General discussion

  • Creator
    Topic
  • #2278899

    cisco 806 router config

    Locked

    by thinknologist ·

    Hi there,

    KINDLY REFER TO CONFIG BELOW.

    I have a problem with my cisco 806 config, I am seeking for your advise for the two following issues:

    1. My internet connection is fine with in 30mins to one hour but after that users were not able to browse the net. Was it because of this script:

    ip inspect name myfw tcp timeout 3600

    2. I wanted it to be remotely configured through telnet, I added access-list:

    access-list permit tcp any host eq telnet

    but still not successful and when i watched the logs I found that remote IP penetrating port 23 is blocked but I have not blocked any.

    Any advise would be a big help.

    A BIG THANKS,

    ==========================================
    Building configuration…

    Current configuration : 2773 bytes
    !
    version 12.2
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    service password-encryption
    !
    hostname CISCOROUTER
    !
    logging queue-limit 100
    logging buffered 4096 informational
    enable secret 5 $**************************.
    !
    username CRWS_Sangeetha privilege 15 password 7 ****************************
    4055415A56030C000A
    username CRWS_Giri privilege 15 password 7 *********************************
    username CISCOROUTER password 7 09435B1D1D0A1800
    ip subnet-zero
    ip name-server
    ip name-server

    ip dhcp excluded-address
    !
    ip dhcp pool CLIENT
    import all
    network
    255.255.255.0
    default-router

    dns-server
    lease 0 2
    !
    ip dhcp pool XXXXXXXX
    origin ipcp
    !
    ip ftp username ***********
    ip ftp password 7 0*****************
    ip inspect name myfw cuseeme timeout 3600
    ip inspect name myfw ftp timeout 3600
    ip inspect name myfw rcmd timeout 3600
    ip inspect name myfw realaudio timeout 3600
    ip inspect name myfw smtp timeout 3600
    ip inspect name myfw tftp timeout 30
    ip inspect name myfw udp timeout 15
    ip inspect name myfw tcp timeout 3600
    ip inspect name myfw h323 timeout 3600
    !
    !
    !
    !
    !
    !
    interface Ethernet0
    ip address
    ip nat inside
    no cdp enable
    hold-queue 32 in
    hold-queue 100 out
    !
    interface Ethernet1
    ip address
    ip access-group 111 in
    ip nat outside
    ip inspect myfw out
    no cdp enable
    !
    ip nat inside source list 102 interface Ethernet1 overload
    ip classless
    ip route 0.0.0.0 0.0.0.0
    ip http server
    ip http secure-server
    !
    !
    access-list 23 permit 0.0.0.255
    access-list 102 permit ip
    0.0.0.255 any
    access-list 111 permit icmp any any administratively-prohibited
    access-list 111 permit icmp any any echo
    access-list 111 permit icmp any any echo-reply
    access-list 111 permit icmp any any packet-too-big
    access-list 111 permit icmp any any time-exceeded
    access-list 111 permit icmp any any traceroute
    access-list 111 permit icmp any any unreachable
    access-list 111 permit udp any eq bootps any eq bootpc
    access-list 111 permit udp any eq bootps any eq bootps
    access-list 111 permit udp any eq domain any
    access-list 111 permit esp any any
    access-list 111 permit udp any any eq isakmp
    access-list 111 permit udp any any eq 10000
    access-list 111 permit tcp any any eq 1723
    access-list 111 permit tcp any any eq 139
    access-list 111 permit tcp ANY
    access-list 111 permit udp any any eq netbios-ns
    access-list 111 permit udp any any eq netbios-dgm
    access-list 111 permit gre any any
    access-list 111 deny ip any any log
    !
    line con 0
    exec-timeout 120 0
    stopbits 1
    line vty 0 4
    access-class 23 in
    exec-timeout 120 0
    login local
    length 0
    !
    scheduler max-task-time 5000
    end

All Comments

  • Author
    Replies
    • #2712571

      Cisco Data Center

      by Mark W. Kaelin ·

      In reply to cisco 806 router config

      This Solutions Reference Network Design (SRND) guide, sponsored by Cisco, discusses the benefits, technologies, and platforms related to designing distributed data centers. More importantly, this SRND discusses disaster recovery and business continuance, which are two key problems addressed by deploying a DDC.

      http://itpapers.techrepublic.com/abstract.aspx?scid=1005&docid=94810

    • #2712482

      Reply To: cisco 806 router config

      by cg it ·

      In reply to cisco 806 router config

      disable your access list 111 on ethernet 1 interface and see if the problem goes away. if it does then yep its the access list. [basic Cisco troubleshooting.

      thats all i can recommend at the moment until its verified that its NOT something in the access list thats causing the problem.

Viewing 1 reply thread