Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
250
Views
0
Helpful
1
Replies

871 Firewall Help

jksnook
Level 1
Level 1

‎10-10-2007 07:41 AM - edited ‎03-11-2019 04:23 AM

I am attempting to allow Microsoft communicator access from my remote 871's to our corporate office. Each 871 uses an EasyVPN configuration to access resources at our corporate office.

Communication server runs on TCP 5060 and I CAN telnet to the IP:port from the remote 871. Any idea's why the 871 is blocking the traffic?

Here are the access lists applied:

****This access list is applied to interface BVI 1 which is tied to the EasyVPN config.

access-list 100 remark auto generated by Cisco SDM Express firewall configuration

access-list 100 remark SDM_ACL Category=1

access-list 100 permit tcp 10.0.0.0 0.255.255.255 host 10.2.101.1 eq telnet

access-list 100 permit tcp 10.0.0.0 0.255.255.255 host 10.2.101.1 eq 22

access-list 100 permit tcp 10.0.0.0 0.255.255.255 host 10.2.101.1 eq www

access-list 100 permit tcp 10.0.0.0 0.255.255.255 host 10.2.101.1 eq 443

access-list 100 permit tcp 10.0.0.0 0.255.255.255 host 10.2.101.1 eq cmd

access-list 100 deny tcp any host 10.2.101.1 eq telnet

access-list 100 deny tcp any host 10.2.101.1 eq 22

access-list 100 deny tcp any host 10.2.101.1 eq www

access-list 100 deny tcp any host 10.2.101.1 eq 443

access-list 100 deny tcp any host 10.2.101.1 eq cmd

access-list 100 deny udp any host 10.2.101.1 eq snmp

access-list 100 deny ip host 255.255.255.255 any

access-list 100 deny ip 127.0.0.0 0.255.255.255 any

access-list 100 permit ip any any

****This access list is applied to the WAN interface (FA4)

access-list 101 permit udp any eq bootps any eq bootpc

access-list 101 deny ip 10.2.101.0 0.0.0.255 any

access-list 101 permit icmp any any echo-reply

access-list 101 permit icmp any any time-exceeded

access-list 101 permit icmp any any unreachable

access-list 101 deny ip 10.0.0.0 0.255.255.255 any

access-list 101 deny ip 172.16.0.0 0.15.255.255 any

access-list 101 deny ip 192.168.0.0 0.0.255.255 any

access-list 101 deny ip 127.0.0.0 0.255.255.255 any

access-list 101 deny ip host 255.255.255.255 any

access-list 101 deny ip any any

access-list 102 remark Auto generated by SDM Management Access feature

access-list 102 remark SDM_ACL Category=1

access-list 102 permit ip 10.0.0.0 0.255.255.255 any

ip inspect name DEFAULT100 cuseeme

ip inspect name DEFAULT100 ftp

ip inspect name DEFAULT100 h323

ip inspect name DEFAULT100 icmp

ip inspect name DEFAULT100 netshow

ip inspect name DEFAULT100 rcmd

ip inspect name DEFAULT100 realaudio

ip inspect name DEFAULT100 rtsp

ip inspect name DEFAULT100 esmtp

ip inspect name DEFAULT100 sqlnet

ip inspect name DEFAULT100 streamworks

ip inspect name DEFAULT100 tftp

ip inspect name DEFAULT100 tcp

ip inspect name DEFAULT100 udp

ip inspect name DEFAULT100 vdolive

ip inspect name DEFAULT100 gdoi

ip inspect name DEFAULT100 isakmp

ip inspect name DEFAULT100 ipsec-msft

ip inspect name DEFAULT100 ssp

Labels:
0 Helpful
1 Reply 1

tstanik
Level 5
Level 5

‎10-16-2007 09:34 AM

In your configuration there seems no ACL entry that will be blocking the traffic. Run debugs and check which ACL (if any) is blocking the traffic. Also are you sure that the traffic is reaching the routers and not getting dropped or blocked in between or midway.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card