Solved

i cannot access to secure website https

Posted on 2013-11-09
3
411 Views
Last Modified: 2013-11-17
hello for all
i have cisco router 2811 with vlans
i make routing between vlans router on stack
native vlan can access to all website and no problems
but all other vlan cannot access https site like google and facbook and all https sites
no redurict and the page cannot desplay
my confge command here

æÇäÇ
 match class-map all
 match protocol aol
 match protocol msnmsgr
 match protocol ymsgr
 match protocol tcp
 match protocol udp
 match protocol biff
 match protocol icmp
 match protocol snmp
!
!
!
!
interface GigabitEthernet0/0
 description $ETH-WAN$
 ip address 196.218.59.197 255.255.255.0
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description $ETH-LAN$
 no ip address
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.1
 description $ETH-LAN$
 encapsulation dot1Q 1 native
 ip address 192.168.1.23 255.255.255.0
 ip helper-address 192.168.1.1
 ip mask-reply
 ip directed-broadcast
 ip virtual-reassembly
!
interface GigabitEthernet0/1.2
 description $ETH-LAN$
 encapsulation dot1Q 2
 ip address 192.168.2.1 255.255.255.0
 ip helper-address 192.168.1.1
 ip virtual-reassembly
!
interface GigabitEthernet0/1.3
 description $ETH-LAN$
 encapsulation dot1Q 3
 ip address 192.168.3.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.4
 description $ETH-LAN$
 encapsulation dot1Q 4
 ip address 192.168.4.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.5
 description $ETH-LAN$
 encapsulation dot1Q 5
 ip address 192.168.5.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.6
 description $ETH-LAN$
 encapsulation dot1Q 6
 ip address 192.168.6.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.7
 description $ETH-LAN$
 encapsulation dot1Q 7
 ip address 192.168.7.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.8
 description $ETH-LAN$
 encapsulation dot1Q 8
 ip address 192.168.8.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.9
 description $ETH-LAN$
 encapsulation dot1Q 9
 ip address 192.168.9.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.10
 description $ETH-LAN$
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.11
 description $ETH-LAN$
 encapsulation dot1Q 11
 ip address 192.168.11.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.12
 description $ETH-LAN$
 encapsulation dot1Q 12
 ip address 192.168.12.1 255.255.255.0
 ip helper-address 192.168.1.1
 no ip redirects
!
interface GigabitEthernet0/1.13
 description $ETH-LAN$
 encapsulation dot1Q 13
 ip address 192.168.13.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.14
 description $ETH-LAN$
 encapsulation dot1Q 14
 ip address 192.168.14.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.15
 description $ETH-LAN$
 encapsulation dot1Q 15
 ip address 192.168.15.1 255.255.255.0
 ip helper-address 192.168.1.1
 ip virtual-reassembly
!
interface GigabitEthernet0/1.16
 description $ETH-LAN$
 encapsulation dot1Q 16
 ip address 192.168.16.1 255.255.255.0
 ip helper-address 192.168.1.1
 ip mask-reply
 no ip unreachables
 ip directed-broadcast
 no ip proxy-arp
 ip virtual-reassembly
!
interface GigabitEthernet0/1.17
 description $ETH-LAN$
 encapsulation dot1Q 17
 ip address 192.168.17.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.18
 description $ETH-LAN$
 encapsulation dot1Q 18
 ip address 192.168.18.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.19
 description $ETH-LAN$
 encapsulation dot1Q 19
 ip address 192.168.19.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.20
 description $ETH-LAN$
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.21
 description $ETH-LAN$
 encapsulation dot1Q 21
 ip address 192.168.21.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.22
 description $ETH-LAN$
 encapsulation dot1Q 22
 ip address 192.168.22.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.23
 description $ETH-LAN$
 encapsulation dot1Q 23
 ip address 192.168.23.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.24
 description $ETH-LAN$
 encapsulation dot1Q 24
 ip address 192.168.24.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.25
 description $ETH-LAN$
 encapsulation dot1Q 25
 ip address 192.168.25.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.26
 description $ETH-LAN$
 encapsulation dot1Q 26
 ip address 192.168.26.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.27
 description $ETH-LAN$
 encapsulation dot1Q 27
 ip address 192.168.27.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.28
 description $ETH-LAN$
 encapsulation dot1Q 28
 ip address 192.168.28.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.29
 description $ETH-LAN$
 encapsulation dot1Q 29
 ip address 192.168.29.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.30
 description $ETH-LAN$
 encapsulation dot1Q 30
 ip address 192.168.30.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.31
 description $ETH-LAN$
 encapsulation dot1Q 31
 ip address 192.168.31.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.32
 description $ETH-LAN$
 encapsulation dot1Q 32
 ip address 192.168.32.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.33
 description $ETH-LAN$
 encapsulation dot1Q 33
 ip address 192.168.33.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.34
 description $ETH-LAN$
 encapsulation dot1Q 34
 ip address 192.168.34.1 255.255.255.0
 ip helper-address 192.168.1.1
!
interface GigabitEthernet0/1.35
 description $ETH-LAN$
 encapsulation dot1Q 35
 ip address 192.168.35.1 255.255.255.0
 ip helper-address 192.168.1.1
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.24 permanent
ip route 172.17.39.0 255.255.255.0 172.17.39.100
ip route 192.168.1.0 255.255.255.0 172.18.1.1
ip http server
ip http authentication local
ip http secure-server
!
!
!
access-list 101 permit tcp any any
access-list 101 permit icmp any any
access-list 101 permit udp any any
!
!
!
!
!
control-plane
!
!
line con 0
 privilege level 15
 login local
 transport output telnet
line aux 0
 privilege level 15
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
end

zizo_Router#
zizo_Router#
zizo_Router#
zizo_Router#show acc
zizo_Router#show acce
zizo_Router#show access-
zizo_Router#show access-l
zizo_Router#show access-lists 101
Extended IP access list 101
    10 permit tcp any any
    20 permit icmp any any
    30 permit udp any any
zizo_Router#conf
zizo_Router#
any missing please help
0
Comment
Question by:zizo1982
  • 2
3 Comments
 
LVL 10

Accepted Solution

by:
koudry earned 100 total points
Comment Utility
One possibility is that your NAT configuration is not complete.  You have "ip nat inside" configured on the main LAN port GigabitEthernet0/1 but you have not configured "ip nat outside" anywhere. This is likely to go on the WAN port.

You have private IP addresses on the LAN sides and the way some of your static routes are configured, indicates you need to translate your private 192.168.x.x addresses to a pool of 172.x.x.x addresses. I could be mistaken though.

See: NAT Order of Operation - http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080133ddd.shtml
0
 

Author Comment

by:zizo1982
Comment Utility
i did nat outside
on interface but same problem
and i think nat is not problems cuz i have barracuda web filter  i think it is make this
cuz if i have problem in nat it will deny any traffic and cannot access to internet for all
0
 
LVL 10

Expert Comment

by:koudry
Comment Utility
For my own education, could you tell me what solution you have finally applied.

Thanks.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now