Cisco 1841, can't access web sites

Hi guys,

we have a Cisco 1841-T1. Everything seems to work fine at this time but we can't access our websites. What can be the problem? Here is my current configuration:

Building configuration...                        

Current configuration : 388                          
!
version 12.4            
no service pad              
service tcp-keepalives-in                        
service tcp-keepalives-out                          
service timestamps debug datetime msec localtime show-timezone                                                              
service timestamps log datetime msec localtime show-timezone                                                            
service password-encryption                          
service sequence-numbers                        
!
hostname <Our Hostname>              
!
boot-start-marker                
boot-end-marker              
!
security authentication failure rate 3 log                                          
security passwords min-length 6                              
logging buffered 51200 debugging                                
logging console critical                        
enable secret 5 <xxxxxxxxxxxxxxxxxxxxxxxxxxx>                                            
!
no aaa new-model                
!
resource policy              
!
clock timezone PCTime -8                        
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00                                                              
mmi polling-interval 60                      
no mmi auto-configure                    
no mmi pvc          
mmi snmp-timeout 180                    
ip subnet-zero              
no ip source-route                  
ip cef      
!
!
ip tcp synwait-time 10                      
no ip dhcp use vrf connected                            
!
!
no ip bootp server                  
ip name-server <Our Primary DNS>                          
ip name-server <Our Secondary DNS>                          
!
username admin privilege 15 secret 5 <xxxxxxxxxxxxxxxxxxxxxxxxxxx>                                                                  
!
!
!
interface FastEthernet0/0                        
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$F                                                              
 ip address 192.168.1.1 255.255.255.0                                    
 no ip redirects                
 no ip unreachables                  
 no ip proxy-arp                
 ip nat inside              
 ip route-cache flow                    
 duplex auto            
 speed auto          
 no mop enabled              
!
interface FastEthernet0/1                        
 description $ES_WAN$$FW_OUTSIDE$                                
 ip address <Our Outside IP> 255.255.255.248                                        
 ip access-group 100 in                      
 no ip redirects                
 no ip unreachables                  
 no ip proxy-arp                
 ip nat outside              
 ip route-cache flow                    
 duplex auto            
 speed auto          
 no mop enabled              
!
interface Serial0/0/0                    
 no ip address              
 no ip redirects                
 no ip unreachables                  
 no ip proxy-arp                
 ip route-cache flow                    
 shutdown        
!
ip classless            
ip route 0.0.0.0 0.0.0.0 <Our Default Gateway IP Address>                                    
!
ip http server              
ip http port 8080                
ip http authentication local                            
ip http timeout-policy idle 60 life 86400 requests 10000                                                        
ip nat inside source list 1 interface FastEthernet0/1 overload                                                              
ip nat inside source static tcp 192.168.1.2 80 interface FastEthernet0/1 80                                                                          
ip nat inside source static tcp 192.168.1.2 25 interface FastEthernet0/1 25                                                                          
!
logging trap debugging                      
access-list 1 remark INSIDE_IF=FastEthernet0/0                                              
access-list 1 remark SDM_ACL                          
access-list 1 permit 192.168.1.0 0.0.0.255                                          
access-list 100 permit tcp any any established                                              
access-list 100 permit udp any eq domain any                                            
access-list 100 permit icmp any any                                  
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq smtp                                                            
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq pop3                                                            
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq 143                                                          
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq 993                                                          
access-list 100 permit tcp any 192.168.1.0 0.0.0.255 eq 465                                                          
access-list 100 permit tcp any host <Our Outside IP> eq telnet                                          
access-list 100 permit tcp any host 192.168.1.2 eq ftp                                                      
access-list 100 permit tcp any host 192.168.1.2 eq ftp-data                                                          
access-list 100 permit tcp any host 192.168.1.2 eq smtp                                                      
access-list 100 permit tcp any host 192.168.1.2 eq 47                                                    
access-list 100 permit tcp any host 192.168.1.2 eq www                                                      
access-list 100 permit tcp any host 192.168.1.2 eq pop3                                                      
access-list 100 permit tcp any host 192.168.1.2 eq 1723                                                      
access-list 100 permit tcp any host 192.168.1.2 range 442 445                                                            
access-list 100 permit tcp any host 192.168.1.2 eq 443                                                      
access-list 100 permit tcp any host 192.168.1.2 eq 2120                                                      
access-list 100 permit tcp any host 192.168.1.2 eq 3389                                                      
access-list 100 permit tcp any host 192.168.1.2 eq 4125                                                      
access-list 100 permit tcp any host 192.168.1.3 eq ftp                                                      
access-list 100 permit tcp any host 192.168.1.3 eq ftp-data                                                          
access-list 100 deny ip any 192.168.1.0 0.0.0.255 log                                                      
no cdp run          
!
control-plane            
!
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 privilege level 15
 login local
 transport input telnet
!
scheduler allocate 4000 1000
end


LVL 7
Yury MerezhkovDevelopment Team LeadAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Yury MerezhkovDevelopment Team LeadAuthor Commented:
Btw, 192.168.1.2 is our main server that hosts the websites.
0
lrmooreCommented:
You are trying to access your own web sites by using the same public URL http://www.mywebsite.com ?
If this IP address resolves to the same public IP address, then you cannot access them and this is a design 'feature' of Cisco IOS.
You need to have an internal DNS for internal clients that resolves the same URL to the private 192.168.1.2 IP address for internal clients.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.