Cisco 2811 configuration for uplading pdf files

Hi there,
Few years back I have to put some commands in my cisco 2811 to enable java scripts for some site which were not working.  Now I remember if I have to do something with my router configuration to allow me to upload pdf files to my external site from windows 7 and server 2008 machines.  WIndows XP machine can upload pdf files to this site very well.  But win7 and server 2008 machines have something in common and do not let me upload pdf files to my external website?  Uploading is done via IE8.
What I did:
-Made IE in compatible mode - same issue occured I cannot upload.
-I put my website address URL in trusted websites - same issue.
-I installed Firefox and tried uploading pdf files -same issue.  
-I disabled windows firewall - same issue.
-I disabled antivirus - same issue.
-I have enabled the Active X and file downloads in IE 8 - same issue.
-I reset the IE8. Same issue.
-I disabled ad-ons in IE8. No luck.
-I disabled user account settings in Win7 no luck.
Even I installed a brand new image via CD and simply fired up IE and tried uploading pdf files.  NO luck.. Hel plz

Help plz
LVL 5
amanzoorNetwork infrastructure AdminAsked:
Who is Participating?
 
Istvan KalmarConnect With a Mentor Head of IT Security Division Commented:
ok in this case you need same IOS on old router....
0
 
kf4zmtCommented:
I don't understand why a router configuration would have anything to do with javascript or pdf files.   Can you please explain?
0
 
Istvan KalmarHead of IT Security Division Commented:
what shows the log?

please tell us%!
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
StefanKampCommented:
I am quite curious how you managed to setup a Cisco 2811 router allowing javascript and/or .pdf files in the first place. Do us a favour and post your running config of your Cisco 2811, grab only the lines containing any relationship with java/pdf. Connect to your cisco router, enable, show run. We may then be able to help you out as for now I believe we don't have a clue what the exact problem is. Thanks!

Cheers,
Stefan
0
 
amanzoorNetwork infrastructure AdminAuthor Commented:
Here you go my friends, luckily I found the question asked here on EE in 2007 and answered perfectly by Irmoore, it worked like a charm for my network to show java script enabled websites which were not shown at that time on my network.  
http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_22919339.html
0
 
amanzoorNetwork infrastructure AdminAuthor Commented:
Now I am trying to find out why I cannot upload pdf files from windows 7 and server 2008 machines.  Do I have to do something in my router 2811?
Help
0
 
kf4zmtCommented:
It appears that you are using the 2811 as a firewall.  Is this correct?
0
 
amanzoorNetwork infrastructure AdminAuthor Commented:
Correct, Attached is my show run
expertaccesslist.txt
0
 
kf4zmtCommented:
Is there a reason you need to inspect java?  What happens if you change this:

ip inspect name TRAFFIC_INSPECTI http java-list 21

to this:

ip inspect name TRAFFIC_INSPECTI http
??
0
 
amanzoorNetwork infrastructure AdminAuthor Commented:
kf4:
There are many educational java applets/scripts enabled sites which simply will not work.  
Anyhow my question for uploading pdf files to my external website from windows 7 and server 2008 machines, does it link to my router in any case? or should I blame the new OS (windows7 and server 2008).  My XP Professional machines have NO trouble uploading pdf files to my external site.  Its truly something to learn and add to my knowledge.
0
 
GelomCommented:
can ask someone who has (windows7 and server 2008) download pdf file on your external website to make a mistake on the router.

what version of IE installed on the HP

perhaps try another browser
0
 
amanzoorNetwork infrastructure AdminAuthor Commented:
Gelom:
If I take the same machine with win7 outside my network uploads work fine.  Using IE8 and I have already tried firefox and chrome.  No luck.
0
 
btanExec ConsultantCommented:
Seems like should not be the file format problem, hence does not matter whether it is PDF or other format.
And would I suppose that if the cisco router is not there (as proxy), assume direct out into internet the uploading is possible. If so, then we can isolate cisco device as the culprit and not the Win 7 and Win2k8
0
 
Istvan KalmarHead of IT Security Division Commented:
what shows the log?

Did you tried it without inspect?
0
 
amanzoorNetwork infrastructure AdminAuthor Commented:
ok guys:
to remove the inspect:
I will simply  put this command on my cisco 2811 router just to check the upload of pdf's files from my win7 and serv 2008 machines?
>>>under config t
--no ip inspect name TRAFFIC_INSPECTI http  

once I check if this is not causing trouble I could simply  put in as:
--ip inspect name TRAFFIC_INSPECTI http
correct?  
Help plz!
0
 
Istvan KalmarHead of IT Security Division Commented:
Please try it and tell us the result!

interface FastEthernet0/1.92
 no ip address  ip access-group 101 in
 no  ip inspect TRAFFIC_INSPECTI out
0
 
amanzoorNetwork infrastructure AdminAuthor Commented:
ikalmar:
How do I put it back once checked?
0
 
Istvan KalmarHead of IT Security Division Commented:

interface FastEthernet0/1.92
ip address  ip access-group 101 in
ip inspect TRAFFIC_INSPECTI out
0
 
amanzoorNetwork infrastructure AdminAuthor Commented:
It shows me:
_2811(config-subif)#no ip address ip access-group 101 in
                                         ^
% Invalid input detected at '^' marker.


0
 
amanzoorNetwork infrastructure AdminAuthor Commented:
ikalmar:
Please confirm should I:
interface FastEthernet0/1.92
 ip access-group 101 in
 no  ip inspect TRAFFIC_INSPECTI out

then once I am done:
interface FastEthernet0/1.92
 ip access-group 101 in
ip inspect TRAFFIC_INSPECTI out

Correct?
0
 
Istvan KalmarHead of IT Security Division Commented:
sorry

interface FastEthernet0/1.92
no  ip access-group 101 in
 no  ip inspect TRAFFIC_INSPECTI out
0
 
amanzoorNetwork infrastructure AdminAuthor Commented:
ikalmar:
Excellent!  
I was able to upload the pdf files from my server 2008.  Sorry I am remoting in and checking in everything for you, I cannot check any windows7 clients till tuesday.  But if server 2008 is working I think the clients wil be fine too.  Good job!
How do I reconfirm that the access-group 101 is put back in properly?
Help plz
0
 
amanzoorNetwork infrastructure AdminAuthor Commented:
ikalmar:
Please can you explain what was happening here in this particular case.  I need to know and understand.  
Now which line needs a fix in access-group 101 so that all my server 2008 and clients wind7 have no trouble uploading pdf files.
Help
0
 
Istvan KalmarHead of IT Security Division Commented:
Hi,

ACL 101 needs for inspection.... it seems that you need to finetuning inspections...
 how can you upload the pdf files, which ports do you use?
0
 
amanzoorNetwork infrastructure AdminAuthor Commented:
I simply use the IE, open up the site http://sitename.ca and click on the upload page for the pdf files.
I used Microsoft netowork monitor to capture the traffic and saw the following TCP source ports:
TCP 55943 -  80
TCP 55944 -  80
TCP 55945 -  80
TCP 55946 -  80
TCP 55947 -  80
TCP 55948 -  80
TCP 55952 -  80
I am not sure if this the info you want?  Let me know how to capture the ports while uploading pdf's and I can post for you?
Help

0
 
btanExec ConsultantCommented:
Wireshark can be used to capture what you need as you are running through the pdf uploading sequences
http://www.wireshark.org/download.html

There is also Fport as well to associate to process
http://www.foundstone.com/us/resources/proddesc/fport.htm

0
 
Istvan KalmarHead of IT Security Division Commented:
Hi,

Is the acl 101 contains http://sitename.ca address?
0
 
amanzoorNetwork infrastructure AdminAuthor Commented:
ikalmar:
no the acl contains no entry for http://sitename.ca.

breadtan:
Thanks
0
 
Istvan KalmarHead of IT Security Division Commented:
you need to add this and try inspection with pdf uploading..
0
 
amanzoorNetwork infrastructure AdminAuthor Commented:
ikalmar:
what is the command? will I be adding the external IP of the website? from which I upload the pdf files?
help plz
0
 
amanzoorNetwork infrastructure AdminAuthor Commented:
ikalmar:
I am not hosting this website on my servers.  It is hosted by one of our site hosters.  I am not sure how to put an IP which belongs to some external hoster on our router 2811 to allow the uploads of pdf's.
Help
0
 
Istvan KalmarHead of IT Security Division Commented:
interface FastEthernet0/1.92
ip address  ip access-group 101 in
ip inspect TRAFFIC_INSPECTI out

access-list 101 permit tcp host x.x.x.x eq www host y.y.y.y

x.x.x.x is http://sitename.ca
y.y.y.y your public IP address
0
 
amanzoorNetwork infrastructure AdminAuthor Commented:
ikalmar:
Adding this line to the ACL 101 does not resolve the issue.  Any other suggestion.
Hel plz.
0
 
Istvan KalmarHead of IT Security Division Commented:
what shows the log?
ho can working the pdf uploading?
0
 
amanzoorNetwork infrastructure AdminAuthor Commented:
ikalmar:
show log does not show me any suspecious about the file uploads for pdf files.  Do I have to enable special logging for it? How? on the router 2811.
0
 
amanzoorNetwork infrastructure AdminAuthor Commented:
Ok Guys:
After long days of work and tension.  I replaced the router 2811 and found a faulty hardware interface port, the downloads and uploads were miserable and went stuck at about 20%.  Also we were facing some other issues.  Via new 2911 router there is no trouble yet.
0
 
amanzoorNetwork infrastructure AdminAuthor Commented:
Its very hard for me to allocate points for this question.  Any suggestions?
0
 
Istvan KalmarHead of IT Security Division Commented:
I think the inspection caused the problem
0
 
amanzoorNetwork infrastructure AdminAuthor Commented:
ikalmar:
I am using the same inspection on the new router.
0
 
amanzoorNetwork infrastructure AdminAuthor Commented:
Thanks iKalmar for clarifying.
Regards.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.