Help! Issue with VNC & OWA behind a Cisco Router - TechRepublic
Question
October 18, 2010 at 08:57 AM
erickcline

Help! Issue with VNC & OWA behind a Cisco Router

by erickcline . Updated 15 years, 8 months ago

Any help would be greatly appreciated!

I just recently configured a Cisco 831 router for our office. Everything works great except we cannot access Outlook Web Access internally and I cannot VNC to any PC on the LAN unless I use the private IP. When I use the public IP it will not work. But VNC and OWA works great from an external network. We had no problem with this setup using a Linksys router.

Thank you all very much for you time! Here is the config:

Current configuration : 15197 bytes
1 : !
2 : ! Last configuration change at 21:45:52 EDT Sun Oct 17 2010 by Erick
3 : ! NVRAM config last updated at 23:34:45 EDT Sat Oct 16 2010 by Erick
4 : !
5 : version 12.3
6 : no service pad
7 : service timestamps debug uptime
8 : service timestamps log uptime
9 : service password-encryption
10 : !
11 : hostname CompanyName-Office
12 : !
13 : logging buffered 4096 debugging
14 : no logging console
15 : enable secret 5 $1$qnhI$OtIG2JAxClmibdhCCyiay1
16 : !
17 : username Erick privilege 15 secret 5 $1$nsDk$lqCYacgqD2VoeyZ2tIZ.o.
18 : username Phil privilege 15 secret 5 $1$UqFI$xo389e.MavZhWmf92H0vy1
19 : username CompanyName password 7 00280A05540A5B
20 : clock timezone EST -5
21 : clock summer-time EDT recurring
22 : no aaa new-model
23 : ip subnet-zero
24 : no ip source-route
25 : ip domain name office.CompanyNameonline.com
26 : ip name-server xxx.xxx.xxx.xxx
27 : ip name-server xxx.xxx.xxx.xxx
28 : ip dhcp excluded-address 192.168.1.1
29 : ip dhcp excluded-address 192.168.1.2
30 : ip dhcp excluded-address 192.168.1.3
31 : ip dhcp excluded-address 192.168.1.4
32 : ip dhcp excluded-address 192.168.1.5
33 : ip dhcp excluded-address 192.168.1.159
34 : ip dhcp excluded-address 192.168.1.160
35 : ip dhcp excluded-address 192.168.1.161
36 : ip dhcp excluded-address 192.168.1.162
37 : ip dhcp excluded-address 192.168.1.163
38 : ip dhcp excluded-address 192.168.1.164
39 : ip dhcp excluded-address 192.168.1.165
40 : ip dhcp excluded-address 192.168.1.166
41 : ip dhcp excluded-address 192.168.1.167
42 : ip dhcp excluded-address 192.168.1.168
43 : ip dhcp excluded-address 192.168.1.169
44 : !
45 : ip dhcp pool CompanyName-CLIENTS
46 : import all
47 : default-router 192.168.1.1
48 : dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
49 : netbios-name-server 192.168.1.100
50 : lease 7
51 : !
52 : ip dhcp pool CompanyName-SERVER-OFFICE
53 : import all
54 : host 192.168.1.100 255.255.255.0
55 : client-identifier 0100.1676.ad34.05
56 : client-name CompanyName-SERVER-OFFICE
57 : default-router 192.168.1.1
58 : dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
59 : netbios-name-server 192.168.1.100
60 : lease infinite
61 : !
62 : ip dhcp pool CompanyName-PHONE-1001
63 : import all
64 : host 192.168.1.101 255.255.255.0
65 : hardware-address 0004.f21d.1f4c
66 : client-name CompanyName-PHONE-1001
67 : default-router 192.168.1.1
68 : dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
69 : netbios-name-server 192.168.1.100
70 : lease infinite
71 : !
72 : ip dhcp pool CompanyName-PHONE-1002
73 : import all
74 : host 192.168.1.102 255.255.255.0
75 : hardware-address 0004.f21d.7453
76 : client-name CompanyName-PHONE-1002
77 : default-router 192.168.1.1
78 : dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
79 : netbios-name-server 192.168.1.100
80 : lease infinite
81 : !
82 : ip dhcp pool CompanyName-PHONE-1003
83 : import all
84 : host 192.168.1.103 255.255.255.0
85 : hardware-address 0004.f21d.2016
86 : client-name CompanyName-PHONE-1003
87 : default-router 192.168.1.1
88 : dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
89 : netbios-name-server 192.168.1.100
90 : lease infinite
91 : !
92 : ip dhcp pool CompanyName-PHONE-1004
93 : import all
94 : host 192.168.1.104 255.255.255.0
95 : hardware-address 0004.f21d.1cf6
96 : client-name CompanyName-PHONE-1004
97 : default-router 192.168.1.1
98 : dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
99 : netbios-name-server 192.168.1.100
100 : lease infinite
101 : !
102 : ip dhcp pool CompanyName-PHONE-1005
103 : import all
104 : host 192.168.1.105 255.255.255.0
105 : hardware-address 0004.f21d.20ca
106 : client-name CompanyName-PHONE-1005
107 : default-router 192.168.1.1
108 : dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
109 : netbios-name-server 192.168.1.100
110 : lease infinite
111 : !
112 : ip dhcp pool CompanyName-PHONE-1006
113 : import all
114 : host 192.168.1.106 255.255.255.0
115 : hardware-address 0004.f21d.1f8a
116 : client-name CompanyName-PHONE-1006
117 : default-router 192.168.1.1
118 : dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
119 : netbios-name-server 192.168.1.100
120 : lease infinite
121 : !
122 : ip dhcp pool CompanyName-PHONE-1007
123 : import all
124 : host 192.168.1.107 255.255.255.0
125 : hardware-address 0004.f21d.1e8e
126 : client-name CompanyName-PHONE-1007
127 : default-router 192.168.1.1
128 : dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
129 : netbios-name-server 192.168.1.100
130 : lease infinite
131 : !
132 : ip dhcp pool CompanyName-PHONE-1008
133 : import all
134 : host 192.168.1.108 255.255.255.0
135 : hardware-address 0004.f224.9f67
136 : client-name CompanyName-PHONE-1008
137 : default-router 192.168.1.1
138 : dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
139 : netbios-name-server 192.168.1.100
140 : lease infinite
141 : !
142 : ip dhcp pool CompanyName-PHONE-1009
143 : import all
144 : host 192.168.1.109 255.255.255.0
145 : hardware-address 0004.f21d.7726
146 : client-name CompanyName-PHONE-1009
147 : default-router 192.168.1.1
148 : dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
149 : netbios-name-server 192.168.1.100
150 : lease infinite
151 : !
152 : ip dhcp pool CompanyName-CONNIE
153 : import all
154 : host 192.168.1.150 255.255.255.0
155 : client-identifier 0100.188b.7a37.98
156 : client-name CompanyName-CONNIE
157 : default-router 192.168.1.1
158 : dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
159 : netbios-name-server 192.168.1.100
160 : lease infinite
161 : !
162 : ip dhcp pool CompanyName-KEN
163 : import all
164 : host 192.168.1.151 255.255.255.0
165 : client-identifier 0100.188b.7a0d.2d
166 : client-name CompanyName-KEN
167 : default-router 192.168.1.1
168 : dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
169 : netbios-name-server 192.168.1.100
170 : lease infinite
171 : !
172 : ip dhcp pool CompanyName-JESS
173 : import all
174 : host 192.168.1.152 255.255.255.0
175 : client-identifier 0000.0000.0001
176 : client-name CompanyName-JESS
177 : default-router 192.168.1.1
178 : dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
179 : netbios-name-server 192.168.1.100
180 : lease infinite
181 : !
182 : ip dhcp pool CompanyName-CONNIE2
183 : import all
184 : host 192.168.1.153 255.255.255.0
185 : client-identifier 0100.1676.def5.b1
186 : client-name CompanyName-CONNIE2
187 : default-router 192.168.1.1
188 : dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
189 : netbios-name-server 192.168.1.100
190 : lease infinite
191 : !
192 : ip dhcp pool CompanyName-STEVE
193 : import all
194 : host 192.168.1.154 255.255.255.0
195 : client-identifier 0100.19b9.600d.dc
196 : client-name CompanyName-STEVE
197 : default-router 192.168.1.1
198 : dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
199 : netbios-name-server 192.168.1.100
200 : lease infinite
201 : !
202 : ip dhcp pool CompanyName-ANDY
203 : import all
204 : host 192.168.1.155 255.255.255.0
205 : client-identifier 0100.1676.ad34.05
206 : client-name CompanyName-ANDY
207 : default-router 192.168.1.1
208 : dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
209 : netbios-name-server 192.168.1.100
210 : lease infinite
211 : !
212 : ip dhcp pool CompanyName-ERICK
213 : import all
214 : host 192.168.1.156 255.255.255.0
215 : client-identifier 0100.2564.924a.38
216 : client-name CompanyName-ERICK
217 : default-router 192.168.1.1
218 : dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
219 : netbios-name-server 192.168.1.100
220 : lease infinite
221 : !
222 : ip dhcp pool CompanyName-DONNA
223 : import all
224 : host 192.168.1.157 255.255.255.0
225 : client-identifier 0100.1ec9.2a5d.3b
226 : client-name CompanyName-DONNA
227 : default-router 192.168.1.1
228 : dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
229 : netbios-name-server 192.168.1.100
230 : lease infinite
231 : !
232 : ip dhcp pool CompanyName-JASON
233 : import all
234 : host 192.168.1.158 255.255.255.0
235 : client-identifier 0100.40ca.951c.73
236 : client-name CompanyName-JASON
237 : default-router 192.168.1.1
238 : dns-server xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
239 : netbios-name-server 192.168.1.100
240 : lease infinite
241 : !
242 : no ip bootp server
243 : ip inspect name Blocked-Websites http urlfilter audit-trail off
244 : ip urlfilter allow-mode on
245 : ip urlfilter exclusive-domain deny www.youtube.com
246 : ip urlfilter exclusive-domain deny www.mlb.com
247 : ip urlfilter exclusive-domain deny www.facebook.com
248 : ip urlfilter exclusive-domain deny www.zynga.com
249 : ip urlfilter exclusive-domain deny www.hulu.com
250 : ip urlfilter exclusive-domain deny www.friendster.com
251 : ip urlfilter exclusive-domain deny espn.go.com
252 : ip urlfilter exclusive-domain deny www.wordpress.com
253 : ip urlfilter exclusive-domain deny www.myspace.com
254 : ip urlfilter exclusive-domain deny www.blogspot.com
255 : ip urlfilter exclusive-domain deny www.typepad.com
256 : ip urlfilter exclusive-domain deny www.nfl.com
257 : ip urlfilter exclusive-domain deny www.twitpic.com
258 : ip urlfilter exclusive-domain deny www.flickr.com
259 : ip urlfilter exclusive-domain deny www.espn.com
260 : ip urlfilter exclusive-domain deny www.megavideo.com
261 : ip urlfilter exclusive-domain deny www.imdb.com
262 : ip urlfilter exclusive-domain deny www.blogger.com
263 : ip urlfilter exclusive-domain deny www.cbssports.com
264 : ip urlfilter exclusive-domain deny www.photobucket.com
265 : ip urlfilter exclusive-domain deny www.match.com
266 : ip urlfilter exclusive-domain deny www.mywebsearch.com
267 : ip urlfilter exclusive-domain deny www.nba.com
268 : ip urlfilter exclusive-domain deny www.twitter.com
269 : ip audit notify log
270 : ip audit po max-events 100
271 : ip ssh break-string
272 : no ftp-server write-enable
273 : !
274 : !
275 : !
276 : !
277 : !
278 : class-map match-any VoIP
279 : match access-group name VoIP
280 : class-map match-any Web-Email
281 : match access-group name Web-Email
282 : !
283 : !
284 : policy-map QoS-VoIP
285 : class VoIP
286 : priority percent 75
287 : class Web-Email
288 : bandwidth remaining percent 25
289 : class class-default
290 : fair-queue
291 : !
292 : !
293 : !
294 : interface Ethernet0
295 : description LAN
296 : ip address 192.168.1.1 255.255.255.0
297 : ip access-group LAN->Router in
298 : ip access-group Router->LAN out
299 : no ip proxy-arp
300 : ip nat inside
301 : fair-queue
302 : no cdp enable
303 : hold-queue 100 out
304 : !
