12-28-2017 03:42 AM - edited 03-05-2019 09:41 AM
Hello!
Please Help!
I have a webemail server connected on a cisco881. Nat is working and everybody from the outside network can get to my webemail.
When I am seatig localy, with my private ip, and type my server on Browser, it doesn't get me anywhere!!!
When I type its private ip 10.79.55.100 it gets me to the homepage, but when I click to log in to email, it gets me nowhere.
It is working with a small router a Draytek perfectly fine, but with cisco I can't get access to my local webemail server.
Below the configs
Building configuration...
Current configuration : 7593 bytes
!
! Last configuration change at 10:29:27 UTC Thu Dec 28 2017 by mnemonic
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ****
!
boot-start-marker
boot-end-marker
!
!
no logging buffered
enable password ****
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authentication login ciscocp_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
aaa authorization network ciscocp_vpn_group_ml_2 local
!
!
!
!
!
aaa session-id common
!
memory-size iomem 10
service-module wlan-ap 0 bootimage autonomous
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3702956536
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3702956536
revocation-check none
!
!
quit
no ip source-route
!
!
!
ip dhcp excluded-address 10.79.55.1 10.79.55.9
ip dhcp excluded-address 10.79.55.101 10.79.55.254
ip dhcp excluded-address 10.79.55.15 10.79.55.20
!
ip dhcp pool ccp-pool1
network 10.79.55.0 255.255.255.0
dns-server 62.169.194.47 8.8.8.8
default-router 10.79.55.1
!
!
ip cef
ip domain list **
ip domain list ***
ip domain list ***
ip domain name ***
ip name-server 8.8.8.8
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO881GW-GN-A-K9 sn FTX161880ZN
license boot module c880-data level advipservices
!
!
username ****privilege 15 password 0 ***
username ****privilege 15 password 0 ****
!
!
!
!
controller Cellular 0
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp key toimoi address *****
!
crypto isakmp client configuration group EXTERNALS
key mnemonic
dns 8.8.8.8
pool SDM_POOL_1
acl vpn_resources
save-password
crypto isakmp profile ciscocp-ike-profile-1
match identity group EXTERNALS
client authentication list ciscocp_vpn_xauth_ml_2
isakmp authorization list ciscocp_vpn_group_ml_2
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile CiscoCP_Profile1
set isakmp-profile ciscocp-ike-profile-1
!
!
crypto map SDM_CMAP_1 1 ipsec-isakmp
description Tunnel to****
set peer ****
set transform-set ESP-3DES-SHA
match address 100
!
!
!
!
!
interface FastEthernet0
switchport mode trunk
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
description $ETH-WAN$
no ip address
duplex auto
speed auto
pppoe-client dial-pool-number 1
!
interface Virtual-Template1 type tunnel
ip unnumbered Dialer0
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
no ip address
!
interface Cellular0
no ip address
encapsulation ppp
!
interface Vlan1
ip address 10.79.55.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
!
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname ****
ppp chap password 0 ****
ppp pap sent-username ***** password 0 ****
crypto map SDM_CMAP_1
!
ip local pool SDM_POOL_1 10.79.55.15 10.79.55.20
ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
!
!
ip nat pool NAT-POOL 10.79.55.0 10.79.55.254 netmask 255.255.255.0
ip nat inside source static tcp 10.79.55.100 25 interface Dialer0 25
ip nat inside source static tcp 10.79.55.100 110 interface Dialer0 110
ip nat inside source static tcp 10.79.55.100 443 interface Dialer0 443
ip nat inside source static tcp 10.79.55.100 80 interface Dialer0 80
ip nat inside source static tcp 10.79.55.100 53 interface Dialer0 53
ip nat inside source static tcp 10.79.55.100 389 interface Dialer0 389
ip nat inside source static tcp 10.79.55.100 26 interface Dialer0 26
ip nat inside source static tcp 10.79.55.100 44 interface Dialer0 44
ip nat inside source static tcp 10.79.55.100 1000 interface Dialer0 1000
ip nat inside source static tcp 10.79.55.100 143 interface Dialer0 143
ip nat inside source static tcp 10.79.55.100 995 interface Dialer0 995
ip nat inside source static tcp 10.79.55.100 993 interface Dialer0 993
ip nat inside source static tcp 10.79.55.100 8100 interface Dialer0 8100
ip nat inside source static tcp 10.79.55.100 3000 interface Dialer0 3000
ip nat inside source static tcp 10.79.55.100 1300 interface Dialer0 1300
ip nat inside source static tcp 10.79.55.100 21 interface Dialer0 21
ip nat inside source static tcp 10.79.55.100 5938 interface Dialer0 5938
ip nat inside source static udp 10.79.55.17 11155 interface Dialer0 11155
ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip access-list extended vpn_resources
permit ip 10.79.55.0 0.0.0.255 any
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.79.55.0 0.0.0.255
access-list 100 remark CCP_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip 10.79.55.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 101 remark CCP_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny ip 10.79.55.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 101 permit ip 10.79.55.0 0.0.0.255 any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
!
!
!
!
route-map SDM_RMAP_1 permit 1
match ip address 101
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line 3
no exec
line vty 0 4
password mnemonic
transport input all
!
end
12-28-2017 04:52 AM
Hello
What do you do for intranet traffic - Do you have local dns servers?
If so you could add A host and MX records for the lan users for internal name resolution?
res
Paul
12-28-2017 05:13 AM
12-28-2017 06:40 AM - edited 12-28-2017 06:45 AM
Hello
Glad to hear it...
res
Paul
12-28-2017 06:03 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide