Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3054
Views
0
Helpful
3
Replies

How to Open port 80

engr.moaz
Level 1
Level 1

‎10-29-2013 05:26 AM - edited ‎02-21-2020 05:01 AM

I have configured Basic firewall on my cisco 2911, I want to open port 80 for a packaging machine IP (192.168.0.28 255.255.252.0) which uses tcp port 80 to connect with live ip of its server in case of any technical problem, so that support technicians can access this machine. Actually it dials a VPN by using proprietry software buit in the machine. they provided me same software from which it can check if this software connects or not.

below is the snapshot of software.

snapshot.PNG

0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎10-29-2013 08:47 AM

I suspect it not that port 80 isn't open but rather the request it uses to check tcp/80 is not actually http-encoded and your firewall is inspecting tcp/80 traffic to ensure it's legitimate http and not something else masquerading as web traffic.

If you used CCP, you probably have something like the following lines in your configuration:

class-map type inspect match-all ccp-protocol-http

match protocol http

policy-map type inspect ccp-inspect

class type inspect ccp-protocol-http

  inspect

If you tell the policy-map to "pass" vs. "inspect" http that will probably fix it.

0 Helpful

engr.moaz
Level 1
Level 1
In response to Marvin Rhoads

‎10-29-2013 11:13 PM

Thankyou for your reply

yes I used CCP for it and I found the same lines in my configuration, could you please define how to tell policy-map to allow/pass http from command line? I did not find allow or pass type in class-map, policy-map....kindly help

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to engr.moaz

‎10-30-2013 06:36 AM

The command has to be done from within the right context in the modular QOS CLI framework. First go into the policy-map and then to the class so that your command prompt shows you are in Policy-map class configuration mode ("config-pmap-c"):

#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

(config)#policy-map type inspect ccp-inspect

(config-pmap)#class type inspect ccp-protocol-http

(config-pmap-c)#?

Policy-map class configuration commands:

  drop            Drop the packet

  exit            Exit from QoS class action configuration mode

  inspect         Context-based Access Control Engine

  no              Negate or set default values of a command

  pass            Pass the packet

  police          Police

  service-policy  Deep Packet Inspection Engine

CCHS_ADMIN_R_1(config-pmap-c)#

At that point you can negate the "inspect" action and add a "pass" action.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card