305 : interface Ethernet1
306 : description WAN
307 : bandwidth 6144
308 : ip address dhcp client-id Ethernet1
309 : ip access-group WAN->Router in
310 : ip access-group Router->WAN out
311 : no ip proxy-arp
312 : ip nat outside
313 : ip inspect Blocked-Websites out
314 : service-policy output QoS-VoIP
315 : no cdp enable
316 : !
317 : no ip nat service sip tcp port 5060
318 : no ip nat service sip udp port 5060
319 : ip nat inside source list 100 interface Ethernet1 overload
320 : ip nat inside source static tcp 192.168.1.158 5958 interface Ethernet1 5958
321 : ip nat inside source static tcp 192.168.1.157 5957 interface Ethernet1 5957
322 : ip nat inside source static tcp 192.168.1.156 5956 interface Ethernet1 5956
323 : ip nat inside source static udp 192.168.1.156 3356 interface Ethernet1 3356
324 : ip nat inside source static tcp 192.168.1.156 3356 interface Ethernet1 3356
325 : ip nat inside source static tcp 192.168.1.155 5955 interface Ethernet1 5955
326 : ip nat inside source static tcp 192.168.1.154 5954 interface Ethernet1 5954
327 : ip nat inside source static tcp 192.168.1.153 5953 interface Ethernet1 5953
328 : ip nat inside source static tcp 192.168.1.152 5952 interface Ethernet1 5952
329 : ip nat inside source static tcp 192.168.1.151 5951 interface Ethernet1 5951
330 : ip nat inside source static tcp 192.168.1.150 5950 interface Ethernet1 5950
331 : ip nat inside source static tcp 192.168.1.100 5901 interface Ethernet1 5901
332 : ip nat inside source static udp 192.168.1.100 3389 interface Ethernet1 3389
333 : ip nat inside source static tcp 192.168.1.100 3389 interface Ethernet1 3389
334 : ip nat inside source static udp 192.168.1.100 2883 interface Ethernet1 2883
335 : ip nat inside source static tcp 192.168.1.100 2883 interface Ethernet1 2883
336 : ip nat inside source static udp 192.168.1.100 1723 interface Ethernet1 1723
337 : ip nat inside source static tcp 192.168.1.100 1723 interface Ethernet1 1723
338 : ip nat inside source static udp 192.168.1.100 993 interface Ethernet1 993
339 : ip nat inside source static tcp 192.168.1.100 993 interface Ethernet1 993
340 : ip nat inside source static tcp 192.168.1.100 443 interface Ethernet1 443
341 : ip nat inside source static udp 192.168.1.100 143 interface Ethernet1 143
342 : ip nat inside source static tcp 192.168.1.100 143 interface Ethernet1 143
343 : ip nat inside source static udp 192.168.1.100 135 interface Ethernet1 135
344 : ip nat inside source static tcp 192.168.1.100 135 interface Ethernet1 135
345 : ip nat inside source static udp 192.168.1.100 53 interface Ethernet1 53
346 : ip nat inside source static tcp 192.168.1.100 80 interface Ethernet1 80
347 : ip classless
348 : ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
349 : no ip http server
350 : no ip http secure-server
351 : !
352 : !
