General discussion

Locked

cisco 806 router config

By thinknologist ·
Hi there,

KINDLY REFER TO CONFIG BELOW.

I have a problem with my cisco 806 config, I am seeking for your advise for the two following issues:

1. My internet connection is fine with in 30mins to one hour but after that users were not able to browse the net. Was it because of this script:

ip inspect name myfw tcp timeout 3600

2. I wanted it to be remotely configured through telnet, I added access-list:

access-list permit tcp any host <router public ip> eq telnet

but still not successful and when i watched the logs I found that remote IP penetrating port 23 is blocked but I have not blocked any.

Any advise would be a big help.

A BIG THANKS,

==========================================
Building configuration...

Current configuration : 2773 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname CISCOROUTER
!
logging queue-limit 100
logging buffered 4096 informational
enable secret 5 $**************************.
!
username CRWS_Sangeetha privilege 15 password 7 ****************************
4055415A56030C000A
username CRWS_Giri privilege 15 password 7 *********************************
username CISCOROUTER password 7 09435B1D1D0A1800
ip subnet-zero
ip name-server <IP ADDRESS>
ip name-server <IP ADDRESS>
ip dhcp excluded-address <LAN IP GATEWAY>
!
ip dhcp pool CLIENT
import all
network <LAN Network> 255.255.255.0
default-router <LAN gateway>
dns-server <ISP DNS>
lease 0 2
!
ip dhcp pool XXXXXXXX
origin ipcp
!
ip ftp username ***********
ip ftp password 7 0*****************
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
!
!
!
!
!
!
interface Ethernet0
ip address <LAN IP GATEWAY> <SUBNET>
ip nat inside
no cdp enable
hold-queue 32 in
hold-queue 100 out
!
interface Ethernet1
ip address <WAN IP ADDRESS> <SUBNET>
ip access-group 111 in
ip nat outside
ip inspect myfw out
no cdp enable
!
ip nat inside source list 102 interface Ethernet1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 <WAN GATEWAY>
ip http server
ip http secure-server
!
!
access-list 23 permit <LAN NETWORK> 0.0.0.255
access-list 102 permit ip <LAN NETWORK> 0.0.0.255 any
access-list 111 permit icmp any any administratively-prohibited
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit icmp any any unreachable
access-list 111 permit udp any eq bootps any eq bootpc
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit tcp <REMOTE IP/NETWORK><WILDCARD/SUBNET> ANY
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
access-list 111 deny ip any any log
!
line con 0
exec-timeout 120 0
stopbits 1
line vty 0 4
access-class 23 in
exec-timeout 120 0
login local
length 0
!
scheduler max-task-time 5000
end

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Cisco Data Center

by Mark W. Kaelin Editor In reply to cisco 806 router config

This Solutions Reference Network Design (SRND) guide, sponsored by Cisco, discusses the benefits, technologies, and platforms related to designing distributed data centers. More importantly, this SRND discusses disaster recovery and business continuance, which are two key problems addressed by deploying a DDC.

http://itpapers.techrepublic.com/abstract.aspx?scid=1005&docid=94810

Collapse -

by CG IT In reply to cisco 806 router config

disable your access list 111 on ethernet 1 interface and see if the problem goes away. if it does then yep its the access list. [basic Cisco troubleshooting.

thats all i can recommend at the moment until its verified that its NOT something in the access list thats causing the problem.

Back to IT Employment Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums