Cisco 871 can't access yahoo

Unanswered Question
Nov 13th, 2007

Hi,

I have a new Cisco 871 router which I modeled after my original Cisco 831's. I have the http application security turned on the 871 router and what is happening is that most of yahoo sites are not coming up. When going to http://www.yahoo.com or maps.yahoo.com it immediately comes up with page not found, but mail.yahoo.com front page loads normally. This is the case with www.webmd.com, www.weather.com and maybe even more (These are the 3 I know of so far). Logs show that the packets are being dropped but I am not sure why... See the logs and part of my configuration below.

Errors ------------------------

Warning Date Sig:15 HTTP Protocol violation detected - Reset - HTTP Protocol not detected from 10.10.11.186:1347 to 69.147.114.210:80

information Date Dropping tcp pkt My_IP:1338 => 69.147.120.31:80

Config ----------------------------

ip ssh authentication-retries 2

ip inspect log drop-pkt

ip inspect name SDM_HIGH appfw SDM_HIGH

ip inspect name SDM_HIGH http java-list 51 urlfilter

ip inspect name SDM_HIGH icmp

ip inspect name SDM_HIGH dns

ip inspect name SDM_HIGH esmtp

ip inspect name SDM_HIGH https

ip inspect name SDM_HIGH imap reset

ip inspect name SDM_HIGH pop3 reset

ip inspect name SDM_HIGH tcp

ip inspect name SDM_HIGH udp

appfw policy-name SDM_HIGH

application im aol

service default action reset alarm

service text-chat action reset alarm

server deny name login.oscar.aol.com

server deny name toc.oscar.aol.com

server deny name oam-d09a.blue.aol.com

audit-trail on

application im msn

service default action reset alarm

service text-chat action reset alarm

server deny name messenger.hotmail.com

server deny name gateway.messenger.hotmail.com

server deny name webmessenger.msn.com

audit-trail on

application http

strict-http action reset alarm

port-misuse im action reset alarm

port-misuse p2p action reset alarm

port-misuse tunneling action reset alarm

application im yahoo

service default action reset alarm

service text-chat action reset alarm

server deny name scs.msg.yahoo.com

server deny name scsa.msg.yahoo.com

server deny name scsb.msg.yahoo.com

server deny name scsc.msg.yahoo.com

server deny name scsd.msg.yahoo.com

server deny name cs16.msg.dcn.yahoo.com

server deny name cs19.msg.dcn.yahoo.com

server deny name cs42.msg.dcn.yahoo.com

server deny name cs53.msg.dcn.yahoo.com

server deny name cs54.msg.dcn.yahoo.com

server deny name ads1.vip.scd.yahoo.com

server deny name radio1.launch.vip.dal.yahoo.com

server deny name in1.msg.vip.re2.yahoo.com

server deny name data1.my.vip.sc5.yahoo.com

server deny name address1.pim.vip.mud.yahoo.com

server deny name edit.messenger.yahoo.com

server deny name messenger.yahoo.com

server deny name http.pager.yahoo.com

server deny name privacy.yahoo.com

server deny name csa.yahoo.com

server deny name csb.yahoo.com

server deny name csc.yahoo.com

audit-trail on

interface FastEthernet4

description $ETH-LAN$$FW_OUTSIDE$

ip address My_IP_Address 255.255.255.252

ip access-group 101 in

ip verify unicast reverse-path

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip inspect SDM_HIGH out

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

Can anyone tell me what I am doing wrong here?

Thanks,

MandeepHi,

I have a new Cisco 871 router which I modeled after my original Cisco 831's. I have the http application security turned on the 871 router and what is happening is that most of yahoo sites are not coming up. When going to http://www.yahoo.com or maps.yahoo.com it immediately comes up with page not found, but mail.yahoo.com front page loads normally. This is the case with www.webmd.com, www.weather.com and maybe even more (These are the 3 I know of so far). Logs show that the packets are being dropped but I am not sure why... See the logs and part of my configuration below.

Errors ------------------------

Warning Date Sig:15 HTTP Protocol violation detected - Reset - HTTP Protocol not detected from 10.10.11.186:1347 to 69.147.114.210:80

information Date Dropping tcp pkt My_IP:1338 => 69.147.120.31:80

Config ----------------------------

ip ssh authentication-retries 2

ip inspect log drop-pkt

ip inspect name SDM_HIGH appfw SDM_HIGH

ip inspect name SDM_HIGH http java-list 51 urlfilter

ip inspect name SDM_HIGH icmp

ip inspect name SDM_HIGH dns

ip inspect name SDM_HIGH esmtp

ip inspect name SDM_HIGH https

ip inspect name SDM_HIGH imap reset

ip inspect name SDM_HIGH pop3 reset

ip inspect name SDM_HIGH tcp

ip inspect name SDM_HIGH udp

appfw policy-name SDM_HIGH

application im aol

service default action reset alarm

service text-chat action reset alarm

server deny name login.oscar.aol.com

server deny name toc.oscar.aol.com

server deny name oam-d09a.blue.aol.com

audit-trail on

application im msn

service default action reset alarm

service text-chat action reset alarm

server deny name messenger.hotmail.com

server deny name gateway.messenger.hotmail.com

server deny name webmessenger.msn.com

audit-trail on

application http

strict-http action reset alarm

port-misuse im action reset alarm

port-misuse p2p action reset alarm

port-misuse tunneling action reset alarm

application im yahoo

service default action reset alarm

service text-chat action reset alarm

server deny name scs.msg.yahoo.com

server deny name scsa.msg.yahoo.com

server deny name scsb.msg.yahoo.com

server deny name scsc.msg.yahoo.com

server deny name scsd.msg.yahoo.com

server deny name cs16.msg.dcn.yahoo.com

server deny name cs19.msg.dcn.yahoo.com

server deny name cs42.msg.dcn.yahoo.com

server deny name cs53.msg.dcn.yahoo.com

server deny name cs54.msg.dcn.yahoo.com

server deny name ads1.vip.scd.yahoo.com

server deny name radio1.launch.vip.dal.yahoo.com

server deny name in1.msg.vip.re2.yahoo.com

server deny name data1.my.vip.sc5.yahoo.com

server deny name address1.pim.vip.mud.yahoo.com

server deny name edit.messenger.yahoo.com

server deny name messenger.yahoo.com

server deny name http.pager.yahoo.com

server deny name privacy.yahoo.com

server deny name csa.yahoo.com

server deny name csb.yahoo.com

server deny name csc.yahoo.com

audit-trail on

interface FastEthernet4

description $ETH-LAN$$FW_OUTSIDE$

ip address My_IP_Address 255.255.255.252

ip access-group 101 in

ip verify unicast reverse-path

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip inspect SDM_HIGH out

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

Can anyone tell me what I am doing wrong here?

Thanks,

Mandeep

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mskhalsa Wed, 11/14/2007 - 08:49

Is there anyone who knows what is happening? This issue is happening on other sites as well like webmd.com and weather.com for example. And every time this happens errors similar to the ones listed below are being logged.

Errors ------------------------

Warning Date Sig:15 HTTP Protocol violation detected - Reset - HTTP Protocol not detected from 10.10.11.186:1347 to 69.147.114.210:80

information Date Dropping tcp pkt My_IP:1338 => 69.147.120.31:80

Thanks

yayasolenet Sun, 02/24/2008 - 16:42

I wonder if you have solved the problem or not.

I have the same problem with router 1811. I assume the ip inspection rule has blocked the traffic. My ip inspection rule SDM_HIGH created while setting up firewalls using SDM.

I tried to remove the rule from outgoing interface and tried to connect to yahoo again, failed. I removed the ACL assigned to incoming interface, then I got through.

But if I remove ACL and leave inspect-rule alone, it wont work either.

I wont remove both of them to let my network unprotected.

How is your case going?

Lydia

yayasolenet Sun, 02/24/2008 - 16:51

I did it!

After I posted the msg above, I tried to modify the inspection rule.

I removed the stict-http from appfw SDM_HIGH.

And it worked straight away.

Cheers.

Actions

This Discussion