• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 294
  • Last Modified:

No HTTP access

I'm new to ciscos and I managed to ban HTTP access on my 1841 possibly using an ACL, whats the best fault finding methos for me to use to try and recify this. Do I need to attach the config
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$
 ip address 192.168.1.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
interface ATM0/0/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 no atm ilmi-keepalive
 dsl operating-mode auto 
!
interface ATM0/0/0.1 point-to-point
 description $ES_WAN$$FW_OUTSIDE$
 no ip redirects
 no ip unreachables
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface Dialer0
 description $FW_OUTSIDE$
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 
 ppp chap password 7 00280A080A5E
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 2
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool SIP 192.168.1.5 192.168.1.9 netmask 255.255.255.0
ip nat inside source static tcp 192.168.1.5 69 interface Dialer0 69
ip nat inside source static tcp 192.168.1.5 80 interface Dialer0 80
ip nat inside source static tcp 192.168.1.5 3389 interface Dialer0 3389
ip nat inside source static tcp 192.168.1.5 21 interface Dialer0 21
ip nat inside source static tcp 192.168.1.5 20 interface Dialer0 20
ip nat inside source static tcp 192.168.1.6 8080 interface Dialer0 8080
ip nat inside source static 192.168.1.8 79.121.245.210
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 deny   any
access-list 100 remark VTY Access-class list
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 deny   ip any any
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner login Authorized access only!
 

banner motd 

!
line con 0
 login authentication local_authen
 transport output telnet
line aux 0
 login authentication local_authen
 transport output telnet
line vty 0 4
 access-class 100 in
 password 7 1517050B5C7C73757E6365
 authorization exec local_author
 login authentication local_authen
 transport input telnet
line vty 5 15
 access-class 100 in
 authorization exec local_author
 login authentication local_authen
 transport input telnet
!
scheduler allocate 4000 1000
end

Open in new window

0
mistyfly
Asked:
mistyfly
  • 11
  • 8
  • 2
1 Solution
 
jjmartineziiiCommented:
Are you saying that you want to deny all http traffic through the 1947?
0
 
mistyflyAuthor Commented:
No, I have managed to apply soemthing that has restricted it and I just need how to recify it. Or even set it too factory default?
0
 
jjmartineziiiCommented:
Your clients are located on FA0/0 and your internet is on ATM port?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
mistyflyAuthor Commented:
yeah thats right
0
 
jjmartineziiiCommented:
oh wait,

do you mean, you are trying to manage the device via http? You want to access the web interface of the 1841?
0
 
mistyflyAuthor Commented:
my clients dont have web access
0
 
jjmartineziiiCommented:
What happens when you run a tracert from a client computer to google.com? Can you post the results?
0
 
mistyflyAuthor Commented:
It says it cannot resolve it, it I log onto the cisco CLI and ping say www.bbc.co.uk then I get a reply so it seems I may be blocking it in some of way
0
 
mistyflyAuthor Commented:
ping request could not find host www.google.com, please check name and try again
0
 
mistyflyAuthor Commented:
ping request could not find host www.google.com, please check name and try again
0
 
jjmartineziiiCommented:
not a ping. i need a tracert from a client that's trying to access the internet.

go to command prompt and type "tracert google.com" and post here.
0
 
mistyflyAuthor Commented:
Sorry my fault

"unable to resolve target system name www.google.com"
0
 
jjmartineziiiCommented:
try "tracert 209.85.171.99"

then try "ping 209.85.171.99"
0
 
mistyflyAuthor Commented:
Sorry my fault

"unable to resolve target system name www.google.com"
0
 
jjmartineziiiCommented:
ok, but instead of using google.com use the ip address.
0
 
mistyflyAuthor Commented:
Sorry my fault

"unable to resolve target system name www.google.com"
0
 
mistyflyAuthor Commented:
See attached
Ping.bmp
0
 
jjmartineziiiCommented:
try:

interface Dialer0
no dialer-group 1


and test the internet connection.
0
 
jcs5003Commented:
Don't have any experience with the ATM connections, looks to me like its a PPP connection that requires the dialer to connect on demand. Is the initial connection being made? can you connect to anything from the router?
try telnet 209.85.237.25 25 and see if you get anything at all. If not, you're most likely not connecting to your ISP and no ACL statements will help you at all. Contact your ISP and ask if they can see you connecting.
0
 
mistyflyAuthor Commented:
jjmartineziii - that "no dialer-group 1" didn't work

jcs5003 - My ATM connection seems to be OK, I can ping www.google.com and various other websites when I telnet to the cisco, but I cannot gain web access form my clients...
0
 
jcs5003Commented:
Try this
no ip nat inside source static tcp 192.168.1.5 69 interface Dialer0 69
no ip nat inside source static tcp 192.168.1.5 80 interface Dialer0 80
no ip nat inside source static tcp 192.168.1.5 3389 interface Dialer0 3389
no ip nat inside source static tcp 192.168.1.5 21 interface Dialer0 21
no ip nat inside source static tcp 192.168.1.5 20 interface Dialer0 20
no ip nat inside source static tcp 192.168.1.6 8080 interface Dialer0 8080

ip nat inside source list 1 interface Dialer0 overload

I'm also not sure if you should be nating Dialer0 or ATM0, if the above doesn't work try


no ip nat inside source list 1 interface Dialer0 overload

ip nat inside source list 1 interface ATM0 overload

0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

  • 11
  • 8
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now