+ Reply to Thread
Results 1 to 3 of 3
  1. Member
    Join Date
    Dec 2012
    Posts
    41
    #1

    Default Can't Access My website hosted on my internal webserver behind a Cisco Router

    Hello,
    I have a website hosted on my .52 webserver, port 80 and 53 have been opened. I can access the website from the internet by using its public IP address but not its name (www.aaa.com).

    Below is my configuration I have broken down my configuration into three phases
    1) NAT for two ISP's : one Primary and one for backup.
    2)Zone Based Firewall (outside to inside)
    3)Zone Based Firewall (inside to outside): done using CCP
    My Nat is working perfectly fine, I configured the Outside to Inside Zone opening up the relevant ports, and all the right ports are opened, I used CCP to configure the Inside to Outside Zone because I am not sure of all the ports that would need to be opened and is pretty straight forward with CCP.

    -My internal DNS server is 10.0.0.1 and configured properly because it is currently working with a proprietary Firewall.
    -From inside to outside everything works fine.
    -I can ping my DNS server from my router, I have opened port 53 for my DNS server on ZBF.
    -I can Ping my website on my 10.0.0.52 webserver from my Router using its name ie ping www.aaa.com and it shows it to resolve to the correct Public IP and ping successful.
    -From the Internet I can access the website from the external Ip address http://216.140.140.4 (10.0.0.52- 216.140.140.4) but not as http://www.aaa.com.
    however cant get it with its name
    -I dont have a Nat entry for my internal DNS server however I have opened up Port 53 for it on Zone Based Firewall.

    Now I dont understand how to provide the static Translation as I dont need the DNS server to really access the Internet, or am i getting something wrong?
    Please would appreciate your help.
    Bellow is my configuration.


    1) NAT:

    track 1 ip sla 1 reachability
    !
    track 2 ip sla 2 reachability
    !


    interface Embedded-Service-Engine0/0
    no ip address
    shutdown
    !
    interface GigabitEthernet0/0
    ip address 10.0.0.254 255.255.255.0
    ip nat inside
    ip virtual-reassembly in
    ip policy route-map PRIVATE-INGRESS
    duplex auto
    speed auto
    no keepalive
    !
    interface GigabitEthernet0/1
    ip address 216.150.150.4 255.255.255.0 secondary
    ip address 216.140.140.2 255.255.255.224
    ip nat outside
    ip virtual-reassembly in
    duplex auto
    speed auto
    !
    interface GigabitEthernet0/2
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    ip forward-protocol nd
    no ip http server
    no ip http secure-server
    !
    ip nat pool PRIMARY-POOL 216.140.140.2 216.140.140.2 prefix-length 27
    ip nat pool SECONDARY-POOL 216.150.150.4 216.150.150.4 prefix-length 24
    ip nat inside source route-map PRIMARY-NAT pool PRIMARY-POOL overload
    ip nat inside source route-map SECONDARY-NAT pool SECONDARY-POOL overload
    ip nat inside source static 10.0.0.52 216.140.140.4 route-map STATIC-NAT-PRIMARY
    ip nat inside source static 10.0.0.53 216.140.140.5 route-map STATIC-NAT-PRIMARY
    ip nat inside source static 10.0.0.59 216.140.140.6 route-map STATIC-NAT-PRIMARY
    ip nat inside source static 10.0.0.61 216.140.140.7 route-map STATIC-NAT-PRIMARY
    ip nat inside source static 10.0.0.228 216.140.140.8 route-map STATIC-NAT-PRIMARY
    ip nat inside source static 10.0.0.16 216.140.140.11 route-map STATIC-NAT-PRIMARY
    ip nat inside source static 10.0.0.30 216.140.140.12 route-map STATIC-NAT-PRIMARY
    ip nat inside source static 10.0.0.251 216.140.140.13 route-map STATIC-NAT-PRIMARY
    ip nat inside source static 10.0.0.44 216.140.140.15 route-map STATIC-NAT-PRIMARY
    ip nat inside source static 10.0.0.54 216.140.140.16 route-map STATIC-NAT-PRIMARY
    ip nat inside source static 10.0.0.23 216.140.140.17 route-map STATIC-NAT-PRIMARY
    ip nat inside source static 10.0.0.58 216.140.140.18 route-map STATIC-NAT-PRIMARY
    ip nat inside source static 10.0.0.230 216.140.140.19 route-map STATIC-NAT-PRIMARY
    ip nat inside source static 10.0.0.216 216.140.140.21 route-map STATIC-NAT-PRIMARY
    ip nat inside source static 10.0.0.220 216.140.140.22 route-map STATIC-NAT-PRIMARY
    ip nat inside source static 10.0.0.33 216.140.140.25 route-map STATIC-NAT-PRIMARY
    ip nat inside source static 10.0.0.21 216.140.140.26 route-map STATIC-NAT-PRIMARY
    ip nat inside source static 10.0.0.22 216.140.140.27 route-map STATIC-NAT-PRIMARY
    ip nat inside source static 10.0.0.24 216.140.140.28 route-map STATIC-NAT-PRIMARY
    ip nat inside source static 10.0.0.25 216.140.140.29 route-map STATIC-NAT-PRIMARY
    ip nat inside source static 10.0.0.59 216.150.150.5 route-map STATIC-NAT-SECONDARY
    ip nat inside source static 10.0.0.52 216.150.150.6 route-map STATIC-NAT-SECONDARY
    ip nat inside source static 10.0.0.53 216.150.150.7 route-map STATIC-NAT-SECONDARY
    ip nat inside source static 10.0.0.16 216.150.150.8 route-map STATIC-NAT-SECONDARY
    ip nat inside source static 10.0.0.58 216.150.150.9 route-map STATIC-NAT-SECONDARY
    ip nat inside source static 10.0.0.61 216.150.150.11 route-map STATIC-NAT-SECONDARY
    ip route 0.0.0.0 0.0.0.0 216.140.140.1 track 1
    ip route 0.0.0.0 0.0.0.0 216.150.150.254 10
    !
    ip access-list standard DYNAMIC-PRIMARY
    deny 10.0.0.24
    deny 10.0.0.25
    deny 10.0.0.30
    deny 10.0.0.16
    deny 10.0.0.22
    deny 10.0.0.23
    deny 10.0.0.21
    deny 10.0.0.44
    deny 10.0.0.33
    deny 10.0.0.58
    deny 10.0.0.59
    deny 10.0.0.61
    deny 10.0.0.54
    deny 10.0.0.52
    deny 10.0.0.53
    deny 10.0.0.216
    deny 10.0.0.220
    deny 10.0.0.230
    deny 10.0.0.228
    deny 10.0.0.251
    permit 10.0.0.0 0.255.255.255
    ip access-list standard DYNAMIC-SECONDARY
    permit 10.0.0.0 0.255.255.255
    ip access-list standard PRIMARY-NEXT-HOP
    permit 216.140.140.1
    ip access-list standard SECONDARY-NEXT-HOP
    permit 216.150.150.254
    !
    ip sla 1
    icmp-echo 216.140.140.1 source-ip 216.140.140.2
    threshold 2
    timeout 1000
    frequency 3
    ip sla schedule 1 life forever start-time now
    ip sla 2
    icmp-echo 216.150.150.254 source-ip 216.150.150.4
    threshold 2
    timeout 1000
    frequency 3
    ip sla schedule 2 life forever start-time now
    !
    !
    !
    !
    route-map STATIC-NAT-PRIMARY permit 10
    match ip next-hop PRIMARY-NEXT-HOP
    !
    route-map STATIC-NAT-PRIMARY deny 20
    !
    route-map STATIC-NAT-SECONDARY permit 10
    match ip next-hop SECONDARY-NEXT-HOP
    !
    route-map STATIC-NAT-SECONDARY deny 20
    !
    route-map SECONDARY-NAT permit 10
    match ip address DYNAMIC-SECONDARY
    match ip next-hop SECONDARY-NEXT-HOP
    !
    route-map SECONDARY-NAT deny 20
    !
    route-map PRIVATE-INGRESS permit 10
    set ip next-hop verify-availability 216.140.140.1 10 track 1
    set ip next-hop verify-availability 216.150.150.254 20 track 2
    !
    route-map PRIVATE-INGRESS permit 11
    !
    route-map PRIMARY-NAT permit 10
    match ip address DYNAMIC-PRIMARY
    match ip next-hop PRIMARY-NEXT-HOP
    !
    route-map PRIMARY-NAT deny 20



    2) OUTSIDE TO INSIDE ZONE (ZBF):

    Zone security out-zone
    zone security in-zone
    zone security teleworker


    interface gi0/1
    Zone-member security out-zone


    interface gi0/0
    zone-member security in-zone


    interface gi0/2
    ip address 10.1.0.254 255.255.255.0
    zone-member security teleworker
    exit


    ip name-server 10.0.0.1
    ip port-map user-RDP port tcp 3389
    ip port-map user-WEBB port tcp 8080


    zone-pair security OUT-IN source out-zone destination in-zone
    zone-pair security OUT-TELEWORKER source out-zone destination teleworker
    zone-pair security TELEWORKER-OUT source teleworker destination out-zone


    ip access-list extended OUTSIDE-TO-INSIDE-WEB
    permit tcp any host 10.0.0.23 eq 80
    permit tcp any host 10.0.0.59 eq 80
    permit tcp any host 10.0.0.61 eq 80
    permit tcp any host 10.0.0.228 eq 80
    permit tcp any host 10.0.0.16 eq 80
    permit tcp any host 10.0.0.30 eq 80
    permit tcp any host 10.0.0.52 eq 80
    permit tcp any host 10.0.0.55 eq 80


    class-map type inspect match-all OUTSIDE-TO-INSIDE-WEB-CLASS
    match protocol http
    match access-group name OUTSIDE-TO-INSIDE-WEB


    ip access-list extended OUTSIDE-TO-INSIDE-FTP
    permit tcp any host 10.0.0.52 eq 20 21
    permit tcp any host 10.0.0.23 eq 20 21
    permit tcp any host 10.0.0.59 eq 20 21
    permit tcp any host 10.0.0.61 eq 20 21
    permit tcp any host 10.0.0.228 eq 20 21
    permit tcp any host 10.0.0.55 eq 20 21


    class-map type inspect match-all OUTSIDE-TO-INSIDE-FTP-CLASS
    match protocol ftp
    match access-group name OUTSIDE-TO-INSIDE-FTP


    ip access-list extended OUTSIDE-TO-INSIDE-SMTP
    permit tcp any host 10.0.0.52 eq 25
    permit tcp any host 10.0.0.23 eq 25
    permit tcp any host 10.0.0.59 eq 25
    permit tcp any host 10.0.0.61 eq 25
    permit tcp any host 10.0.0.228 eq 25
    permit tcp any host 10.0.0.55 eq 25


    class-map type inspect match-all OUTSIDE-TO-INSIDE-SMTP-CLASS
    match protocol smtp
    match access-group name OUTSIDE-TO-INSIDE-SMTP


    ip access-list extended OUTSIDE-TO-INSIDE-DNS
    permit tcp any host 10.0.0.23 eq 53
    permit udp any host 10.0.0.23 eq 53
    permit tcp any host 10.0.0.59 eq 53
    permit udp any host 10.0.0.59 eq 53
    permit tcp any host 10.0.0.61 eq 53
    permit udp any host 10.0.0.61 eq 53
    permit tcp any host 10.0.0.228 eq 53
    permit udp any host 10.0.0.228 eq 53
    permit tcp any host 10.0.0.52 eq 53
    permit udp any host 10.0.0.52 eq 53
    permit tcp any host 10.0.0.55 eq 53
    permit udp any host 10.0.0.55 eq 53
    permit tcp any host 10.0.0.1 eq 53
    permit udp any host 10.0.0.1 eq 53




    class-map type inspect match-all OUTSIDE-TO-INSIDE-DNS-CLASS
    match protocol dns
    match access-group name OUTSIDE-TO-INSIDE-DNS




    ip access-list extended OUTSIDE-TO-INSIDE-HTTPS
    permit tcp any host 10.0.0.52 eq 443
    permit tcp any host 10.0.0.23 eq 443
    permit tcp any host 10.0.0.59 eq 443
    permit tcp any host 10.0.0.61 eq 443
    permit tcp any host 10.0.0.228 eq 443
    permit tcp any host 10.0.0.55 eq 443
    permit tcp any host 10.0.0.53 eq 443




    class-map type inspect match-all OUTSIDE-TO-INSIDE-HTTPS-CLASS
    match protocol https
    match access-group name OUTSIDE-TO-INSIDE-HTTPS


    ip access-list extended OUTSIDE-TO-INSIDE-RDP
    permit tcp any host 10.0.0.52 eq 3389
    permit tcp any host 10.0.0.23 eq 3389
    permit tcp any host 10.0.0.59 eq 3389
    permit tcp any host 10.0.0.61 eq 3389
    permit tcp any host 10.0.0.228 eq 3389
    permit tcp any host 10.0.0.58 eq 3389
    permit tcp any host 10.0.0.33 eq 3389
    permit tcp any host 10.0.0.25 eq 3389
    permit tcp any host 10.0.0.44 eq 3389
    permit tcp any host 10.0.0.251 eq 3389
    permit tcp any host 10.0.0.21 eq 3389
    permit tcp any host 10.0.0.22 eq 3389
    permit tcp any host 10.0.0.24 eq 3389
    permit tcp any host 10.0.0.30 eq 3389
    permit tcp any host 10.0.0.230 eq 3389
    permit tcp any host 10.0.0.55 eq 3389
    permit tcp any host 10.0.0.220 eq 3389
    permit tcp any host 10.0.0.25 eq 3389


    class-map type inspect match-all OUTSIDE-TO-INSIDE-RDP-CLASS
    match protocol user-RDP
    match access-group name OUTSIDE-TO-INSIDE-RDP


    ip access-list extended OUTSIDE-TO-INSIDE-WEBB
    permit tcp any host 10.0.0.23 eq 8080
    permit tcp any host 10.0.0.228 eq 8080


    class-map type inspect match-all OUTSIDE-TO-INSIDE-WEBB-CLASS
    match protocol user-WEBB
    match access-group name OUTSIDE-TO-INSIDE-WEBB




    ip access-list extended TELEWORKER-TO-OUTSIDE
    permit ip host 10.1.0.254 any


    class-map type inspect match-all TELEWORKER-TO-OUTSIDE-CLASS
    match access-group name TELEWORKER-TO-OUTSIDE


    ip access-list extended OUTSIDE-TO-TELEWORKER
    permit ip any host 10.1.0.254


    class-map type inspect match-all OUTSIDE-TO-TELEWORKER-CLASS
    match access-group name OUTSIDE-TO-TELEWORKER




    policy-map type inspect OUTSIDE-TO-INSIDE-POLICY
    class type inspect OUTSIDE-TO-INSIDE-WEB-CLASS
    inspect


    class type inspect OUTSIDE-TO-INSIDE-WEBB-CLASS
    inspect




    class type inspect OUTSIDE-TO-INSIDE-FTP-CLASS
    inspect


    class type inspect OUTSIDE-TO-INSIDE-SMTP-CLASS
    inspect


    class type inspect OUTSIDE-TO-INSIDE-DNS-CLASS
    inspect




    class type inspect OUTSIDE-TO-INSIDE-HTTPS-CLASS
    inspect


    class type inspect OUTSIDE-TO-INSIDE-RDP-CLASS
    inspect




    policy-map type inspect TELEWORKER-TO-OUTSIDE-POLICY
    class type inspect TELEWORKER-TO-OUTSIDE-CLASS
    inspect


