Re: error 403 forbidden

unidadso · ‎02-26-2020

when I connect the isr 1100 to navigate into the published services alocate in the web server of my company, I get this, "error 403 forbidden", if I connect the cisco rv042g I have no problem entering into the same page.

marce1000 · ‎02-26-2020

https://en.wikipedia.org/wiki/HTTP_403

M.

-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

Georg Pauwen · ‎02-26-2020

Hello,

is this outside to inside access with NAT involved ? Post the running config of your ISR...

unidadso · ‎02-26-2020

external connection to the web server is functional with forwarding ip nat inside source static tcp 192.168.X.X8085 190.85.51.X.X 80 but internally (locally) generates error 403

Georg Pauwen · ‎02-26-2020

Hello,

which browser are you using ? Make sure the problem is not on the client/browser side, try and clear the browser cache and cookies...

unidadso · ‎03-13-2020

the local network lan as inside

unidadso · ‎02-29-2020

In the tests that were carried out the external connection is functional allows to consult the web page but locally the isr does not allow to enter the page

unidadso · ‎02-29-2020

In the tests that were carried out the external connection is functional allows to consult the web page but locally the isr does not allow to enter the page.

paul driver · ‎02-29-2020

Hello

How are your ppoe clients obtaining dns?
Try pointing your clients to use that rtr for the dns

rtr
int virtual-template 1

ppp ipcp dns request accept
exit

ip dns server (your router)

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

unidadso · ‎03-02-2020

good afternoon paul sent the respective configuration but still the same inconvenience

virtual-template 1

!
!
!
!
!
interface GigabitEthernet0/0/0
description WAN
ip address x.x.x.x x.x.x.x.
ip nat outside
negotiation auto
crypto map CMAP
!
interface GigabitEthernet0/0/1
description LAN
ip address x.x.x.x x.x.x.x
ip nat inside
negotiation auto
!

interface Virtual-Template1
ip unnumbered GigabitEthernet0/0/0
peer default ip address pool l2tp-pool
ppp authentication ms-chap-v2
ppp ipcp dns request accept
!
interface Vlan1
no ip address
!
ip local pool l2tp-pool x.x.x.x. x.x.x.x.
ip nat inside source static tcp x.x.x.x. x.x.x.x.x extendable
ip nat inside source list 113 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
ip http server
ip http port 80
ip http authentication local
ip http secure-server
ip dns server
ip route 0.0.0.0 0.0.0.0 x.x.x.x
ip ssh time-out 30
ip ssh version 2
!
!
ip access-list extended BN
permit ip 1 x.x.x.x x.x.x.x. x.x.x.x
!
access-list 113 deny ip x.x.x.x. x.x.x.x. x.x.x.x. x.x.x.x.x

access-list 113 permit ip x.x.x.x any
!
!
!
!
control-plane
!
banner motd ^CC^C
!
line con 0
transport input none
stopbits 1
line vty 0 4
password x.x.x.x
login local
transport input ssh
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify

Georg Pauwen · ‎03-02-2020

Hello,

I assume the web server and the local clients are in the same LAN subnet connected to interface GigabitEthernet0/0/1 ? Can you ping the web server from the clients ?

unidadso · ‎03-02-2020

If the web server is hosted locally, I suppose the cisco isr asks for a ssl certificate since it does not allow local visualization since it takes as an unsecured page

unidadso · ‎03-02-2020

if of course ping the only way he identifies is placing the port
ip + port but if I remove the port it does not enter

unidadso · ‎03-13-2020

if they are on the same subnet and ping without losing packets

unidadso · ‎03-13-2020

doing the respective settings now I get error 404