Problem opening port 443

sander · ‎10-03-2014

I'm new to using Cisco router. On the network I have to configure they are using an Cisco 851 router. I'm installing a new server which requires port 443 to be open. Port 80 is already open because of an old server which we will no longer need. I tried adding the port 443 but to no avail.

Below the configuration file.

Could anyone point out to me what is wrong and what I am doing wrong in opening port 443: ( I deleted/changed from below the crypto pki certificate, admin privilege 15 secret 5 and some ip adress pointing out to our location, because I had an feeling that I do not want those on the internet)

Building configuration...

Current configuration : 14177 bytes

!

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname ec

!

boot-start-marker

boot-end-marker

!

logging buffered 51200

logging console critical

enable secret 5 $

!

no aaa new-model

clock timezone Berlin 1

clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00

!

crypto pki trustpoint TP-self-signed-471741731

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-471741731

revocation-check none

rsakeypair TP-self-signed-471741731

!

crypto pki certificate chain TP-self-signed-471741731

certificate self-signed 01

quit

dot11 syslog

no ip source-route

ip dhcp excluded-address 10.10.10.1

!

ip cef

ip inspect log drop-pkt

ip inspect name fw appfw fw

ip inspect name fw tcp

ip inspect name fw imap

ip inspect name fw imap3

ip inspect name fw appleqtc

ip inspect name fw cuseeme

ip inspect name fw realaudio

ip inspect name fw rtsp

ip inspect name fw streamworks

ip inspect name fw vdolive

ip inspect name fw https

ip inspect name fw dns

ip inspect name fw ftp

ip inspect name fw pptp

ip inspect name fw smtp

ip inspect name sdm_ins_in_100 appfw sdm_ins_in_100

ip inspect name sdm_ins_in_100 dns

ip inspect name sdm_ins_in_100 h323

ip inspect name sdm_ins_in_100 https

ip inspect name sdm_ins_in_100 icmp

ip inspect name sdm_ins_in_100 pop3 reset

ip inspect name sdm_ins_in_100 rcmd

ip inspect name sdm_ins_in_100 sqlnet

ip inspect name sdm_ins_in_100 tcp

ip inspect name sdm_ins_in_100 udp

ip inspect name sdm_ins_in_100 cuseeme

ip inspect name sdm_ins_in_100 realaudio

ip inspect name sdm_ins_in_100 rtsp

ip inspect name sdm_ins_in_100 streamworks

ip inspect name sdm_ins_in_100 vdolive

ip inspect name sdm_ins_in_100 appleqtc

ip inspect name sdm_ins_in_100 pptp

ip inspect name sdm_ins_in_100 imap3

ip inspect name sdm_ins_in_100 smtp

ip inspect name SDM_HIGH appfw SDM_HIGH

ip inspect name SDM_HIGH icmp

ip inspect name SDM_HIGH dns

ip inspect name SDM_HIGH esmtp

ip inspect name SDM_HIGH https

ip inspect name SDM_HIGH imap reset

ip inspect name SDM_HIGH pop3 reset

ip inspect name SDM_HIGH tcp

ip inspect name SDM_HIGH udp

ip inspect name SDM_HIGH rtsp

ip inspect name SDM_HIGH realaudio

ip inspect name SDM_HIGH streamworks

ip inspect name SDM_HIGH vdolive

ip inspect name SDM_HIGH cuseeme

ip inspect name SDM_HIGH appleqtc

no ip bootp server

ip domain name internal.xxxxxx.com

ip name-server 111.111.14.196

ip name-server 111.111.14.212

!

appfw policy-name sdm_ins_in_100

application im aol

service default action allow alarm

service text-chat action allow alarm

server permit name login.oscar.aol.com

server permit name toc.oscar.aol.com

server permit name oam-d09a.blue.aol.com

application im msn

service default action allow alarm

service text-chat action allow alarm

server permit name messenger.hotmail.com

server permit name gateway.messenger.hotmail.com

server permit name webmessenger.msn.com

application http

strict-http action allow alarm

port-misuse p2p action reset alarm

port-misuse im action reset alarm

port-misuse tunneling action allow alarm

application im yahoo

service default action allow alarm

service text-chat action allow alarm

server permit name scs.msg.yahoo.com

server permit name scsa.msg.yahoo.com

server permit name scsb.msg.yahoo.com

server permit name scsc.msg.yahoo.com

server permit name scsd.msg.yahoo.com

server permit name cs16.msg.dcn.yahoo.com

server permit name cs19.msg.dcn.yahoo.com

server permit name cs42.msg.dcn.yahoo.com

server permit name cs53.msg.dcn.yahoo.com

server permit name cs54.msg.dcn.yahoo.com

server permit name ads1.vip.scd.yahoo.com

server permit name radio1.launch.vip.dal.yahoo.com

server permit name in1.msg.vip.re2.yahoo.com

server permit name data1.my.vip.sc5.yahoo.com

server permit name address1.pim.vip.mud.yahoo.com

server permit name edit.messenger.yahoo.com

server permit name messenger.yahoo.com

server permit name http.pager.yahoo.com

server permit name privacy.yahoo.com

server permit name csa.yahoo.com

server permit name csb.yahoo.com

server permit name csc.yahoo.com

!

appfw policy-name SDM_HIGH

application im aol

service default action reset alarm

service text-chat action reset alarm

server deny name login.oscar.aol.com

server deny name toc.oscar.aol.com

server deny name oam-d09a.blue.aol.com

application http

strict-http action reset alarm

port-misuse im action reset alarm

port-misuse p2p action reset alarm

port-misuse tunneling action reset alarm

application im yahoo

service default action reset alarm

service text-chat action reset alarm

server deny name scs.msg.yahoo.com

server deny name scsa.msg.yahoo.com

server deny name scsb.msg.yahoo.com

server deny name scsc.msg.yahoo.com

server deny name scsd.msg.yahoo.com

server deny name cs16.msg.dcn.yahoo.com

server deny name cs19.msg.dcn.yahoo.com

server deny name cs42.msg.dcn.yahoo.com

server deny name cs53.msg.dcn.yahoo.com

server deny name cs54.msg.dcn.yahoo.com

server deny name ads1.vip.scd.yahoo.com

server deny name radio1.launch.vip.dal.yahoo.com

server deny name in1.msg.vip.re2.yahoo.com

server deny name data1.my.vip.sc5.yahoo.com

server deny name address1.pim.vip.mud.yahoo.com

server deny name edit.messenger.yahoo.com

server deny name messenger.yahoo.com

server deny name http.pager.yahoo.com

server deny name privacy.yahoo.com

server deny name csa.yahoo.com

server deny name csb.yahoo.com

server deny name csc.yahoo.com

!

appfw policy-name fw

application http

!

parameter-map type protocol-info msn-servers

server name messenger.hotmail.com

server name gateway.messenger.hotmail.com

server name webmessenger.msn.com

parameter-map type protocol-info aol-servers

server name login.oscar.aol.com

server name toc.oscar.aol.com

server name oam-d09a.blue.aol.com

parameter-map type protocol-info yahoo-servers

server name scs.msg.yahoo.com

server name scsa.msg.yahoo.com

server name scsb.msg.yahoo.com

server name scsc.msg.yahoo.com

server name scsd.msg.yahoo.com

server name cs16.msg.dcn.yahoo.com

server name cs19.msg.dcn.yahoo.com

server name cs42.msg.dcn.yahoo.com

server name cs53.msg.dcn.yahoo.com

server name cs54.msg.dcn.yahoo.com

server name ads1.vip.scd.yahoo.com

server name radio1.launch.vip.dal.yahoo.com

server name in1.msg.vip.re2.yahoo.com

server name data1.my.vip.sc5.yahoo.com

server name address1.pim.vip.mud.yahoo.com

server name edit.messenger.yahoo.com

server name messenger.yahoo.com

server name http.pager.yahoo.com

server name privacy.yahoo.com

server name csa.yahoo.com

server name csb.yahoo.com

server name csc.yahoo.com

!

username admin privilege 15 secret 5 !

!

archive

log config

hidekeys

!

ip tcp synwait-time 10

ip ssh time-out 60

ip ssh authentication-retries 2

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

description $FW_OUTSIDE$$ETH-WAN$$ES_WAN$

ip address 111.111.146.167 255.255.255.0

ip access-group 105 in

ip verify unicast reverse-path

no ip redirects

no ip unreachables

no ip proxy-arp

ip inspect sdm_ins_in_100 in

ip inspect fw out

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$

ip address 192.168.0.3 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

ip tcp adjust-mss 1452

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 111.111.146.161

!

ip http server

ip http port 8080

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source static tcp 192.168.0.2 80 interface FastEthernet4 80

ip nat inside source list 1 interface FastEthernet4 overload

ip nat inside source static tcp 192.168.0.2 1723 interface FastEthernet4 1723

ip nat inside source static tcp 192.168.0.2 143 interface FastEthernet4 143

ip nat inside source static tcp 192.168.0.2 47 interface FastEthernet4 47

ip nat inside source static tcp 192.168.0.244 5003 interface FastEthernet4 5003

ip nat inside source static tcp 192.168.0.2 25 interface FastEthernet4 25

ip nat inside source static tcp 192.168.0.2 443 interface FastEthernet4 443

!

ip access-list extended sdm_fastethernet4_in

remark SDM_ACL Category=1

remark PPTP

permit tcp any eq 1723 host 192.168.0.2 eq 1723

!

logging trap debugging

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 100 remark SDM_ACL Category=128

access-list 100 permit ip host 255.255.255.255 any

access-list 100 permit ip 127.0.0.0 0.255.255.255 any

access-list 100 permit ip 111.111.146.0 0.0.0.255 any

access-list 101 remark SDM_ACL Category=0

access-list 101 permit ip any host 192.168.0.2

access-list 102 remark SDM_ACL Category=128

access-list 102 permit ip host 255.255.255.255 any

access-list 102 permit ip 127.0.0.0 0.255.255.255 any

access-list 102 permit ip 111.111.146.0 0.0.0.255 any

access-list 103 remark SDM_ACL Category=0

access-list 103 permit ip any host 192.168.0.2

access-list 104 remark auto generated by SDM firewall configuration

access-list 104 remark SDM_ACL Category=1

access-list 104 deny ip 111.111.146.0 0.0.0.255 any

access-list 104 deny ip host 255.255.255.255 any

access-list 104 deny ip 127.0.0.0 0.255.255.255 any

access-list 104 permit ip any any

access-list 104 permit tcp any host 192.168.0.2 eq www

access-list 105 remark auto generated by SDM firewall configuration

access-list 105 remark SDM_ACL Category=1

access-list 105 permit tcp any host 111.111.146.167 eq www

access-list 105 remark filemaker

access-list 105 permit tcp any host 111.111.146.167 eq 5003

access-list 105 permit tcp any host 111.111.146.167 eq 143 log

access-list 105 remark test smtp

access-list 105 permit tcp any host 111.111.146.167 eq smtp log

access-list 105 remark imapudp

access-list 105 permit udp any host 111.111.146.167 eq 143

access-list 105 remark GRE

access-list 105 permit gre any host 111.111.146.167

access-list 105 remark pptp

access-list 105 permit tcp any host 111.111.146.167 eq 1723

access-list 105 remark FMUDP

access-list 105 permit udp any host 111.111.146.167 eq 5003

access-list 105 permit udp host 111.111.4.5 eq domain host 111.111.146.167

access-list 105 deny ip 192.168.0.0 0.0.0.255 any

access-list 105 permit icmp any host 111.111.146.167 echo-reply

access-list 105 permit icmp any host 111.111.146.167 time-exceeded

access-list 105 permit icmp any host 111.111.146.167 unreachable

access-list 105 deny ip 10.0.0.0 0.255.255.255 any

access-list 105 deny ip 172.16.0.0 0.15.255.255 any

access-list 105 deny ip 192.168.0.0 0.0.255.255 any

access-list 105 deny ip 127.0.0.0 0.255.255.255 any

access-list 105 deny ip host 255.255.255.255 any

access-list 105 deny ip host 0.0.0.0 any

access-list 105 deny ip any any log

access-list 105 permit tcp any any eq 443

access-list 105 permit udp any host 111.111.146.167 eq 443

access-list 105 permit tcp any host 111.111.146.167 eq 443 log

no cdp run

!

control-plane

!

banner exec ^C

% Password expiration warning.

vishal vyas · ‎10-03-2014

You need to put permit entries before deny any any entry

access-list 105 deny ip any any log

access-list 105 permit tcp any any eq 443

access-list 105 permit udp any host 111.111.146.167 eq 443

access-list 105 permit tcp any host 111.111.146.167 eq 443 log

It should be like this:

access-list 105 permit tcp any host 111.111.146.167 eq 443 log

access-list 105 deny ip any any log

sander · ‎10-07-2014

Hi Vishalvyas1986.

We changed the order. This first didn't change anything even after turning off the router and turning it on. (the running configuration was showing the correct order afterwards). The router however crashed after a couple of hours after which the port forwarding worked. With crashing I mean that the router was not accessible anymore and no internet trafic was passing rough the router.

After that first "crash" the router keeps crashing. Every 5-20 minutes we lose internet connection and cannot reach the router anymore. If we wait for a couple of minutes the router resets itself and is working again.

We are getting the errors in the log files as shown below. We searched the internet and found that we should upgrade our IOS. but we are running the latest version 12.4(15)T7 already.

Any further help would be appreciated.

We looked trough the log files and saw the following:

000304: *May 12 11:31:59.027 PCTime: %SYS-2-NOTQ: unqueue didn't find 83903D8C in queue 81E22960 -Process= "DNS Resolver", ipl= 0, pid= 64, -Traceback= 0x8060F644 0x8011DC44 0x8062DB98 0x809B453C 0x809B4778 0x809B4CB8 0x8010476C 0x801078B0
000305: *May 12 11:32:08.015 PCTime: %FW-4-TCP_OoO_SEG: Dropping TCP Segment: seq:2697537752 1420 bytes is out-of-order; expected seq:2697501872. Reason: TCP reassembly queue overflow - session 192.168.0.56:50762 to 162.13.76.172:80
000306: *May 12 11:32:08.015 PCTime: %FW-6-DROP_PKT: Dropping http session 162.13.76.172:80 192.168.0.56:50762 due to Out-Of-Order Segment with ip ident 57058 tcpflags 0x5010 seq.no 2697537752 ack 3265220652
000307: *May 12 11:32:16.535 PCTime: %ALIGN-3-SPURIOUS: Spurious memory access made at 0x8062EB08 reading 0x0
000308: *May 12 11:32:16.535 PCTime: %ALIGN-3-TRACE: -Traceback= 0x8062EB08 0x8062F0A0 0x81495C24 0x80630C80 0x80F063F0 0x80378E7C 0x8010476C 0x801078B0
000309: *May 12 11:32:16.535 PCTime: %ALIGN-3-TRACE: -Traceback= 0x8062EB10 0x8062F0A0 0x81495C24 0x80630C80 0x80F063F0 0x80378E7C 0x8010476C 0x801078B0
000310: *May 12 11:32:16.535 PCTime: %ALIGN-3-TRACE: -Traceback= 0x80ED6234 0x8062EB20 0x8062F0A0 0x81495C24 0x80630C80 0x80F063F0 0x80378E7C 0x8010476C
000311: *May 12 11:32:16.535 PCTime: %ALIGN-3-TRACE: -Traceback= 0x80ED6238 0x8062EB20 0x8062F0A0 0x81495C24 0x80630C80 0x80F063F0 0x80378E7C 0x8010476C
000312: *May 12 11:32:16.535 PCTime: %ALIGN-3-TRACE: -Traceback= 0x80ED623C 0x8062EB20 0x8062F0A0 0x81495C24 0x80630C80 0x80F063F0 0x80378E7C 0x8010476C
000313: *May 12 11:32:16.535 PCTime: %ALIGN-3-TRACE: -Traceback= 0x80ED5770 0x8062EB88 0x8062F0A0 0x81495C24 0x80630C80 0x80F063F0 0x80378E7C 0x8010476C
000314: *May 12 11:32:16.535 PCTime: %ALIGN-3-TRACE: -Traceback= 0x80ED5774 0x8062EB88 0x8062F0A0 0x81495C24 0x80630C80 0x80F063F0 0x80378E7C 0x8010476C
000315: *May 12 11:32:25.271 PCTime: %SYS-3-CPUHOG: Task is running for (5000)msecs, more than (5000)msecs ,process = Appfw IM DNS Resolver.
-Traceback= 0x814BF13C 0x809B04DC 0x8062EE20 0x809B2E70 0x81358E00 0x813594D4 0x8010476C 0x801078B0
000340: *May 12 11:34:29.719 PCTime: %SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = Appfw IM DNS Resolver.
-Traceback= 0x814BF13C 0x8062ED70 0x809B2E70 0x81358E00 0x813594D4 0x8010476C 0x801078B0
000341: *May 12 11:34:29.811 PCTime: %ALIGN-3-SPURIOUS: Spurious memory access made at 0x814BE564 reading 0x0
000342: *May 12 11:34:29.811 PCTime: %ALIGN-3-TRACE: -Traceback= 0x814BE564 0x8062EE48 0x809B2E70 0x81358E00 0x813594D4 0x8010476C 0x801078B0 0x0
000343: *May 12 11:34:29.811 PCTime: %ALIGN-3-TRACE: -Traceback= 0x814BF138 0x8062ED70 0x809B2E70 0x81358E00 0x813594D4 0x8010476C 0x801078B0 0x0
000344: *May 12 11:34:29.811 PCTime: %ALIGN-3-TRACE: -Traceback= 0x814BF138 0x809B04DC 0x8062EE20 0x809B2E70 0x81358E00 0x813594D4 0x8010476C 0x801078B0
000345: *May 12 11:34:29.811 PCTime: %ALIGN-3-TRACE: -Traceback= 0x814BE558 0x8062EE48 0x809B2E70 0x81358E00 0x813594D4 0x8010476C 0x801078B0 0x0

Our current running config:

Building configuration...

Current configuration : 14161 bytes

!

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname ec

!

boot-start-marker

boot-end-marker

!

logging buffered 51200

logging console critical

enable secret 5 $1$HWxK$nQxiluxLNri1scNlJ/yra1

!

no aaa new-model

clock timezone PCTime 1

clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00

!

crypto pki trustpoint TP-self-signed-471741731

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-471741731

revocation-check none

rsakeypair TP-self-signed-471741731

!

crypto pki certificate chain TP-self-signed-471741731

certificate self-signed 01

quit

dot11 syslog

no ip source-route

ip dhcp excluded-address 10.10.10.1

!

ip cef

ip inspect log drop-pkt

ip inspect name fw appfw fw

ip inspect name fw tcp

ip inspect name fw imap

ip inspect name fw imap3

ip inspect name fw appleqtc

ip inspect name fw cuseeme

ip inspect name fw realaudio

ip inspect name fw rtsp

ip inspect name fw streamworks

ip inspect name fw vdolive

ip inspect name fw https

ip inspect name fw dns

ip inspect name fw ftp

ip inspect name fw pptp

ip inspect name fw smtp

ip inspect name sdm_ins_in_100 appfw sdm_ins_in_100

ip inspect name sdm_ins_in_100 dns

ip inspect name sdm_ins_in_100 h323

ip inspect name sdm_ins_in_100 https

ip inspect name sdm_ins_in_100 icmp

ip inspect name sdm_ins_in_100 pop3 reset

ip inspect name sdm_ins_in_100 rcmd

ip inspect name sdm_ins_in_100 sqlnet

ip inspect name sdm_ins_in_100 tcp

ip inspect name sdm_ins_in_100 udp

ip inspect name sdm_ins_in_100 cuseeme

ip inspect name sdm_ins_in_100 realaudio

ip inspect name sdm_ins_in_100 rtsp

ip inspect name sdm_ins_in_100 streamworks

ip inspect name sdm_ins_in_100 vdolive

ip inspect name sdm_ins_in_100 appleqtc

ip inspect name sdm_ins_in_100 pptp

ip inspect name sdm_ins_in_100 imap3

ip inspect name sdm_ins_in_100 smtp

ip inspect name SDM_HIGH appfw SDM_HIGH

ip inspect name SDM_HIGH icmp

ip inspect name SDM_HIGH dns

ip inspect name SDM_HIGH esmtp

ip inspect name SDM_HIGH https

ip inspect name SDM_HIGH imap reset

ip inspect name SDM_HIGH pop3 reset

ip inspect name SDM_HIGH tcp

ip inspect name SDM_HIGH udp

ip inspect name SDM_HIGH rtsp

ip inspect name SDM_HIGH realaudio

ip inspect name SDM_HIGH streamworks

ip inspect name SDM_HIGH vdolive

ip inspect name SDM_HIGH cuseeme

ip inspect name SDM_HIGH appleqtc

no ip bootp server

ip domain name internal.xxxxxxx.com

ip name-server 111.111.14.196

ip name-server 111.111.14.212

!

appfw policy-name sdm_ins_in_100

application im aol

service default action allow alarm

service text-chat action allow alarm

server permit name login.oscar.aol.com

server permit name toc.oscar.aol.com

server permit name oam-d09a.blue.aol.com

application im msn

service default action allow alarm

service text-chat action allow alarm

server permit name messenger.hotmail.com

server permit name gateway.messenger.hotmail.com

server permit name webmessenger.msn.com

application http

strict-http action allow alarm

port-misuse p2p action reset alarm

port-misuse im action reset alarm

port-misuse tunneling action allow alarm

application im yahoo

service default action allow alarm

service text-chat action allow alarm

server permit name scs.msg.yahoo.com

server permit name scsa.msg.yahoo.com

server permit name scsb.msg.yahoo.com

server permit name scsc.msg.yahoo.com

server permit name scsd.msg.yahoo.com

server permit name cs16.msg.dcn.yahoo.com

server permit name cs19.msg.dcn.yahoo.com

server permit name cs42.msg.dcn.yahoo.com

server permit name cs53.msg.dcn.yahoo.com

server permit name cs54.msg.dcn.yahoo.com

server permit name ads1.vip.scd.yahoo.com

server permit name radio1.launch.vip.dal.yahoo.com

server permit name in1.msg.vip.re2.yahoo.com

server permit name data1.my.vip.sc5.yahoo.com

server permit name address1.pim.vip.mud.yahoo.com

server permit name edit.messenger.yahoo.com

server permit name messenger.yahoo.com

server permit name http.pager.yahoo.com

server permit name privacy.yahoo.com

server permit name csa.yahoo.com

server permit name csb.yahoo.com

server permit name csc.yahoo.com

!

appfw policy-name SDM_HIGH

application im aol

service default action reset alarm

service text-chat action reset alarm

server deny name login.oscar.aol.com

server deny name toc.oscar.aol.com

server deny name oam-d09a.blue.aol.com

application http

strict-http action reset alarm

port-misuse im action reset alarm

port-misuse p2p action reset alarm

port-misuse tunneling action reset alarm

application im yahoo

service default action reset alarm

service text-chat action reset alarm

server deny name scs.msg.yahoo.com

server deny name scsa.msg.yahoo.com

server deny name scsb.msg.yahoo.com

server deny name scsc.msg.yahoo.com

server deny name scsd.msg.yahoo.com

server deny name cs16.msg.dcn.yahoo.com

server deny name cs19.msg.dcn.yahoo.com

server deny name cs42.msg.dcn.yahoo.com

server deny name cs53.msg.dcn.yahoo.com

server deny name cs54.msg.dcn.yahoo.com

server deny name ads1.vip.scd.yahoo.com

server deny name radio1.launch.vip.dal.yahoo.com

server deny name in1.msg.vip.re2.yahoo.com

server deny name data1.my.vip.sc5.yahoo.com

server deny name address1.pim.vip.mud.yahoo.com

server deny name edit.messenger.yahoo.com

server deny name messenger.yahoo.com

server deny name http.pager.yahoo.com

server deny name privacy.yahoo.com

server deny name csa.yahoo.com

server deny name csb.yahoo.com

server deny name csc.yahoo.com

!

appfw policy-name fw

application http

!

parameter-map type protocol-info msn-servers

server name messenger.hotmail.com

server name gateway.messenger.hotmail.com

server name webmessenger.msn.com

parameter-map type protocol-info aol-servers

server name login.oscar.aol.com

server name toc.oscar.aol.com

server name oam-d09a.blue.aol.com

parameter-map type protocol-info yahoo-servers

server name scs.msg.yahoo.com

server name scsa.msg.yahoo.com

server name scsb.msg.yahoo.com

server name scsc.msg.yahoo.com

server name scsd.msg.yahoo.com

server name cs16.msg.dcn.yahoo.com

server name cs19.msg.dcn.yahoo.com

server name cs42.msg.dcn.yahoo.com

server name cs53.msg.dcn.yahoo.com

server name cs54.msg.dcn.yahoo.com

server name ads1.vip.scd.yahoo.com

server name radio1.launch.vip.dal.yahoo.com

server name in1.msg.vip.re2.yahoo.com

server name data1.my.vip.sc5.yahoo.com

server name address1.pim.vip.mud.yahoo.com

server name edit.messenger.yahoo.com

server name messenger.yahoo.com

server name http.pager.yahoo.com

server name privacy.yahoo.com

server name csa.yahoo.com

server name csb.yahoo.com

server name csc.yahoo.com

!

username admin privilege 15 secret 5

!