocate 4000 1000
end


0
Comment
Question by:RealSnaD
2 Comments
 
LVL 7

Author Comment

by:RealSnaD
ID: 18836456
Btw, 192.168.1.2 is our main server that hosts the websites.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 500 total points
ID: 18836731
You are trying to access your own web sites by using the same public URL http://www.mywebsite.com ?
If this IP address resolves to the same public IP address, then you cannot access them and this is a design 'feature' of Cisco IOS.
You need to have an internal DNS for internal clients that resolves the same URL to the private 192.168.1.2 IP address for internal clients.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question