Oer with firewall

Unanswered Question
Jul 7th, 2008

Dear all expert, i has configure a 2811 router for running OER suscessfull without firewall, but once i put in firewall command, when i open http, some time can some time cannot, can anyone see the problem from below show run? (because of line too long, some command i already erase it from here)



ip inspect max-incomplete low 500

ip inspect max-incomplete high 500

ip inspect name SDM_LOW cuseeme

ip inspect name SDM_LOW dns

ip inspect name SDM_LOW ftp

ip inspect name SDM_LOW h323

ip inspect name SDM_LOW https

ip inspect name SDM_LOW icmp

ip inspect name SDM_LOW imap

ip inspect name SDM_LOW pop3

ip inspect name SDM_LOW netshow

ip inspect name SDM_LOW rcmd

ip inspect name SDM_LOW realaudio

ip inspect name SDM_LOW rtsp

ip inspect name SDM_LOW esmtp

ip inspect name SDM_LOW sqlnet

ip inspect name SDM_LOW streamworks

ip inspect name SDM_LOW tftp

ip inspect name SDM_LOW udp

ip inspect name SDM_LOW vdolive

ip inspect name SDM_LOW http

ip inspect name SDM_LOW isakmp

ip inspect name SDM_LOW tcp

ip inspect name SDM_LOW ssh

ip inspect name SDM_LOW telnet

ip sla monitor 1

type echo protocol ipIcmpEcho 202.188.0.133 source-interface FastEthernet0/0

timeout 2000

threshold 2

frequency 15

ip sla monitor schedule 1 life forever start-time now

ip sla monitor 2

type echo protocol ipIcmpEcho 202.188.0.133 source-interface FastEthernet0/1

timeout 2000

threshold 2

frequency 15

ip sla monitor schedule 2 life forever start-time now

login on-failure log every 3

login on-success log

!

!


oer master

policy-rules OER

port 4444

max-range-utilization percent 10

traceroute probe-delay 10000

keepalive 1

logging

!

border 10.10.10.1 key-chain key1

interface FastEthernet0/0 external

interface FastEthernet0/1 external

interface Vlan1 internal

!

learn

throughput

periodic-interval 1

monitor-period 2

prefixes 200

aggregation-type prefix-length 32

backoff 180 360

mode route control

mode monitor active

periodic 180

resolve delay priority 1 variance 3

resolve utilization priority 2 variance 20

!

active-probe echo 1111

!

oer border

local Loopback0

port 4444

master 10.10.10.1 key-chain key1


!

!

!

!

interface Loopback0

description OER Master Controller

ip address 10.10.10.1 255.255.255.255

ip virtual-reassembly

!

interface FastEthernet0/0

description ***Connection to billion modem***

bandwidth 1024

ip address xxx1 255.255.255.252

ip access-group 101 in

no ip redirects

no ip unreachables

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

crypto map SDM_CMAP_1

!

interface FastEthernet0/1

description ***Connection to ZTE modem***

bandwidth 1024

ip address xxx2 255.255.255.252

ip access-group 101 in

no ip redirects

no ip unreachables

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

crypto map SDM_CMAP_2


!

interface Vlan1

description ***Connection to switch***

ip address xxxx 255.255.0.0

ip access-group 100 in

ip nat inside

ip inspect SDM_LOW in

ip virtual-reassembly

!

ip local policy route-map equal-access

ip route 0.0.0.0 0.0.0.0 xx1 track 123

ip route 0.0.0.0 0.0.0.0 xx2 track 345

!


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion