10-10-2007 07:41 AM - edited 03-11-2019 04:23 AM
I am attempting to allow Microsoft communicator access from my remote 871's to our corporate office. Each 871 uses an EasyVPN configuration to access resources at our corporate office.
Communication server runs on TCP 5060 and I CAN telnet to the IP:port from the remote 871. Any idea's why the 871 is blocking the traffic?
Here are the access lists applied:
****This access list is applied to interface BVI 1 which is tied to the EasyVPN config.
access-list 100 remark auto generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 permit tcp 10.0.0.0 0.255.255.255 host 10.2.101.1 eq telnet
access-list 100 permit tcp 10.0.0.0 0.255.255.255 host 10.2.101.1 eq 22
access-list 100 permit tcp 10.0.0.0 0.255.255.255 host 10.2.101.1 eq www
access-list 100 permit tcp 10.0.0.0 0.255.255.255 host 10.2.101.1 eq 443
access-list 100 permit tcp 10.0.0.0 0.255.255.255 host 10.2.101.1 eq cmd
access-list 100 deny tcp any host 10.2.101.1 eq telnet
access-list 100 deny tcp any host 10.2.101.1 eq 22
access-list 100 deny tcp any host 10.2.101.1 eq www
access-list 100 deny tcp any host 10.2.101.1 eq 443
access-list 100 deny tcp any host 10.2.101.1 eq cmd
access-list 100 deny udp any host 10.2.101.1 eq snmp
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
****This access list is applied to the WAN interface (FA4)
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 deny ip 10.2.101.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip any any
access-list 102 remark Auto generated by SDM Management Access feature
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip 10.0.0.0 0.255.255.255 any
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip inspect name DEFAULT100 gdoi
ip inspect name DEFAULT100 isakmp
ip inspect name DEFAULT100 ipsec-msft
ip inspect name DEFAULT100 ssp
10-16-2007 09:34 AM
In your configuration there seems no ACL entry that will be blocking the traffic. Run debugs and check which ACL (if any) is blocking the traffic. Also are you sure that the traffic is reaching the routers and not getting dropped or blocked in between or midway.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide