From: Jay Hennigan (jay@xxxxxxxx)
Date: Sat Aug 11 2001 - 20:12:24 GMT-3
On Sat, 11 Aug 2001, Muhammed Omar wrote:
> Hi guys
>
> I've setup a 1605 as a firewall (as below) to allow browsing, email & also
> for remote users MS Outlook for Web Access. The problem is using a browser
> users can't logon to Exchange 5.5 SP4 server (on Win2K server) for email usin
g
> port 80. The logon prompt is displayed but when a user types in name password
> it does not log them in & does NOT give any error message. Any idea what I'm
> missing. Is it permissions issue on Win2K?
Port 443 TCP for SSL, perhaps?
Try turning on logging on your deny statement in the ACL and see what's
getting captured. Just change the last line to:
access-list 112 deny ip any any log
and turn on term mon unless you're on console.
> hostname 1605
> !
> enable password c
> !
> ip subnet-zero
> !
> ip inspect name ethernetin cuseeme timeout 3600
> ip inspect name ethernetin ftp timeout 3600
> ip inspect name ethernetin h323 timeout 3600
> ip inspect name ethernetin http timeout 3600
> ip inspect name ethernetin rcmd timeout 3600
> ip inspect name ethernetin realaudio timeout 3600
> ip inspect name ethernetin smtp timeout 3600
> ip inspect name ethernetin sqlnet timeout 3600
> ip inspect name ethernetin streamworks timeout 3600
> ip inspect name ethernetin tcp timeout 3600
> ip inspect name ethernetin tftp timeout 30
> ip inspect name ethernetin udp timeout 15
> ip inspect name ethernetin vdolive timeout 3600
> !
> !
> interface Ethernet0
> ip address 150.150.150.1 255.255.255.0
> ip access-group 112 in
> no ip directed-broadcast
> ip nat outside
>
> interface Ethernet1
> ip address 20.20.20.2 255.255.255.0
> no ip directed-broadcast
> ip nat inside
> ip inspect ethernetin in
>
> !
> interface Serial1
> no ip address
> no ip directed-broadcast
> shutdown
> !
> ip nat inside source list 7 interface Ethernet0 overload
> ip nat inside source static tcp 20.20.20.20 150.150.150.150
> !
> ip classless
> ip route 0.0.0.0 0.0.0.0 150.150.150.2
> !
> access-list 7 deny 20.20.20.20
> access-list 7 permit 20.0.0.0 0.255.255.255
> !
> access-list 112 permit icmp any 150.150.150.0 0.0.0.255 unreachable
> access-list 112 permit icmp any 150.150.150.0 0.0.0.255 echo-reply
> access-list 112 permit icmp any 150.150.150.0 0.0.0.255 packet-too-big
> access-list 112 permit icmp any 150.150.150.0 0.0.0.255 time-exceeded
> access-list 112 permit icmp any 150.150.150.0 0.0.0.255 traceroute
> access-list 112 permit icmp any 150.150.150.0 0.0.0.255
> administratively-prohibited
> access-list 112 permit icmp any 150.150.150.0 0.0.0.255 echo
> access-list 112 permit tcp any www host 150.150.150.150 eq www
> access-list 112 permit tcp host 200.20.1.1 25 host 150.150.150.150 eq 25
> access-list 112 permit tcp host 150.150.150.2 host 150.150.150.1 eq telnet
> access-list 112 deny ip 127.0.0.0 0.255.255.255 any
> access-list 112 deny ip any any
-- Jay Hennigan - CCIE #7880 - Network Administration - jay@west.net NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 **Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:49 GMT-3