Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Can ping from outside but nothing else (cisco 1811)

Status
Not open for further replies.
alose

alose

IS-IT--Management
Mar 5, 2008
24
US
Working with a cisco 1811, 12.4T

I copied a config from my other 1811 and fliped the interface rolls. I am able to ping the static nat IP's and get a responce from my home system. But I cant get it to open a web site or start up citrix. Its like it is completly blind to all traffic other then icmp.

I am really not sure what is going wrong and could really use some advice. Here is the relivent part of the config:
(IP's changed to protect the inocent)

!This is the running config of the router: 10.33.0.7
!----------------------------------------------------------------------------
!version 12.4
!
!
bridge irb
!
!
!
interface Tunnel0
bandwidth 800
ip address 192.168.199.1 255.255.255.0
no ip redirects
ip mtu 1400
ip nhrp authentication DMVPN_BK
ip nhrp map multicast dynamic
ip nhrp network-id 200000
ip nhrp holdtime 360
ip tcp adjust-mss 1360
delay 2000
tunnel source FastEthernet0
tunnel mode gre multipoint
tunnel key 200000
tunnel protection ipsec profile SDM_Profile1
!
interface FastEthernet0
description $ES_WAN$$FW_OUTSIDE$$ETH-WAN$
bandwidth 1500
ip address 70.80.52.234 255.255.255.248
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface FastEthernet1
description $FW_OUTSIDE$$ETH-WAN$
bandwidth 1000
bandwidth receive 8000
ip address 69.209.147.122 255.255.255.240
ip access-group 103 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Dot11Radio0
no ip address
!
encryption key 1 size 40bit 7 290E26A2C0C6 transmit-key
encryption mode wep mandatory
!
ssid linksys-jdh
authentication open
guest-mode
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
!
encryption key 1 size 40bit 7 D8CCF7F4DFC8 transmit-key
encryption mode wep mandatory
!
ssid linksys-jdh
authentication open
guest-mode
!
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$FW_INSIDE$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
!
interface BVI1
description $ES_LAN$$FW_INSIDE$
ip address 10.33.0.7 255.255.0.0
ip access-group 1 in
ip nat inside
ip virtual-reassembly
ip policy route-map SERVERS
!
router eigrp 1
network 10.33.0.0 0.0.255.255
network 192.168.199.0
no auto-summary
neighbor 10.33.0.2 BVI1
neighbor 10.33.0.1 BVI1
neighbor 10.33.0.6 BVI1
!
ip local policy route-map SERVERS
ip local pool SSL 10.33.100.99 10.33.100.100
ip route 0.0.0.0 0.0.0.0 69.209.147.113
ip route 64.130.86.2 255.255.255.255 70.80.52.238
ip route 65.126.201.218 255.255.255.255 70.80.52.238
ip route 65.212.211.226 255.255.255.255 70.80.52.238
ip route 66.76.142.252 255.255.255.255 70.80.52.238
ip route 67.42.63.43 255.255.255.255 70.80.52.238
ip route 70.165.109.167 255.255.255.255 70.80.52.238
ip route 71.39.118.113 255.255.255.255 70.80.52.238
ip route 71.195.164.245 255.255.255.255 70.80.52.238
ip route 75.146.151.133 255.255.255.255 70.80.52.238
ip route 216.57.167.67 255.255.255.255 70.80.52.238
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat translation dns-timeout 100
ip nat translation icmp-timeout 100
ip nat inside source route-map DYNAMIC interface FastEthernet1 overload
ip nat inside source static 10.33.0.8 70.80.52.235 route-map STATIC extendable
ip nat inside source static 10.33.2.4 70.80.52.236 route-map STATIC extendable
ip nat inside source static 10.33.2.5 70.80.52.237 route-map STATIC extendable
!
logging trap debugging
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 permit ip any host 10.33.0.7
access-list 100 deny ip 70.80.52.232 0.0.0.7 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 102 remark *****************************
access-list 102 remark SDM_ACL Category=1
access-list 102 permit tcp any host 70.80.52.234 eq 443
access-list 102 remark ***Exchange Server Ports
access-list 102 permit tcp any host 70.80.52.235 eq 143
access-list 102 permit tcp any host 70.80.52.235 eq www
access-list 102 permit tcp any host 70.80.52.235 eq pop3
access-list 102 permit tcp any host 70.80.52.235 eq 443
access-list 102 permit tcp 64.18.0.0 0.0.15.255 host 70.80.52.235 eq smtp
access-list 102 remark ***Legacy Weighflow
access-list 102 permit tcp any host 70.80.52.236 eq www
access-list 102 permit tcp any host 70.80.52.236 eq 443
access-list 102 permit tcp any host 70.80.52.236 eq ftp
access-list 102 permit tcp any host 70.80.52.236 eq ftp-data
access-list 102 permit tcp any host 70.80.52.236 eq 8080
access-list 102 remark ***Citrix Servers
access-list 102 permit tcp any host 70.80.52.237 eq www
access-list 102 permit tcp any host 70.80.52.237 eq 443
access-list 102 permit tcp any host 70.80.52.237 eq 1494
access-list 102 permit tcp any host 70.80.52.237 eq 1604
access-list 102 remark ***Auto Generated and DMVPN
access-list 102 permit udp host 206.13.31.12 eq domain host 70.80.52.234
access-list 102 permit udp any host 70.80.52.234 eq non500-isakmp
access-list 102 permit udp any host 70.80.52.234 eq isakmp
access-list 102 permit esp any host 70.80.52.234
access-list 102 permit ahp any host 70.80.52.234
access-list 102 permit gre any host 70.80.52.234
access-list 102 permit icmp any any
access-list 102 deny ip 10.33.0.0 0.0.255.255 any
access-list 102 permit tcp any host 70.80.52.234 eq 443
access-list 102 permit tcp any host 70.80.52.234 eq 22
access-list 102 permit tcp any host 70.80.52.234 eq cmd
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip host 0.0.0.0 any
access-list 102 deny ip any any log
access-list 103 remark *********************************
access-list 103 remark SDM_ACL Category=1
access-list 103 permit tcp any host 69.209.147.122 eq 443
access-list 103 remark ***Auto Generated and DMVPN Tunnel
access-list 103 deny ip 10.33.0.0 0.0.255.255 any
access-list 103 permit udp any host 69.209.147.122 eq non500-isakmp
access-list 103 permit udp any host 69.209.147.122 eq isakmp
access-list 103 permit esp any host 69.209.147.122
access-list 103 permit ahp any host 69.209.147.122
access-list 103 permit gre any host 69.209.147.122
access-list 103 permit udp host 206.13.31.12 eq domain host 69.209.147.122
access-list 103 permit icmp any any
access-list 103 permit tcp any host 69.209.147.122 eq 443
access-list 103 permit tcp any host 69.209.147.122 eq 22
access-list 103 permit tcp any host 69.209.147.122 eq cmd
access-list 103 deny ip 10.0.0.0 0.255.255.255 any
access-list 103 deny ip 172.16.0.0 0.15.255.255 any
access-list 103 deny ip 192.168.0.0 0.0.255.255 any
access-list 103 deny ip 127.0.0.0 0.255.255.255 any
access-list 103 deny ip host 255.255.255.255 any
access-list 103 deny ip host 0.0.0.0 any
access-list 103 deny ip any any log
access-list 104 permit ip host 10.33.0.8 any
access-list 104 permit ip host 10.33.2.4 any
access-list 104 permit ip host 10.33.2.5 any
access-list 104 permit ip 69.209.147.112 0.0.0.15 any
access-list 105 deny ip any 172.21.3.0 0.0.0.255
access-list 105 deny ip any 172.21.4.0 0.0.0.255
access-list 105 deny ip any 172.21.5.0 0.0.0.255
access-list 105 deny ip any 172.21.7.0 0.0.0.255
access-list 105 deny ip any 172.21.8.0 0.0.0.255
access-list 105 deny ip any 172.21.9.0 0.0.0.255
access-list 105 deny ip any 172.21.10.0 0.0.0.255
access-list 105 deny ip any 192.168.198.0 0.0.0.255
access-list 105 deny ip any 192.168.199.0 0.0.0.255
access-list 105 permit ip host 10.33.0.8 any
access-list 105 permit ip host 10.33.2.4 any
access-list 105 permit ip host 10.33.2.5 any
access-list 105 permit ip host 10.33.0.6 any
access-list 105 permit ip 70.80.52.232 0.0.0.7 any
access-list 150 deny ip host 10.33.0.8 any
access-list 150 deny ip host 10.33.2.4 any
access-list 150 deny ip host 10.33.2.5 any
access-list 150 permit ip 10.33.0.0 0.0.255.255 any
access-list 150 permit ip 172.21.3.0 0.0.0.255 any
access-list 150 permit ip 172.21.4.0 0.0.0.255 any
access-list 150 permit ip 172.21.5.0 0.0.0.255 any
access-list 150 permit ip 172.21.7.0 0.0.0.255 any
access-list 150 permit ip 172.21.8.0 0.0.0.255 any
access-list 150 permit ip 172.21.9.0 0.0.0.255 any
access-list 150 permit ip 172.21.10.0 0.0.0.255 any
access-list 150 permit ip 172.21.11.0 0.0.0.255 any
access-list 150 permit ip 172.21.12.0 0.0.0.255 any
access-list 150 permit ip 172.21.100.0 0.0.0.255 any
access-list 180 deny ip any 192.168.198.0 0.0.0.255
access-list 180 deny ip any 192.168.199.0 0.0.0.255
access-list 180 deny ip any 172.21.3.0 0.0.0.255
access-list 180 deny ip any 172.21.4.0 0.0.0.255
access-list 180 deny ip any 172.21.5.0 0.0.0.255
access-list 180 deny ip any 172.21.7.0 0.0.0.255
access-list 180 deny ip any 172.21.8.0 0.0.0.255
access-list 180 deny ip any 172.21.9.0 0.0.0.255
access-list 180 deny ip any 172.21.10.0 0.0.0.255
access-list 180 deny ip any 172.21.11.0 0.0.0.255
access-list 180 deny ip any 172.21.12.0 0.0.0.255
access-list 180 permit ip host 10.33.0.8 any
access-list 180 permit ip host 10.33.2.4 any
access-list 180 permit ip host 10.33.2.5 any
access-list 180 permit ip host 10.33.0.6 any
no cdp run
!
!
!
route-map STATIC permit 10
match ip address 180
match interface FastEthernet0
!
route-map DYNAMIC permit 10
match ip address 150
match interface FastEthernet1
!
route-map SERVERS permit 1
match ip address 105
set ip next-hop 70.80.52.238
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CCCCCCCAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
end


 
Status
Not open for further replies.

Similar threads

pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
221
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
201
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
202
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
206
Hayden09
Hayden09
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
263
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top