353 : ip access-list extended LAN->Router
354 : permit ip any any
355 : ip access-list extended Router->LAN
356 : permit ip any any
357 : ip access-list extended Router->WAN
358 : permit ip any any
359 : ip access-list extended VoIP
360 : permit tcp any any eq 5060
361 : permit udp any any eq 5060
362 : ip access-list extended WAN->Router
363 : permit tcp any any established
364 : permit udp host 0.0.0.0 host 255.255.255.255
365 : permit udp host 10.1.1.1 host 255.255.255.255
366 : permit udp host xxx.xxx.xxx.xxx any
367 : permit udp host xxx.xxx.xxx.xxx any
368 : permit tcp host 209.209.155.1 any
369 : permit udp host 209.209.140.57 any
370 : permit udp host 209.209.140.58 any
371 : permit udp host 209.209.180.64 any
372 : permit tcp host 209.209.181.11 any
373 : permit icmp host 209.209.181.11 any
374 : permit tcp any any eq www
375 : permit icmp any host xxx.xxx.xxx.xxx
376 : permit udp host 129.6.15.28 any
377 : permit udp any host xxx.xxx.xxx.xxx eq domain
378 : permit tcp any host xxx.xxx.xxx.xxx eq telnet
379 : permit tcp any host xxx.xxx.xxx.xxx eq 135
380 : permit udp any host xxx.xxx.xxx.xxx eq 135
381 : permit tcp any host xxx.xxx.xxx.xxx eq 143
382 : permit udp any host xxx.xxx.xxx.xxx eq 143
383 : permit tcp any host xxx.xxx.xxx.xxx eq 443
384 : permit udp any host xxx.xxx.xxx.xxx eq 443
385 : permit tcp any host xxx.xxx.xxx.xxx eq 993
386 : permit udp any host xxx.xxx.xxx.xxx eq 993
387 : permit tcp any host xxx.xxx.xxx.xxx eq 1723
388 : permit udp any host xxx.xxx.xxx.xxx eq 1723
389 : permit tcp any host xxx.xxx.xxx.xxx eq 2208
390 : permit udp any host xxx.xxx.xxx.xxx eq 2208
391 : permit tcp any host xxx.xxx.xxx.xxx eq 2883
392 : permit udp any host xxx.xxx.xxx.xxx eq 2883
393 : permit tcp any host xxx.xxx.xxx.xxx range 3350 3358
394 : permit tcp any host xxx.xxx.xxx.xxx eq 3389
395 : permit tcp any host xxx.xxx.xxx.xxx range 5950 5958
396 : deny ip any any log
397 : ip access-list extended Web-Email
398 : permit tcp any any eq www
399 : permit tcp any any eq 443
400 : permit tcp any any eq ftp
401 : permit tcp any any eq smtp
402 : permit tcp any any eq pop3
403 : permit udp any any eq domain
404 : permit tcp any any eq 135
405 : permit udp any any eq 135
406 : permit tcp any any eq 143
407 : permit udp any any eq 143
408 : permit tcp any any eq 993
409 : permit udp any any eq 993
410 : permit tcp any any eq 1723
411 : permit udp any any eq 1723
412 : permit tcp any any eq 2883
413 : permit udp any any eq 2883
414 : access-list 100 permit ip 192.168.1.0 0.0.0.255 any
415 : no cdp run
416 : banner login ^C
417 : ***************************************************************************
418 : * CompanyName COMMUNICATIONS, INC. — LEGAL NOTICE — YOU MUST READ *
419 : ***************************************************************************
420 : * *
421 : * You must have explicit permission to access or configure this *
422 : * device. All activities performed on this device are logged and *
423 : * violations of this policy may result in criminal prosecution. *
424 : * *
425 : ***************************************************************************
426 : * *
427 : * This system is for the use of authorized users only. Individuals using *
428 : * this computer system without authority, or in excess of their authority,*
429 : * are subject to having all of their activities on this system monitored *
430 : * and recorded by system personnel. *
431 : * *
432 : * *
433 : * Anyone using this system expressly consents to such monitoring and is *
434 : * advised that if such monitoring reveals possible evidence of criminal *
435 : * activity, system personnel may provide the evidence of such monitoring *
436 : * to law enforcement officials. *
437 : * *
438 : ***************************************************************************
439 : * UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED *
440 : ***************************************************************************^C
441 : !
442 : line con 0
443 : exec-timeout 60 0
444 : password 7 13290E115B5D54
445 : login local
446 : no modem enable
447 : transport preferred all
448 : transport output all
449 : stopbits 1
450 : line aux 0
451 : password 7 022A1D585B575F
452 : transport preferred all
453 : transport output all
454 : line vty 0 4
455 : exec-timeout 60 0
456 : password 7 047712055F701C
457 : login local
458 : length 0
459 : transport preferred all
460 : transport input all
461 : transport output all
462 : !
463 : scheduler max-task-time 5000
464 : ntp clock-period 17180125
465 : ntp server 129.6.15.28
466 : !
467 : end

This discussion is locked

All Comments