HI.
In a small office there is an NT4 server behind a CISCO 805 version 12.0(4) XM router with F.R. 128k connection to ISP.
The router is providing dynamic and static nat to internal clients and servers (details will follow).
The internal server is a web server, and also has NAVCE installed. NAVCE needs to access the internet every day to get new virus definitions (liveupdate to port 80 outside).
Every week or two I see that the anti virus is not updated.
When I try to run live update manualy at the server I get connection time outs, and I also can not browse the internet from the server.
Other internal clients can go out with no problem.
External clients can connect to the internal server with no problem.
If I reload the router or if I issue the command:
"clear ip nat trans *" at the router, then the server can go out again and the problem is solved until the next time.
I have not yet fully investigated this, and I guess this is a problem with the IOS software because of the EARLY DEPLOYMENT version of it.
So I will ask the ISP who manages the router to update the IOS, but if you have other tips I should know then please share them with me.
More info:
*** show version ***
Cisco Internetwork Operating System Software
IOS (tm) C805 Software (C805-Y6-MW), Version 12.0(4)XM, EARLY DEPLOYMENT RELEASE
SOFTWARE (fc1)
TAC:Home:SW:IOS:Specials for info
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Thu 17-Jun-99 16:51 by linda
...
ROM: TinyROM version 1.2(2)
...
Cisco C805 (MPC860) processor (revision 0) with 46944K bytes of virtual memory.
*** show start (X.X.X.B= NT server registered ip)***
interface Ethernet0
ip address X.X.X.A 255.255.255.240 secondary
ip address 10.0.0.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface Serial0
ip address Y.Y.Y.Y 255.255.255.252
no ip directed-broadcast
ip nat outside
encapsulation frame-relay IETF
keepalive 11
frame-relay interface-dlci 16
frame-relay lmi-type ansi
!
ip nat inside source list 1 interface Serial0 overload
...
ip nat inside source static tcp 10.0.0.11 80 X.X.X.B 80 extendable
...
ip nat inside source static tcp 10.0.0.11 21 X.X.X.B 21 extendable
ip nat inside source static tcp 10.0.0.11 20 X.X.X.B 20 extendable
!
access-list 1 permit 10.0.0.0 0.0.0.255
Thanks for any info
Yizhar Hurwitz
In a small office there is an NT4 server behind a CISCO 805 version 12.0(4) XM router with F.R. 128k connection to ISP.
The router is providing dynamic and static nat to internal clients and servers (details will follow).
The internal server is a web server, and also has NAVCE installed. NAVCE needs to access the internet every day to get new virus definitions (liveupdate to port 80 outside).
Every week or two I see that the anti virus is not updated.
When I try to run live update manualy at the server I get connection time outs, and I also can not browse the internet from the server.
Other internal clients can go out with no problem.
External clients can connect to the internal server with no problem.
If I reload the router or if I issue the command:
"clear ip nat trans *" at the router, then the server can go out again and the problem is solved until the next time.
I have not yet fully investigated this, and I guess this is a problem with the IOS software because of the EARLY DEPLOYMENT version of it.
So I will ask the ISP who manages the router to update the IOS, but if you have other tips I should know then please share them with me.
More info:
*** show version ***
Cisco Internetwork Operating System Software
IOS (tm) C805 Software (C805-Y6-MW), Version 12.0(4)XM, EARLY DEPLOYMENT RELEASE
SOFTWARE (fc1)
TAC:Home:SW:IOS:Specials for info
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Thu 17-Jun-99 16:51 by linda
...
ROM: TinyROM version 1.2(2)
...
Cisco C805 (MPC860) processor (revision 0) with 46944K bytes of virtual memory.
*** show start (X.X.X.B= NT server registered ip)***
interface Ethernet0
ip address X.X.X.A 255.255.255.240 secondary
ip address 10.0.0.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface Serial0
ip address Y.Y.Y.Y 255.255.255.252
no ip directed-broadcast
ip nat outside
encapsulation frame-relay IETF
keepalive 11
frame-relay interface-dlci 16
frame-relay lmi-type ansi
!
ip nat inside source list 1 interface Serial0 overload
...
ip nat inside source static tcp 10.0.0.11 80 X.X.X.B 80 extendable
...
ip nat inside source static tcp 10.0.0.11 21 X.X.X.B 21 extendable
ip nat inside source static tcp 10.0.0.11 20 X.X.X.B 20 extendable
!
access-list 1 permit 10.0.0.0 0.0.0.255
Thanks for any info
Yizhar Hurwitz