Jump to content


Can Access Webserver from Internet through Cisco router


  • Please log in to reply
1 reply to this topic

#1 ahzmahmzi

ahzmahmzi

    Newbie

  • Members
  • Pip
  • 4 posts

Posted 21 January 2013 - 05:51 AM

Everything works fine internally, but I have a website on the 10.0.0.52 server with the external IP of 216.140.140.4. When I tried to access It from the internet It doesn't work. Please does anyone have any ideas on what might be the issue here? Though If I use the IP 216.140.140.4 i can access the website, even though I suspected it is a DNS issue, so I opened the Dns ports 53 for the 10.0.0.1 server still didnt work. It is an issue with the router because as soon as i replace with the proprietory firewall it works fine.
Please would appreciate your advice.

ip name server 10.0.0.1

Zone security out-zone
zone security in-zone
zone security teleworker

interface gi0/1
Zone-member security out-zone

interface gi0/0
zone-member security in-zone

interface gi0/2
zone-member security teleworker
exit

ip port-map user-RDP port tcp 3389

zone-pair security OUT-IN source out-zone destination in-zone
zone-pair security OUT-TELEWORKER source out-zone destination teleworker
zone-pair security TELEWORKER-OUT source teleworker destination out-zone

ip access-list extended OUTSIDE-TO-INSIDE-WEB
permit tcp any host 10.0.0.23 eq 80
permit tcp any host 10.0.0.59 eq 80
permit tcp any host 10.0.0.61 eq 80
permit tcp any host 10.0.0.228 eq 80
permit tcp any host 10.0.0.16 eq 80
permit tcp any host 10.0.0.30 eq 80

class-map type inspect match-all OUTSIDE-TO-INSIDE-WEB-CLASS
match protocol http
match access-group name OUTSIDE-TO-INSIDE-WEB

ip access-list extended OUTSIDE-TO-INSIDE-FTP
permit tcp any host 10.0.0.52 eq 20:21
permit tcp any host 10.0.0.23 eq 20:21
permit tcp any host 10.0.0.59 eq 20:21
permit tcp any host 10.0.0.61 eq 20:21
permit tcp any host 10.0.0.228 eq 20:21

class-map type inspect match-all OUTSIDE-TO-INSIDE-FTP-CLASS
match protocol ftp
match access-group name OUTSIDE-TO-INSIDE-FTP

ip access-list extended OUTSIDE-TO-INSIDE-SMTP
permit tcp any host 10.0.0.52 eq 25
permit tcp any host 10.0.0.23 eq 25
permit tcp any host 10.0.0.59 eq 25
permit tcp any host 10.0.0.61 eq 25
permit tcp any host 10.0.0.228 eq 25

class-map type inspect match-all OUTSIDE-TO-INSIDE-SMTP-CLASS
match protocol smtp
match access-group name OUTSIDE-TO-INSIDE-SMTP

ip access-list extended OUTSIDE-TO-INSIDE-DNS
permit tcp any host 10.0.0.23 eq 53
permit udp any host 10.0.0.23 eq 53
permit tcp any host 10.0.0.59 eq 53
permit udp any host 10.0.0.59 eq 53
permit tcp any host 10.0.0.61 eq 53
permit udp any host 10.0.0.61 eq 53
permit tcp any host 10.0.0.228 eq 53
permit udp any host 10.0.0.228 eq 53
permit tcp any host 10.0.0.1 eq 53
permit udp any host 10.0.0.1 eq 53
class-map type inspect match-all OUTSIDE-TO-INSIDE-DNS-CLASS
match protocol dns
match access-group name OUTSIDE-TO-INSIDE-DNS

ip access-list extended OUTSIDE-TO-INSIDE-POP
permit tcp any host 10.0.0.52 eq 110
permit tcp any host 10.0.0.23 eq 110
permit tcp any host 10.0.0.59 eq 110
permit tcp any host 10.0.0.61 eq 110
permit tcp any host 10.0.0.228 eq 110

class-map type inspect match-all OUTSIDE-TO-INSIDE-POP-CLASS
match protocol pop
match access-group name OUTSIDE-TO-INSIDE-POP

ip access-list extended OUTSIDE-TO-INSIDE-IMAP
permit tcp any host 10.0.0.52 eq 143
permit tcp any host 10.0.0.23 eq 143
permit tcp any host 10.0.0.59 eq 143
permit tcp any host 10.0.0.61 eq 143
permit tcp any host 10.0.0.228 eq 143

class-map type inspect match-all OUTSIDE-TO-INSIDE-IMAP-CLASS
match protocol imap
match access-group name OUTSIDE-TO-INSIDE-IMAP

ip access-list extended OUTSIDE-TO-INSIDE-HTTPS
permit tcp any host 10.0.0.52 eq 443
permit tcp any host 10.0.0.23 eq 443
permit tcp any host 10.0.0.59 eq 443
permit tcp any host 10.0.0.61 eq 443
permit tcp any host 10.0.0.228 eq 443

class-map type inspect match-all OUTSIDE-TO-INSIDE-HTTPS-CLASS
match protocol https
match access-group name OUTSIDE-TO-INSIDE-HTTPS

ip access-list extended OUTSIDE-TO-INSIDE-RDP
permit tcp any host 10.0.0.52 eq 3389
permit tcp any host 10.0.0.23 eq 3389
permit tcp any host 10.0.0.59 eq 3389
permit tcp any host 10.0.0.61 eq 3389
permit tcp any host 10.0.0.228 eq 3389
permit tcp any host 10.0.0.58 eq 3389
permit tcp any host 10.0.0.33 eq 3389
permit tcp any host 10.0.0.25 eq 3389
permit tcp any host 10.0.0.44 eq 3389
permit tcp any host 10.0.0.251 eq 3389
permit tcp any host 10.0.0.21 eq 3389
permit tcp any host 10.0.0.22 eq 3389
ermit tcp any host 10.0.0.24 eq 3389
permit tcp any host 10.0.0.30 eq 3389
permit tcp any host 10.0.0.230 eq 3389

class-map type inspect match-all OUTSIDE-TO-INSIDE-RDP-CLASS
match protocol user-RDP
match access-group name OUTSIDE-TO-INSIDE-RDP

ip access-list extended TELEWORKER-TO-OUTSIDE
permit ip 10.0.3.254 any

class-map type inspect match-all TELEWORKER-TO-OUTSIDE-CLASS
match access-group name TELEWORKER-TO-OUTSIDE

ip access-list extended OUTSIDE-TO-TELEWORKER
permit ip any host 10.0.3.254

class-map type inspect match-all OUTSIDE-TO-TELEWORKER-CLASS
match access-group name OUTSIDE-TO-TELEWORKER


policy-map type inspect OUTSIDE-TO-INSIDE-POLICY
class type inspect OUTSIDE-TO-INSIDE-WEB-CLASS
inspect

class type inspect OUTSIDE-TO-INSIDE-FTP-CLASS
inspect

class type inspect OUTSIDE-TO-INSIDE-SMTP-CLASS
inspect

class type inspect OUTSIDE-TO-INSIDE-DNS-CLASS
inspect


class type inspect OUTSIDE-TO-INSIDE-POP-CLASS
inspect

class type inspect OUTSIDE-TO-INSIDE-IMAP-CLASS
inspect

class type inspect OUTSIDE-TO-INSIDE-HTTPS-CLASS
inspect

class type inspect OUTSIDE-TO-INSIDE-RDP-CLASS
inspect


policy-map type inspect TELEWORKER-TO-OUTSIDE-POLICY
class type inspect TELEWORKER-TO-OUTSIDE-CLASS
inspect

policy-map type inspect OUTSIDE-TO-TELEWORKER-POLICY
class type inspect OUTSIDE-TO-TELEWORKER-CLASS
inspect

zone-pair security OUT-IN source out-zone destination in-zone
service-policy type inspect OUTSIDE-TO-INSIDE-POLICY

zone-pair security OUT-TELEWORKER source out-zone destination teleworker
service-policy type inspect OUTSIDE-TO-TELEWORKER-POLICY

zone-pair security TELEWORKER-OUT source teleworker destination out-zone
service-policy type inspect TELEWORKER-TO-OUTSIDE-POLICY


  • -1

#2 alimalik8222

alimalik8222

    Member

  • Members
  • PipPip
  • 55 posts

Posted 22 January 2013 - 03:11 AM

Respected Sir,
 
How r u Sir? I hope u will be fine there. Lets talk about some business. We
have CCNA Vouchers on special discount so you could sale it at your own
price or get commission from us, It's up on You. Contact IT-Centers in your
country tell them we have special discounted CCNA Vouchers  for them or for
them who will purchase in bulk quantity. This offer is valid for World wide.
Also caught the students who wants to give CCNA Exam.
You can also do Vouchers marketing on Add sites, Forum sites or through creating
Blogs on different sites, I mean Electronic Marketing. You can also do marketing
Physically or meet those people which are related with IT field. I will give you CCNA
Vouchers on 58% Discount.
Now it's up on you many people doing this and earning a lot of money, because IT is
a business which is running in all over the world.
One thing more CCNA Voucher expires within 3 months(CCNA Voucher) validity is 3 months.
If you have any Questions feel free to contact me.
 
Thanks,
Best regards,
Imran

  • 0





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users