No HTTP access

I'm new to ciscos and I managed to ban HTTP access on my 1841 possibly using an ACL, whats the best fault finding methos for me to use to try and recify this. Do I need to attach the config
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$
 ip address 192.168.1.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip route-cache flow
 duplex auto
 speed auto
 no mop enabled
!
interface ATM0/0/0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 no atm ilmi-keepalive
 dsl operating-mode auto 
!
interface ATM0/0/0.1 point-to-point
 description $ES_WAN$$FW_OUTSIDE$
 no ip redirects
 no ip unreachables
 pvc 0/38 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface Dialer0
 description $FW_OUTSIDE$
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 
 ppp chap password 7 00280A080A5E
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 2
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool SIP 192.168.1.5 192.168.1.9 netmask 255.255.255.0
ip nat inside source static tcp 192.168.1.5 69 interface Dialer0 69
ip nat inside source static tcp 192.168.1.5 80 interface Dialer0 80
ip nat inside source static tcp 192.168.1.5 3389 interface Dialer0 3389
ip nat inside source static tcp 192.168.1.5 21 interface Dialer0 21
ip nat inside source static tcp 192.168.1.5 20 interface Dialer0 20
ip nat inside source static tcp 192.168.1.6 8080 interface Dialer0 8080
ip nat inside source static 192.168.1.8 79.121.245.210
!
logging trap debugging
access-list 1 remark INSIDE_IF=FastEthernet0/0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 deny   any
access-list 100 remark VTY Access-class list
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 deny   ip any any
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner login Authorized access only!
 

banner motd 

!
line con 0
 login authentication local_authen
 transport output telnet
line aux 0
 login authentication local_authen
 transport output telnet
line vty 0 4
 access-class 100 in
 password 7 1517050B5C7C73757E6365
 authorization exec local_author
 login authentication local_authen
 transport input telnet
line vty 5 15
 access-class 100 in
 authorization exec local_author
 login authentication local_authen
 transport input telnet
!
scheduler allocate 4000 1000
end

Open in new window

mistyflyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jjmartineziiiCommented:
Are you saying that you want to deny all http traffic through the 1947?
0
mistyflyAuthor Commented:
No, I have managed to apply soemthing that has restricted it and I just need how to recify it. Or even set it too factory default?
0
jjmartineziiiCommented:
Your clients are located on FA0/0 and your internet is on ATM port?
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

mistyflyAuthor Commented:
yeah thats right
0
jjmartineziiiCommented:
oh wait,

do you mean, you are trying to manage the device via http? You want to access the web interface of the 1841?
0
mistyflyAuthor Commented:
my clients dont have web access
0
jjmartineziiiCommented:
What happens when you run a tracert from a client computer to google.com? Can you post the results?
0
mistyflyAuthor Commented:
It says it cannot resolve it, it I log onto the cisco CLI and ping say www.bbc.co.uk then I get a reply so it seems I may be blocking it in some of way
0
mistyflyAuthor Commented:
ping request could not find host www.google.com, please check name and try again
0
mistyflyAuthor Commented:
ping request could not find host www.google.com, please check name and try again
0
jjmartineziiiCommented:
not a ping. i need a tracert from a client that's trying to access the internet.

go to command prompt and type "tracert google.com" and post here.
0
mistyflyAuthor Commented:
Sorry my fault

"unable to resolve target system name www.google.com"
0
jjmartineziiiCommented:
try "tracert 209.85.171.99"

then try "ping 209.85.171.99"
0
mistyflyAuthor Commented:
Sorry my fault

"unable to resolve target system name www.google.com"
0
jjmartineziiiCommented:
ok, but instead of using google.com use the ip address.
0
mistyflyAuthor Commented:
Sorry my fault

"unable to resolve target system name www.google.com"
0
mistyflyAuthor Commented:
See attached
Ping.bmp
0
jjmartineziiiCommented:
try:

interface Dialer0
no dialer-group 1


and test the internet connection.
0
jcs5003Commented:
Don't have any experience with the ATM connections, looks to me like its a PPP connection that requires the dialer to connect on demand. Is the initial connection being made? can you connect to anything from the router?
try telnet 209.85.237.25 25 and see if you get anything at all. If not, you're most likely not connecting to your ISP and no ACL statements will help you at all. Contact your ISP and ask if they can see you connecting.
0
mistyflyAuthor Commented:
jjmartineziii - that "no dialer-group 1" didn't work

jcs5003 - My ATM connection seems to be OK, I can ping www.google.com and various other websites when I telnet to the cisco, but I cannot gain web access form my clients...
0
jcs5003Commented:
Try this
no ip nat inside source static tcp 192.168.1.5 69 interface Dialer0 69
no ip nat inside source static tcp 192.168.1.5 80 interface Dialer0 80
no ip nat inside source static tcp 192.168.1.5 3389 interface Dialer0 3389
no ip nat inside source static tcp 192.168.1.5 21 interface Dialer0 21
no ip nat inside source static tcp 192.168.1.5 20 interface Dialer0 20
no ip nat inside source static tcp 192.168.1.6 8080 interface Dialer0 8080

ip nat inside source list 1 interface Dialer0 overload

I'm also not sure if you should be nating Dialer0 or ATM0, if the above doesn't work try


no ip nat inside source list 1 interface Dialer0 overload

ip nat inside source list 1 interface ATM0 overload

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.