Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Running a webserver behind a Cisco 1605

Status
Not open for further replies.
digidee

digidee

IS-IT--Management
Joined
May 20, 2003
Messages
1
Location
US
I can't seem to get port 80 to open on my
cisco 1605. I'm useing the following line:
access-list 100 permit tcp any host 192.168.1.3 eq 80

(among others)
This is but one access list statements.

Thanks for the help,
Digidee
 
Sort by date Sort by votes
Change it from 100 to 101 which is an extended IP access list which is what you want with the eq 80. Dont forget the implied DENY ALL at the end which will block everything you have not said expressly to pass through.

Mike S
"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin
 
Upvote 0 Downvote
Where is your access-list is the entry for www? Try re-writing your access-list and putting it at the very top to ensure you are not stepping on your own toes (the rule of thumb I have always heard is specific to general...)

Secondly, take a look at using 'ip accounting access-violations' and 'show ip accounting access-violations' to give you an idea of if anything is making it to your list and where it is being denied.

You can also turn on logging (either console - although its sometimes tricky that way -- or to a syslog server) and that will give you the packets as they are being denied. You will need to turn on 'debug ip access-list detail' and/or 'debug ip access-list lookup' (I can't remember which...).

Hope this helps a bit,
Paul Kincaid

P.S. wybnormal -- f.y.i. 100 is within the extended list.
 
Upvote 0 Downvote
How you applying the policy to the interface?
-bhandari
 
Upvote 0 Downvote
Paul- You are correct.. I mis-remembered the numbering.. thats what I get for thinking ;-)

Good catch of a small but important error

Mike S
"Diplomacy; the art of saying 'nice doggie' till you can find a rock" Wynn Catlin
 
Upvote 0 Downvote
Do you have an access list going the other way?

One of the most common mistakes I see is to allow the port 80 traffic inbound but to not allow the return traffic outbound.

--chris
 
Upvote 0 Downvote
bhandari
- sorry I missed your question after my reply....

You need to apply the access list to the interface as follows:

router# conf t
router(config)# interface e0 (or whatever the interface name is)
router(config-if)# ip access-group 100 in
router(config-if)# end
router# write memory

Hope this helps,
Paul
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Blackybear
  • Locked
  • Question Question
Cisco RV042G router
Replies
0
Views
322
Blackybear
Blackybear
B
  • Locked
  • Question Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
403
badwolf1686
B
CPM86
  • Locked
  • Question Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
559
CPM86
CPM86
pbxcomm
  • Locked
  • Question Question
CISCO VG450
Replies
1
Views
812
nt8d09
nt8d09
Skip Rango
  • Locked
  • Question Question
how to backup cisco sg500-52p switch
Replies
1
Views
798
madwok
madwok

Part and Inventory Search

Sponsor

Back
Top