?
Solved

cisco router reject its own traffic

Posted on 2009-06-29
2
Medium Priority
?
515 Views
Last Modified: 2012-05-07
i recently bought a router 1811 8-port switches and 2xFE ports
The network goes like this
(webserver_set_1)-----(VLAN1) ----- (FE0) 111.222.333.444
(webserver_set_2)-----(VLAN2) ----- (FE1) 444.333.222.111

Below are there my configuration. set_1 hosts domain.com, set_2 host apps.domain.com.
I ran into these problems.

1. from set_1, i tried to access http://domain.com and traffic was blocked somehow.
2. from set_2, I tried to access set_2 via HTTP request http://apps.domain.com (or vice versa), instead reading responses from the webservers, I was directed to GUI interface of the router it self.
3. I was ABLE to establish communicate between two VLANs

I'm not sre whatwas going wrong. :shock:
Can you please help?
!
!
ip cef
ip dhcp excluded-address 10.10.10.1
!
!
no ip domain lookup
ip inspect name firewall http
ip inspect name firewall https
ip inspect name firewall tcp router-traffic
ip inspect name firewall udp router-traffic
ip inspect name firewall icmp router-traffic
ip inspect name firewall dns
ip inspect name firewall imap
ip inspect name firewall imaps
ip inspect name firewall imap3
ip inspect name firewall ftp
ip inspect name firewall ipsec-msft
!
multilink bundle-name authenticated
!
!
username admin privilege 15 password 0 ehuman1811
username ehuman privilege 7 password 0 ehuman875
!
!
archive
 log config
  hidekeys
!
!
!
!
!
interface FastEthernet0
 ip address 111.222.333.444 255.255.255.248
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed 100
!
interface FastEthernet1
 ip address 555.444.333.222.111 255.255.255.248
 ip nat outside
 ip virtual-reassembly
 speed 100
 full-duplex
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
!
interface FastEthernet2
 
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
 switchport access vlan 2
 speed 100
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface Vlan2
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 65.19.158.121
ip route 0.0.0.0 0.0.0.0 66.220.4.129
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 192.168.1.3 80 interface FastEthernet0 80
ip nat inside source static tcp 192.168.1.3 3390 interface FastEthernet0 3390
ip nat inside source static tcp 192.168.1.3 21 interface FastEthernet0 21
ip nat inside source static tcp 192.168.1.20 3392 interface FastEthernet0 3392
ip nat inside source list list-1 interface FastEthernet0 overload
ip nat inside source list list-2 interface FastEthernet1 overload
!
ip access-list extended list-1
 deny   ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
 permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended list-2
 deny   ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
 permit ip 192.168.0.0 0.0.0.255 any
!
access-list 1 permit 192.168.1.0 0.0.0.255
no cdp run
!
!

Open in new window

0
Comment
Question by:valleytech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 4

Accepted Solution

by:
nasirsh earned 1500 total points
ID: 24734328
Do the following..


no ip http server

ip access-list extended list-1
permit ip 192.168.1.0 0.0.0.255 any
 deny   ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255

ip access-list extended list-2
permit ip 192.168.0.0 0.0.0.255 any
deny   ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255

(Replication)
no access-list 1 permit 192.168.1.0 0.0.0.255
0
 

Author Comment

by:valleytech
ID: 24736722
thanks!!
but the problem is sitll the same .

1. from set_1, i tried to access http://domain.com and i was redirected to the router's GUI interface/web-based.
2. from set_2, I tried to access set_2 via HTTP request http://apps.domain.com (or vice versa), instead reading responses from the webservers, I was directed to GUI interface of the router it self.
3. I was ABLE to establish communicate between two VLANs

any insight will be so great!
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question