cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1000
Views
0
Helpful
4
Replies

Can Access Webserver from Internet through Cisco router

orahman99
Level 1
Level 1

Everything works fine internally, but I have a website on the 10.0.0.52  server with the external IP of 216.140.140.4. When I tried to access It  from the internet It doesn't work. Please does anyone have any ideas on  what might be the issue here? Though If I use the IP 216.140.140.4 i can  access the website, even though I suspected it is a DNS issue, so I  opened the Dns ports 53 for  the 10.0.0.1 server still didnt work. It is  an issue with the router because as soon as i replace with the  proprietory firewall it works fine.

I also want to point out that  below is the configuration from my outside zone to the inside zone which  i configured to allow only ports that i want accessed from outside  since the website uses the http port which is opened and the dns server  10.0.0.1 needs port 53 i opened it also but did not make any difference,  , but I used CCP to configure my inside to outside zone which is  supposed to allow all traffic from inside to outside.

Please would appreciate your advice.

ip name server 10.0.0.1

Zone security out-zone

zone security in-zone

zone security teleworker

interface gi0/1

Zone-member security out-zone

interface gi0/0

zone-member security in-zone

interface gi0/2

zone-member security teleworker

exit

ip port-map user-RDP port tcp 3389

zone-pair security OUT-IN source out-zone destination in-zone

zone-pair security OUT-TELEWORKER source out-zone destination teleworker

zone-pair security TELEWORKER-OUT source teleworker destination out-zone

ip access-list extended OUTSIDE-TO-INSIDE-WEB

permit tcp any host 10.0.0.23 eq 80

permit tcp any host 10.0.0.59 eq 80

permit tcp any host 10.0.0.61 eq 80

permit tcp any host 10.0.0.228 eq 80

permit tcp any host 10.0.0.16 eq 80

permit tcp any host 10.0.0.30 eq 80

class-map type inspect match-all OUTSIDE-TO-INSIDE-WEB-CLASS

match protocol http

match access-group name OUTSIDE-TO-INSIDE-WEB

ip access-list extended OUTSIDE-TO-INSIDE-FTP

permit tcp any host 10.0.0.52 eq 20:21

permit tcp any host 10.0.0.23 eq 20:21

permit tcp any host 10.0.0.59 eq 20:21

permit tcp any host 10.0.0.61 eq 20:21

permit tcp any host 10.0.0.228 eq 20:21

class-map type inspect match-all OUTSIDE-TO-INSIDE-FTP-CLASS

match protocol ftp

match access-group name OUTSIDE-TO-INSIDE-FTP

ip access-list extended OUTSIDE-TO-INSIDE-SMTP

permit tcp any host 10.0.0.52 eq 25

permit tcp any host 10.0.0.23 eq 25

permit tcp any host 10.0.0.59 eq 25

permit tcp any host 10.0.0.61 eq 25

permit tcp any host 10.0.0.228 eq 25

class-map type inspect match-all OUTSIDE-TO-INSIDE-SMTP-CLASS

match protocol smtp

match access-group name OUTSIDE-TO-INSIDE-SMTP

ip access-list extended OUTSIDE-TO-INSIDE-DNS

permit tcp any host 10.0.0.23 eq 53

permit udp any host 10.0.0.23 eq 53

permit tcp any host 10.0.0.59 eq 53

permit udp any host 10.0.0.59 eq 53

permit tcp any host 10.0.0.61 eq 53

permit udp any host 10.0.0.61 eq 53

permit tcp any host 10.0.0.228 eq 53

permit udp any host 10.0.0.228 eq 53

permit tcp any host 10.0.0.1 eq 53

permit udp any host 10.0.0.1 eq 53

class-map type inspect match-all OUTSIDE-TO-INSIDE-DNS-CLASS

match protocol dns

match access-group name OUTSIDE-TO-INSIDE-DNS

ip access-list extended OUTSIDE-TO-INSIDE-POP

permit tcp any host 10.0.0.52 eq 110

permit tcp any host 10.0.0.23 eq 110

permit tcp any host 10.0.0.59 eq 110

permit tcp any host 10.0.0.61 eq 110

permit tcp any host 10.0.0.228 eq 110

class-map type inspect match-all OUTSIDE-TO-INSIDE-POP-CLASS

match protocol pop

match access-group name OUTSIDE-TO-INSIDE-POP

ip access-list extended OUTSIDE-TO-INSIDE-IMAP

permit tcp any host 10.0.0.52 eq 143

permit tcp any host 10.0.0.23 eq 143

permit tcp any host 10.0.0.59 eq 143

permit tcp any host 10.0.0.61 eq 143

permit tcp any host 10.0.0.228 eq 143

class-map type inspect match-all OUTSIDE-TO-INSIDE-IMAP-CLASS

match protocol imap

match access-group name OUTSIDE-TO-INSIDE-IMAP

ip access-list extended OUTSIDE-TO-INSIDE-HTTPS

permit tcp any host 10.0.0.52 eq 443

permit tcp any host 10.0.0.23 eq 443

permit tcp any host 10.0.0.59 eq 443

permit tcp any host 10.0.0.61 eq 443

permit tcp any host 10.0.0.228 eq 443

class-map type inspect match-all OUTSIDE-TO-INSIDE-HTTPS-CLASS

match protocol https

match access-group name OUTSIDE-TO-INSIDE-HTTPS

ip access-list extended OUTSIDE-TO-INSIDE-RDP

permit tcp any host 10.0.0.52 eq 3389

permit tcp any host 10.0.0.23 eq 3389

permit tcp any host 10.0.0.59 eq 3389

permit tcp any host 10.0.0.61 eq 3389

permit tcp any host 10.0.0.228 eq 3389

permit tcp any host 10.0.0.58 eq 3389

permit tcp any host 10.0.0.33 eq 3389

permit tcp any host 10.0.0.25 eq 3389

permit tcp any host 10.0.0.44 eq 3389

permit tcp any host 10.0.0.251 eq 3389

permit tcp any host 10.0.0.21 eq 3389

permit tcp any host 10.0.0.22 eq 3389

ermit tcp any host 10.0.0.24 eq 3389

permit tcp any host 10.0.0.30 eq 3389

permit tcp any host 10.0.0.230 eq 3389

class-map type inspect match-all OUTSIDE-TO-INSIDE-RDP-CLASS

match protocol user-RDP

match access-group name OUTSIDE-TO-INSIDE-RDP

ip access-list extended TELEWORKER-TO-OUTSIDE

permit ip 10.0.3.254 any

class-map type inspect match-all TELEWORKER-TO-OUTSIDE-CLASS

match access-group name TELEWORKER-TO-OUTSIDE

ip access-list extended OUTSIDE-TO-TELEWORKER

permit ip any host 10.0.3.254

class-map type inspect match-all OUTSIDE-TO-TELEWORKER-CLASS

match access-group name OUTSIDE-TO-TELEWORKER

policy-map type inspect OUTSIDE-TO-INSIDE-POLICY

class type inspect OUTSIDE-TO-INSIDE-WEB-CLASS

inspect

class type inspect OUTSIDE-TO-INSIDE-FTP-CLASS

inspect

class type inspect OUTSIDE-TO-INSIDE-SMTP-CLASS

inspect

class type inspect OUTSIDE-TO-INSIDE-DNS-CLASS

inspect

class type inspect OUTSIDE-TO-INSIDE-POP-CLASS

inspect

class type inspect OUTSIDE-TO-INSIDE-IMAP-CLASS

inspect

class type inspect OUTSIDE-TO-INSIDE-HTTPS-CLASS

inspect

class type inspect OUTSIDE-TO-INSIDE-RDP-CLASS

inspect

policy-map type inspect TELEWORKER-TO-OUTSIDE-POLICY

class type inspect TELEWORKER-TO-OUTSIDE-CLASS

inspect

policy-map type inspect OUTSIDE-TO-TELEWORKER-POLICY

class type inspect OUTSIDE-TO-TELEWORKER-CLASS

inspect

zone-pair security OUT-IN source out-zone destination in-zone

service-policy type inspect OUTSIDE-TO-INSIDE-POLICY

zone-pair security OUT-TELEWORKER source out-zone destination teleworker

service-policy type inspect OUTSIDE-TO-TELEWORKER-POLICY

zone-pair security TELEWORKER-OUT source teleworker destination out-zone

service-policy type inspect TELEWORKER-TO-OUTSIDE-POLICY

4 Replies 4

nefkensp
Level 5
Level 5

Just out of interest, have you enabled and checked your nat configuration that a static nat translation exists for your server?



Sent from Cisco Technical Support iPhone App