Showing results for 
Search instead for 
Did you mean: 
Join Customer Connection to register!

error 403 forbidden

when I connect the isr 1100 to navigate into the published services alocate in the web server of my company, I get this, "error 403 forbidden", if I connect the cisco rv042g I have no problem entering into the same page.


VIP Advisor

Georg Pauwen
VIP Expert



is this outside to inside access with NAT involved ? Post the running config of your ISR...

external connection to the web server is functional with forwarding ip nat inside source static tcp 192.168.X.X8085 190.85.51.X.X 80 but internally (locally) generates error 403





which browser are you using ? Make sure the problem is not on the client/browser side, try and clear the browser cache and cookies...

the local network lan as inside

In the tests that were carried out the external connection is functional allows to consult the web page but locally the isr does not allow to enter the page

In the tests that were carried out the external connection is functional allows to consult the web page but locally the isr does not allow to enter the page.
paul driver
VIP Mentor


How are your ppoe clients obtaining dns?
Try pointing your clients to use that rtr for the dns


int virtual-template 1

ppp ipcp dns request accept

ip dns server (your router)

kind regards

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future

good afternoon paul sent the respective configuration but still the same inconvenience


virtual-template 1

interface GigabitEthernet0/0/0
description WAN
ip address x.x.x.x x.x.x.x.
ip nat outside
negotiation auto
crypto map CMAP
interface GigabitEthernet0/0/1
description LAN
ip address x.x.x.x x.x.x.x
ip nat inside
negotiation auto

interface Virtual-Template1
ip unnumbered GigabitEthernet0/0/0
peer default ip address pool l2tp-pool
ppp authentication ms-chap-v2
ppp ipcp dns request accept
interface Vlan1
no ip address
ip local pool l2tp-pool x.x.x.x. x.x.x.x.
ip nat inside source static tcp x.x.x.x. x.x.x.x.x extendable
ip nat inside source list 113 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
ip http server
ip http port 80
ip http authentication local
ip http secure-server
ip dns server
ip route x.x.x.x
ip ssh time-out 30
ip ssh version 2
ip access-list extended BN
permit ip 1 x.x.x.x x.x.x.x. x.x.x.x
access-list 113 deny ip x.x.x.x. x.x.x.x. x.x.x.x. x.x.x.x.x

access-list 113 permit ip x.x.x.x any
banner motd ^CC^C
line con 0
transport input none
stopbits 1
line vty 0 4
password x.x.x.x
login local
transport input ssh
wsma agent exec
wsma agent config
wsma agent filesys
wsma agent notify



I assume the web server and the local clients are in the same LAN subnet connected to interface GigabitEthernet0/0/1 ? Can you ping the web server from the clients ?

If the web server is hosted locally, I suppose the cisco isr asks for a ssl certificate since it does not allow local visualization since it takes as an unsecured page

if of course ping the only way he identifies is placing the port
ip + port but if I remove the port it does not enter

if they are on the same subnet and ping without losing packets

doing the respective settings now I get error 404