Cisco config issues

MasterPlan1

MasterPlan1

MasterPlan1

Associate
Joined
28 Oct 2002
Posts
1,819
Location
SE London
I'm trying to setup OVPN on my network, but my Cisco is being a bit of a *****, it's not opening up and/or forwarding on ports 443 and 1194 onto my server, here's my access-list and nat config lines:

Code: 
ip nat inside source list 1 interface FastEthernet0 overload
ip nat inside source static tcp 10.10.10.13 443 interface FastEthernet0 443
ip nat inside source static udp 10.10.10.13 1194 interface FastEthernet0 1194
ip nat inside source static tcp 10.10.10.13 8080 interface FastEthernet0 8080
ip nat inside source static tcp 10.10.10.13 80 interface FastEthernet0 80
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 remark INSIDE_IF=BVI1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.0.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 10.10.0.0 0.0.0.255
access-list 2 deny   any
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 permit udp host 8.8.4.4 eq domain any
access-list 101 permit udp host 8.8.8.8 eq domain any
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 deny   ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip any any
access-list 101 permit udp any any eq 1194
access-list 101 permit tcp any any eq 443
access-list 101 permit tcp any any eq 8080
access-list 101 permit tcp any any eq www
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp any any eq ntp
access-list 101 permit tcp any any eq 13680 log
access-list 101 permit tcp any any eq 8000
access-list 101 permit udp any any eq 55567
access-list 101 permit tcp any any eq 443 log
access-list 101 permit tcp any any eq 55567
access-list 101 permit tcp any any eq 54222
access-list 101 permit tcp any any eq 3074
access-list 101 permit udp any any eq 3074
access-list 101 permit udp any any eq 88
access-list 101 permit ip host 216.66.80.26 any
access-list 101 deny   ip 10.10.0.0 0.0.0.255 any
access-list 101 deny   ip 10.10.0.0 0.0.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 102 remark VTY Access-class list
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip 10.10.0.0 0.0.0.255 any
access-list 102 deny   ip any any
dialer-list 1 protocol ip permit
no cdp run

If it helps any, it's a Cisco 1801, my configurational knowledge of Cisco's is limited to switches and, and making VPN pools.
 
Where is ACL 101 applied and what direction?
You have
Code: 
access-list 101 deny   ip any any
part way down it, before your permits for your VPN ports, so that whole portion is negated (top down processing - first match). If you remove that one line and try it then. Treat the ACL as a NACL (named ACL) and you'll be able to remove the single line, if you just type
Code: 
no access-list 101 deny   ip any any
you'll remove the whole ACL

For NACL
Try the following:

Code: 
conf t
ip access-list extended 101
no deny ip any any
exit
exit
#
#
#
show access-list 101
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom