Solved

Cisco 2811 configuration for uplading pdf files

Posted on 2010-09-16
43
391 Views
Last Modified: 2012-05-10
Hi there,
Few years back I have to put some commands in my cisco 2811 to enable java scripts for some site which were not working.  Now I remember if I have to do something with my router configuration to allow me to upload pdf files to my external site from windows 7 and server 2008 machines.  WIndows XP machine can upload pdf files to this site very well.  But win7 and server 2008 machines have something in common and do not let me upload pdf files to my external website?  Uploading is done via IE8.
What I did:
-Made IE in compatible mode - same issue occured I cannot upload.
-I put my website address URL in trusted websites - same issue.
-I installed Firefox and tried uploading pdf files -same issue.  
-I disabled windows firewall - same issue.
-I disabled antivirus - same issue.
-I have enabled the Active X and file downloads in IE 8 - same issue.
-I reset the IE8. Same issue.
-I disabled ad-ons in IE8. No luck.
-I disabled user account settings in Win7 no luck.
Even I installed a brand new image via CD and simply fired up IE and tried uploading pdf files.  NO luck.. Hel plz

Help plz
0
Comment
Question by:amanzoor
  • 21
  • 12
  • 3
  • +3
43 Comments
 
LVL 3

Expert Comment

by:kf4zmt
ID: 33694301
I don't understand why a router configuration would have anything to do with javascript or pdf files.   Can you please explain?
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33694445
what shows the log?

please tell us%!
0
 
LVL 5

Expert Comment

by:StefanKamp
ID: 33694793
I am quite curious how you managed to setup a Cisco 2811 router allowing javascript and/or .pdf files in the first place. Do us a favour and post your running config of your Cisco 2811, grab only the lines containing any relationship with java/pdf. Connect to your cisco router, enable, show run. We may then be able to help you out as for now I believe we don't have a clue what the exact problem is. Thanks!

Cheers,
Stefan
0
 
LVL 4

Author Comment

by:amanzoor
ID: 33695670
Here you go my friends, luckily I found the question asked here on EE in 2007 and answered perfectly by Irmoore, it worked like a charm for my network to show java script enabled websites which were not shown at that time on my network.  
http://www.experts-exchange.com/Security/Software_Firewalls/Enterprise_Firewalls/Cisco_PIX_Firewall/Q_22919339.html
0
 
LVL 4

Author Comment

by:amanzoor
ID: 33695688
Now I am trying to find out why I cannot upload pdf files from windows 7 and server 2008 machines.  Do I have to do something in my router 2811?
Help
0
 
LVL 3

Expert Comment

by:kf4zmt
ID: 33695697
It appears that you are using the 2811 as a firewall.  Is this correct?
0
 
LVL 4

Author Comment

by:amanzoor
ID: 33695735
Correct, Attached is my show run
expertaccesslist.txt
0
 
LVL 3

Expert Comment

by:kf4zmt
ID: 33695777
Is there a reason you need to inspect java?  What happens if you change this:

ip inspect name TRAFFIC_INSPECTI http java-list 21

to this:

ip inspect name TRAFFIC_INSPECTI http
??
0
 
LVL 4

Author Comment

by:amanzoor
ID: 33695964
kf4:
There are many educational java applets/scripts enabled sites which simply will not work.  
Anyhow my question for uploading pdf files to my external website from windows 7 and server 2008 machines, does it link to my router in any case? or should I blame the new OS (windows7 and server 2008).  My XP Professional machines have NO trouble uploading pdf files to my external site.  Its truly something to learn and add to my knowledge.
0
 

Expert Comment

by:Gelom
ID: 33705574
can ask someone who has (windows7 and server 2008) download pdf file on your external website to make a mistake on the router.

what version of IE installed on the HP

perhaps try another browser
0
 
LVL 4

Author Comment

by:amanzoor
ID: 33707479
Gelom:
If I take the same machine with win7 outside my network uploads work fine.  Using IE8 and I have already tried firefox and chrome.  No luck.
0
 
LVL 61

Expert Comment

by:btan
ID: 33866646
Seems like should not be the file format problem, hence does not matter whether it is PDF or other format.
And would I suppose that if the cisco router is not there (as proxy), assume direct out into internet the uploading is possible. If so, then we can isolate cisco device as the culprit and not the Win 7 and Win2k8
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33866651
what shows the log?

Did you tried it without inspect?
0
 
LVL 4

Author Comment

by:amanzoor
ID: 33867172
ok guys:
to remove the inspect:
I will simply  put this command on my cisco 2811 router just to check the upload of pdf's files from my win7 and serv 2008 machines?
>>>under config t
--no ip inspect name TRAFFIC_INSPECTI http  

once I check if this is not causing trouble I could simply  put in as:
--ip inspect name TRAFFIC_INSPECTI http
correct?  
Help plz!
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33867193
Please try it and tell us the result!

interface FastEthernet0/1.92
 no ip address  ip access-group 101 in
 no  ip inspect TRAFFIC_INSPECTI out
0
 
LVL 4

Author Comment

by:amanzoor
ID: 33868023
ikalmar:
How do I put it back once checked?
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33868043

interface FastEthernet0/1.92
ip address  ip access-group 101 in
ip inspect TRAFFIC_INSPECTI out
0
 
LVL 4

Author Comment

by:amanzoor
ID: 33868096
It shows me:
_2811(config-subif)#no ip address ip access-group 101 in
                                         ^
% Invalid input detected at '^' marker.


0
 
LVL 4

Author Comment

by:amanzoor
ID: 33868121
ikalmar:
Please confirm should I:
interface FastEthernet0/1.92
 ip access-group 101 in
 no  ip inspect TRAFFIC_INSPECTI out

then once I am done:
interface FastEthernet0/1.92
 ip access-group 101 in
ip inspect TRAFFIC_INSPECTI out

Correct?
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33868275
sorry

interface FastEthernet0/1.92
no  ip access-group 101 in
 no  ip inspect TRAFFIC_INSPECTI out
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 4

Author Comment

by:amanzoor
ID: 33868367
ikalmar:
Excellent!  
I was able to upload the pdf files from my server 2008.  Sorry I am remoting in and checking in everything for you, I cannot check any windows7 clients till tuesday.  But if server 2008 is working I think the clients wil be fine too.  Good job!
How do I reconfirm that the access-group 101 is put back in properly?
Help plz
0
 
LVL 4

Author Comment

by:amanzoor
ID: 33868404
ikalmar:
Please can you explain what was happening here in this particular case.  I need to know and understand.  
Now which line needs a fix in access-group 101 so that all my server 2008 and clients wind7 have no trouble uploading pdf files.
Help
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33868518
Hi,

ACL 101 needs for inspection.... it seems that you need to finetuning inspections...
 how can you upload the pdf files, which ports do you use?
0
 
LVL 4

Author Comment

by:amanzoor
ID: 33868658
I simply use the IE, open up the site http://sitename.ca and click on the upload page for the pdf files.
I used Microsoft netowork monitor to capture the traffic and saw the following TCP source ports:
TCP 55943 -  80
TCP 55944 -  80
TCP 55945 -  80
TCP 55946 -  80
TCP 55947 -  80
TCP 55948 -  80
TCP 55952 -  80
I am not sure if this the info you want?  Let me know how to capture the ports while uploading pdf's and I can post for you?
Help

0
 
LVL 61

Expert Comment

by:btan
ID: 33869373
Wireshark can be used to capture what you need as you are running through the pdf uploading sequences
http://www.wireshark.org/download.html

There is also Fport as well to associate to process
http://www.foundstone.com/us/resources/proddesc/fport.htm

0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33869442
Hi,

Is the acl 101 contains http://sitename.ca address?
0
 
LVL 4

Author Comment

by:amanzoor
ID: 33870463
ikalmar:
no the acl contains no entry for http://sitename.ca.

breadtan:
Thanks
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33870538
you need to add this and try inspection with pdf uploading..
0
 
LVL 4

Author Comment

by:amanzoor
ID: 33871170
ikalmar:
what is the command? will I be adding the external IP of the website? from which I upload the pdf files?
help plz
0
 
LVL 4

Author Comment

by:amanzoor
ID: 33878042
ikalmar:
I am not hosting this website on my servers.  It is hosted by one of our site hosters.  I am not sure how to put an IP which belongs to some external hoster on our router 2811 to allow the uploads of pdf's.
Help
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33878353
interface FastEthernet0/1.92
ip address  ip access-group 101 in
ip inspect TRAFFIC_INSPECTI out

access-list 101 permit tcp host x.x.x.x eq www host y.y.y.y

x.x.x.x is http://sitename.ca
y.y.y.y your public IP address
0
 
LVL 4

Author Comment

by:amanzoor
ID: 33881047
ikalmar:
Adding this line to the ACL 101 does not resolve the issue.  Any other suggestion.
Hel plz.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33881691
what shows the log?
ho can working the pdf uploading?
0
 
LVL 4

Author Comment

by:amanzoor
ID: 33885851
ikalmar:
show log does not show me any suspecious about the file uploads for pdf files.  Do I have to enable special logging for it? How? on the router 2811.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 33971524
Ok Guys:
After long days of work and tension.  I replaced the router 2811 and found a faulty hardware interface port, the downloads and uploads were miserable and went stuck at about 20%.  Also we were facing some other issues.  Via new 2911 router there is no trouble yet.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 33971528
Its very hard for me to allocate points for this question.  Any suggestions?
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33972320
I think the inspection caused the problem
0
 
LVL 4

Author Comment

by:amanzoor
ID: 33974022
ikalmar:
I am using the same inspection on the new router.
0
 
LVL 34

Accepted Solution

by:
Istvan Kalmar earned 500 total points
ID: 33974325
ok in this case you need same IOS on old router....
0
 
LVL 4

Author Comment

by:amanzoor
ID: 33974657
Thanks iKalmar for clarifying.
Regards.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Join & Write a Comment

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now