    policy-map type inspect OUTSIDE-TO-TELEWORKER-POLICY
    class type inspect OUTSIDE-TO-TELEWORKER-CLASS
    inspect


    zone-pair security OUT-IN source out-zone destination in-zone
    service-policy type inspect OUTSIDE-TO-INSIDE-POLICY


    zone-pair security OUT-TELEWORKER source out-zone destination teleworker
    service-policy type inspect OUTSIDE-TO-TELEWORKER-POLICY


    zone-pair security TELEWORKER-OUT source teleworker destination out-zone
    service-policy type inspect TELEWORKER-TO-OUTSIDE-POLICY




    3) INSIDE TO OUTSIDE ZONE CONFIGURATION (USING CCP)

    parameter-map type protocol-info msn-servers
    server name messenger.hotmail.com
    server name gateway.messenger.hotmail.com
    server name webmessenger.msn.com
    exit
    parameter-map type protocol-info aol-servers
    server name login.oscar.aol.com
    server name toc.oscar.aol.com
    server name oam-d09a.blue.aol.com
    exit
    parameter-map type protocol-info yahoo-servers
    server name scs.msg.yahoo.com
    server name scsa.msg.yahoo.com
    server name scsb.msg.yahoo.com
    server name scsc.msg.yahoo.com
    server name scsd.msg.yahoo.com
    server name cs16.msg.dcn.yahoo.com
    server name cs19.msg.dcn.yahoo.com
    server name cs42.msg.dcn.yahoo.com
    server name cs53.msg.dcn.yahoo.com
    server name cs54.msg.dcn.yahoo.com
    server name ads1.vip.scd.yahoo.com
    server name radio1.launch.vip.dal.yahoo.com
    server name in1.msg.vip.re2.yahoo.com
    server name data1.my.vip.sc5.yahoo.com
    server name address1.pim.vip.mud.yahoo.com
    server name edit.messenger.yahoo.com
    server name messenger.yahoo.com
    server name http.pager.yahoo.com
    server name privacy.yahoo.com
    server name csa.yahoo.com
    server name csb.yahoo.com
    server name csc.yahoo.com
    exit
    class-map type inspect edonkey match-any ccp-app-edonkeychat
    match search-file-name
    match text-chat
    exit
    class-map type inspect match-any ccp-cls-protocol-p2p
    match protocol edonkey signature
    match protocol gnutella signature
    match protocol kazaa2 signature
    match protocol fasttrack signature
    match protocol bittorrent signature
    exit
    class-map type inspect match-all ccp-protocol-p2p
    match class-map ccp-cls-protocol-p2p
    exit
    class-map type inspect match-any ccp-cls-protocol-im
    match protocol ymsgr yahoo-servers
    match protocol msnmsgr msn-servers
    match protocol aol aol-servers
    exit
    class-map type inspect match-all ccp-protocol-im
    match class-map ccp-cls-protocol-im
    exit
    class-map type inspect match-any ccp-h323annexe-inspect
    match protocol h323-annexe
    exit
    class-map type inspect match-all ccp-protocol-imap
    match protocol imap
    exit
    class-map type inspect http match-any ccp-http-allowparam
    match request port-misuse tunneling
    exit
    class-map type inspect match-any ccp-h323nxg-inspect
    match protocol h323-nxg
    exit
    class-map type inspect msnmsgr match-any ccp-app-msn
    match service text-chat
    exit
    class-map type inspect aol match-any ccp-app-aol
    match service text-chat
    exit
    class-map type inspect match-all ccp-protocol-http
    match protocol http
    exit
    class-map type inspect http match-any ccp-app-httpmethods
    match request method bcopy
    match request method bdelete
    match request method bmove
    match request method bpropfind
    match request method bproppatch
    match request method connect
    match request method copy
    match request method delete
    match request method edit
    match request method getattribute
    match request method getattributenames
    match request method getproperties
    match request method index
    match request method lock
    match request method mkcol
    match request method mkdir
    match request method move
    match request method notify
    match request method options
    match request method poll
    match request method propfind
    match request method proppatch
    match request method put
    match request method revadd
    match request method revlabel
    match request method revlog
    match request method revnum
    match request method save
    match request method search
    match request method setattribute
    match request method startrev
    match request method stoprev
    match request method subscribe
    match request method trace
    match request method unedit
    match request method unlock
    match request method unsubscribe
    exit
    class-map type inspect http match-any ccp-http-blockparam
    match request port-misuse im
    match request port-misuse p2p
    match req-resp protocol-violation
    exit
    class-map type inspect pop3 match-any ccp-app-pop3
    match invalid-command
    exit
    class-map type inspect kazaa2 match-any ccp-app-kazaa2
    match file-transfer
    exit
    class-map type inspect edonkey match-any ccp-app-edonkeydownload
    match file-transfer
    exit
    class-map type inspect gnutella match-any ccp-app-gnutella
    match file-transfer
    exit
    class-map type inspect fasttrack match-any ccp-app-fasttrack
    match file-transfer
    exit
    class-map type inspect match-any ccp-sip-inspect
    match protocol sip
    exit
    class-map type inspect msnmsgr match-any ccp-app-msn-otherservices
    match service any
    exit
    class-map type inspect ymsgr match-any ccp-app-yahoo
    match service text-chat
    exit
    class-map type inspect match-any ccp-cls-insp-traffic
    match protocol dns
    match protocol ftp
    match protocol https
    match protocol icmp
    match protocol imap
    match protocol pop3
    match protocol netshow
    match protocol shell
    match protocol realmedia
    match protocol rtsp
    match protocol smtp extended
    match protocol sql-net
    match protocol streamworks
    match protocol tftp
    match protocol vdolive
    match protocol tcp
    match protocol udp
    exit
    class-map type inspect match-any ccp-skinny-inspect
    match protocol skinny
    exit
    class-map type inspect match-any ccp-cls-icmp-access
    match protocol icmp
    exit
    class-map type inspect match-all ccp-icmp-access
    match class-map ccp-cls-icmp-access
    exit
    class-map type inspect match-any ccp-h225ras-inspect
    match protocol h225ras
    exit
    class-map type inspect match-all ccp-protocol-pop3
    match protocol pop3
    exit
    class-map type inspect aol match-any ccp-app-aol-otherservices
    match service any
    exit
    class-map type inspect ymsgr match-any ccp-app-yahoo-otherservices
    match service any
    exit
    class-map type inspect edonkey match-any ccp-app-edonkey
    match file-transfer
    match text-chat
    match search-file-name
    exit
    class-map type inspect match-any ccp-h323-inspect
    match protocol h323
    exit
    class-map type inspect imap match-any ccp-app-imap
    match invalid-command
    exit
    class-map type inspect match-all ccp-insp-traffic
    match class-map ccp-cls-insp-traffic
    exit
    policy-map type inspect imap ccp-action-imap
    class type inspect imap ccp-app-imap
    log
    exit
    exit
    policy-map type inspect im ccp-action-app-im
    class type inspect aol ccp-app-aol
    log
    allow
    exit
    class type inspect msnmsgr ccp-app-msn
    log
    allow
    exit
    class type inspect ymsgr ccp-app-yahoo
    log
    allow
    exit
    class type inspect aol ccp-app-aol-otherservices
    log
    reset
    exit
    class type inspect msnmsgr ccp-app-msn-otherservices
    log
    reset
    exit
    class type inspect ymsgr ccp-app-yahoo-otherservices
    log
    reset
    exit
    exit
    policy-map type inspect http ccp-action-app-http
    class type inspect http ccp-http-blockparam
    log
    reset
    exit
    class type inspect http ccp-app-httpmethods
    log
    reset
    exit
    class type inspect http ccp-http-allowparam
    log
    allow
    exit
    exit
    policy-map type inspect p2p ccp-action-app-p2p
    class type inspect edonkey ccp-app-edonkeychat
    log
    allow
    exit
    class type inspect edonkey ccp-app-edonkeydownload
    log
    allow
    exit
    class type inspect fasttrack ccp-app-fasttrack
    log
    allow
    exit
    class type inspect gnutella ccp-app-gnutella
    log
    allow
    exit
    class type inspect kazaa2 ccp-app-kazaa2
    log
    allow
    exit
    exit
    policy-map type inspect pop3 ccp-action-pop3
    class type inspect pop3 ccp-app-pop3
    log
    exit
    exit
    policy-map type inspect ccp-permit-icmpreply
    class type inspect ccp-icmp-access
    no drop
    inspect
    exit
    class class-default
    no drop
    pass
    exit
    exit
    policy-map type inspect ccp-permit
    class class-default
    exit
    policy-map type inspect ccp-inspect
    class type inspect ccp-invalid-src
    drop log
    exit
    class type inspect ccp-protocol-http
    no drop
    inspect
    service-policy http ccp-action-app-http
    exit
    class type inspect ccp-protocol-imap
    no drop
    inspect
    service-policy imap ccp-action-imap
    exit
    class type inspect ccp-protocol-pop3
    no drop
    inspect
    service-policy pop3 ccp-action-pop3
    exit
    class type inspect ccp-protocol-p2p
    no drop
    inspect
    service-policy p2p ccp-action-app-p2p
    exit
    class type inspect ccp-protocol-im
    no drop
    inspect
    service-policy im ccp-action-app-im
    exit
    class type inspect ccp-insp-traffic
    no drop
    inspect
    exit
    class type inspect ccp-sip-inspect
    no drop
    inspect
    exit
    class type inspect ccp-h323-inspect
    no drop
    inspect
    exit
    class type inspect ccp-h323annexe-inspect
    no drop
    inspect
    exit
    class type inspect ccp-h225ras-inspect
    no drop
    inspect
    exit
    class type inspect ccp-h323nxg-inspect
    no drop
    inspect
    exit
    class type inspect ccp-skinny-inspect
    no drop
    inspect
    exit
    exit
    zone security out-zone
    zone security in-zone
    zone-pair security ccp-zp-self-out source self destination out-zone
    service-policy type inspect ccp-permit-icmpreply
    exit
    zone-pair security ccp-zp-in-out source in-zone destination out-zone
    service-policy type inspect ccp-inspect
    exit
    zone-pair security ccp-zp-out-self source out-zone destination self
    service-policy type inspect ccp-permit
    exit
    Reply With Quote Quote  

  2. SS -->
  3. Netlurker cisco_trooper's Avatar
    Join Date
    Aug 2007
    Posts
    1,420

    Certifications
    CCNP Security, ASA Specialist, Firewall Security Specialist, IOS Security Specialist, IPS Specialist, VPN Security Specialist
    #2
    Hey man, so you said you can reach the website by IP but not by name. Did you validate your DNS configuration? Because you said the IP stuff is working there is not a lot of reason to look toward your router. At least not until you know your DNS is correct.
    Reply With Quote Quote  

  4. Member
    Join Date
    Dec 2012
    Posts
    41
    #3
    Quote Originally Posted by cisco_trooper View Post
    Hey man, so you said you can reach the website by IP but not by name. Did you validate your DNS configuration? Because you said the IP stuff is working there is not a lot of reason to look toward your router. At least not until you know your DNS is correct.
    Ya I got it working by creating a Static PAT to my DNS server.
    Thanks
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks