• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Cisco 831 Router with Webserver

T

TiziteLayinLow

Senior member
I have the cisco 831, i have multiple domains with IIS. I can view the websites fine outside of my network, but inside my network i get page cannot be displayed. Im sure the settings are in the config of the router.

here is my config, any ideas?

Building configuration...

Current configuration : 4400 bytes
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname TiziteNet
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 xxxxx
!
username admin privilege 15 secret 5 xxxxxx
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
no aaa new-model
ip subnet-zero
no ip source-route
ip tcp synwait-time 10
ip name-server 10.10.10.3
ip dhcp excluded-address 10.10.10.1 10.10.10.99
ip dhcp excluded-address 10.10.10.200 10.10.10.254
!
ip dhcp pool sdm-pool1
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
!
!
no ip bootp server
ip cef
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 smtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip inspect name DEFAULT100 icmp
ip audit notify log
ip audit po max-events 100
ip ssh time-out 60
ip ssh authentication-retries 2
no ftp-server write-enable
!
!
!
!
!
!
!
interface Null0
no ip unreachables
!
interface Ethernet0
description $FW_INSIDE$$ETH-LAN$$INTF-INFO-Ethernet 10/100$
ip address 10.10.10.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip route-cache flow
no cdp enable
!
interface Ethernet1
description $FW_OUTSIDE$$ETH-WAN$
ip address dhcp client-id Ethernet1
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect DEFAULT100 out
ip route-cache flow
duplex auto
no cdp enable
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
ip nat inside source list 1 interface Ethernet1 overload
ip nat inside source static tcp 10.10.10.3 80 interface Ethernet1 80
ip classless
no ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
!
logging trap debugging
access-list 1 remark INSIDE_IF=Ethernet0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 10.10.10.0 0.0.0.255
access-list 2 permit any log
access-list 100 remark LAN Interface
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark WAN Interface
access-list 101 remark SDM_ACL Category=1
access-list 101 permit tcp 10.10.10.0 0.0.0.255 any eq www
access-list 101 permit tcp any any eq www log
access-list 101 deny ip 10.10.10.0 0.0.0.255 any
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip any any
access-list 102 remark VTY Access-class list
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
access-list 102 deny ip any any
no cdp run
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
access-class 102 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler interval 500
!
end
-----------------------------------------------------------------------
thanks in advance for any posts, tizitelayinlow

 
well - i know it can be done with linksys routers because they dont process an ACL the same way. Ive done it with linksys routers in fact.

the way the packet headers go threw encap. on a cisco the source IP comes back as inside NAT, but the port is outside NAT. theres just a config problem.

Not to mention, my school (its a smaller school), has a website and its on the LAN side of the entire school network, on a cisco router and you can access the website from within the schools network.

Thanks for your advice, ill keep that in mind on my quest for internal web surfing.

btw - do you realize that you said no organization has an intranet website with a cisco router? thats almost obsurd.

EDIT: i read the other post and i forgot about the hosts file, that will work for now, i only have 3 computers on my network besides the server.
 
I posted in that other thread, apparently some routers do allow this, Linksys & 3Com specifically, but every Cisco I've ever seen this tried on will not.
 
Do you have control of the DNS server/servers on your local network? If so just add an entry that forwards the internal web requests to an internal IP of your web server.

mydomain.com = 192.168.1.55 (Your web server)

John
 
ha ya this is my home network and personal sites.. ill give the DNS entry a shot.. speaking of DNS all of my domains i use the ns1.nameserver.com and ns2.nameserver.com of my registar and then have their name server forward to my IP - i like to take care of all my own stuff for educational purposes.

EDIT: i added them into the DNS server and it works good, thanks.


my win server has DNS installed - is there a way that i can make like ns1.mydomain.com and ns2.mydomain.com ?


thanks
 
to kinda add an additional question in here - is there a way to tell my cisco router that my primary DNS is 10.10.10.3(win server), and the sec and third just get from the dhcp client on WAN (RR) and pass those threw on the workstations, basically taking out static DNS server of the win server on each station.

thanks in advance
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top