Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Can RDP into Server 2003 but cant browse http

I can RDP into this server 2003 on a colo network but I cant browse the internet on it.  I need it to be able to pull captcha information.  The server is a client of mine and he hosts his website on it via IIS.  The site responds fine over http.  The config for the firewall is below.  I dont know if the IP address matter but I tried to make them coded to show the different IP's.  Thanks for the help.

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password

passwd encrypted

hostname koeppelpix

domain-name koeppeldirect.local

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

object-group service RDP tcp-udp

  port-object range 3389 3389

access-list outside_access_in permit tcp any host 65.99.xxx.xxx object-group RDP

access-list outside_access_in permit tcp any host 65.99.xxx.xxx eq www

access-list outside_access_in permit tcp any host 65.99.xxx.xxx eq ftp

access-list inside_access_in permit tcp any eq smtp any

pager lines 24

mtu outside 1500

mtu inside 1500

ip address outside 65.99.xxx.xxx 255.255.255.248

ip address inside 192.168.1.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm location 192.168.1.2 255.255.255.255 inside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) 65.99.xxx.xxx 192.168.1.2 netmask 255.255.255.255 0 0

access-group outside_access_in in interface outside

access-group inside_access_in in interface inside

route outside 0.0.0.0 0.0.0.0 65.99.xxx.zzz 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http server enable

http 0.0.0.0 0.0.0.0 outside

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

telnet timeout 5

ssh timeout 5

console timeout 0

dhcpd address 192.168.1.2-192.168.1.33 inside

dhcpd dns 206.123.aaa.aaa 206.123.aaa.bbb

dhcpd lease 3600

dhcpd ping_timeout 750

dhcpd auto_config outside

dhcpd enable inside

terminal width 80

Cryptochecksum:d446b36119af7c14f458d3936522f45f

: end

Everyone's tags (6)
1 ACCEPTED SOLUTION

Accepted Solutions
Community Member

Re:Can RDP into Server 2003 but cant browse http

Access-list inside ACCESSin permit tcp any any eq http

5 REPLIES
Hall of Fame Super Silver

Re: Can RDP into Server 2003 but cant browse http

Traffic initiated FROM the server will hit:

access-list inside_access_in permit tcp any eq smtp any

which only allows smtp (mail) outbound.

I'd try adding an Access Control Entry (ACE) to that access list as follows:

access-list inside_access_in permit tcp any eq http any

...and then give it another try.

Community Member

Re:Can RDP into Server 2003 but cant browse http

Access-list inside ACCESSin permit tcp any any eq http

Community Member

Re:Can RDP into Server 2003 but cant browse http

I dont know how I missed that.  You know when you are working on something for so long and you start getting tunnel vision.  I havent tried this yet but I'm 99% sure that is it.  Thank you. 

Community Member

Re:Can RDP into Server 2003 but cant browse http

Just to close this out, yes that was the problem.  However, adding the access-list inside_access_in permit tcp any eq http any did not allow browsing.  Instead, I just removed the access-group inside_access_in in int inside and it worked right away.  I cant see any reason why that ACL exists can you guys?

Hall of Fame Super Silver

Can RDP into Server 2003 but cant browse http

Glad it's working now.

At one point someone only wanted mail to be the only permissible traffic initiated from the inside.

632
Views
4
Helpful
5
Replies
CreatePlease to create content