cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
959
Views
0
Helpful
15
Replies
unidadso
Beginner

error 403 forbidden

when I connect the isr 1100 to navigate into the published services alocate in the web server of my company, I get this, "error 403 forbidden", if I connect the cisco rv042g I have no problem entering into the same page.

 

15 REPLIES 15
marce1000
VIP Advisor

Georg Pauwen
VIP Expert

Hello,

 

is this outside to inside access with NAT involved ? Post the running config of your ISR...

external connection to the web server is functional with forwarding ip nat inside source static tcp 192.168.X.X8085 190.85.51.X.X 80 but internally (locally) generates error 403

cisco.png

 

Hello,

 

which browser are you using ? Make sure the problem is not on the client/browser side, try and clear the browser cache and cookies...

the local network lan as inside
unidadso
Beginner

In the tests that were carried out the external connection is functional allows to consult the web page but locally the isr does not allow to enter the page

In the tests that were carried out the external connection is functional allows to consult the web page but locally the isr does not allow to enter the page.
paul driver
VIP Mentor

Hello

How are your ppoe clients obtaining dns?
Try pointing your clients to use that rtr for the dns

 

rtr
int virtual-template 1

ppp ipcp dns request accept
exit

ip dns server (your router)



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future

good afternoon paul sent the respective configuration but still the same inconvenience

 

virtual-template 1

!
!
!
!
!
interface GigabitEthernet0/0/0
description WAN
ip address x.x.x.x x.x.x.x.
ip nat outside
negotiation auto
crypto map CMAP
!
interface GigabitEthernet0/0/1
description LAN
ip address x.x.x.x x.x.x.x
ip nat inside
negotiation auto
!

interface Virtual-Template1
ip unnumbered GigabitEthernet0/0/0
peer default ip address pool l2tp-pool
ppp authentication ms-chap-v2
ppp ipcp dns request accept
!
interface Vlan1
no ip address
!
ip local pool l2tp-pool x.x.x.x. x.x.x.x.
ip nat inside source static tcp x.x.x.x. x.x.x.x.x extendable
ip nat inside source list 113 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
ip http server
ip http port 80
ip http authentication local
ip http secure-server
ip dns server
ip route 0.0.0.0 0.0.0.0 x.x.x.x
ip ssh time-out 30
ip ssh version 2
!
!
ip access-list extended BN
permit ip 1 x.x.x.x x.x.x.x. x.x.x.x
!
access-list 113 deny ip x.x.x.x. x.x.x.x. x.x.x.x. x.x.x.x.x

access-list 113 permit ip x.x.x.x any
!
!
!
!
control-plane
!
banner motd ^CC^C
!
line con 0
transport input none
stopbits 1
line vty 0 4
password x.x.x.x
login local
transport input ssh
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify

Hello,

 

I assume the web server and the local clients are in the same LAN subnet connected to interface GigabitEthernet0/0/1 ? Can you ping the web server from the clients ?

If the web server is hosted locally, I suppose the cisco isr asks for a ssl certificate since it does not allow local visualization since it takes as an unsecured page

if of course ping the only way he identifies is placing the port
ip + port but if I remove the port it does not enter

if they are on the same subnet and ping without losing packets

doing the respective settings now I get error 404