Access to individual sites

jeevan.koganti · ‎09-10-2012

I have restricted access to users using TCP/IP using cisco 1841 router in my organization.

I need to permit some sites for users which are part of work..

The issue here is I cannot ping to the site but able to browse to that site when having internet access, i have permitted range the entire range of that IP's but still no luck..

http://termview.apmterminals.com/ is the site which is not pinging from internet.

I have also checked the source code for the root IP but still no luck.

Can anyone help on this...

Thanks,

Jeevan.

cadet alain · ‎09-10-2012

Hi,

post your config to see what you've done so far.

Regards.

Alain

Don't forget to rate helpful posts.

jeevan.koganti · ‎09-10-2012

Hi,

Please check the config below.

version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname xxx
!
boot-start-marker
boot-end-marker
!

!
no aaa new-model
memory-size iomem 10
clock timezone
!
!
ip source-route
!
!
ip dhcp excluded-address 192.168.12.1 192.168.12.20
ip dhcp excluded-address 192.168.12.64 192.168.12.91
ip dhcp excluded-address 192.168.12.254
!
ip dhcp pool xxx
   network 192.168.12.0 255.255.255.0
   default-router 192.168.12.1
   dns-server 192.168.12.1 192.168.12.2 192.168.12.254
!
!
ip cef
ip domain name xxx
no ipv6 cef
!
!
!
!
archive
log config
hidekeys

!
!
!
class-map match-any sites
match protocol http host "*youtube.com*"
match protocol http host "*facebook.com*"
match protocol http host "*youporn.com*"
match protocol http host "*debonairblog.com*"
match protocol http host "*limewire.com*"
match protocol http host "*orkut.com*"
match protocol http host "*utorrent.com*"
match protocol http host "*songs.pk*"
match protocol http host "*bittorrent.com*"
match protocol http host "*moviesmobile.net*"
match protocol http host "*sex.com*"
match protocol http host "*sex.fr*"
match protocol http host "*adultmovie.com*"
match protocol http host "*world4free.in*"
match protocol http host "*badoo.com*"
match protocol http host "*nimbuzz.com*"
match protocol http host "*crictime.com*"
match protocol http mime "*video*"
!
!
policy-map blocksites
class sites
drop
!
!
!
!

!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description xxx
no ip address
ip virtual-reassembly
shutdown
duplex auto
speed auto

!
interface Vlan1
description xxx
ip address 192.168.12.1 255.255.255.0
ip access-group xxx in
ip virtual-reassembly
service-policy input blocksites
!
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip dns server
ip route 0.0.0.0 0.0.0.0 192.168.12.254
!
ip access-list extended xxx
permit ip any 192.168.12.0 0.0.0.255
permit ip any xxx.xxx.0.0 0.0.255.255
permit ip any xxx.xxx.0.0 0.0.255.255
permit ip any xxx.xxx.0.0 0.0.255.255
permit ip any 59.152.0.0 0.0.255.255
permit ip any 216.53.0.0 0.0.255.255
permit icmp any any
deny ip 192.168.12.64 0.0.0.31 any time-range INET
permit ip any any
!
access-list 10 permit 192.168.12.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login local
transport input telnet
!
scheduler max-task-time 5000
time-range INET
periodic weekdays 9:00 to 17:30
!
end

johnlloyd_13 · ‎09-10-2012

Hi,

This is just normal. Some websites don't allow ICMP or ping.

By the way, are you sure the config posted is from an 1841? Looks like an 800 to me.

Sent from Cisco Technical Support iPhone App

jeevan.koganti · ‎09-11-2012

Hi,

Ya my company has many remote branches, so i have sent config of remote branch which is having 871 router.

Eventhough ICMP in not permitted if we allow that IP in ACL it should work right??

Thanks,

Jeevan.