Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Help Access-list on Router not match correctly

I use to redirect access list for ip 192.168.13.5 with port 80 and 443

but all access list is match to deny

any suggestion ?

-----------------------------------Here is Log and Config on Router--------------------------------------------------------------------

Feb 12 06:45:59.210: %SEC-6-IPACCESSLOGP: list proxy denied tcp 74.125.128.147(443) -> 10.0.10.208(58742), 1 packet 

Router2911(config-if)#

Feb 12 06:46:00.410: %SEC-6-IPACCESSLOGP: list proxy denied tcp 124.40.234.198(443) -> 192.168.13.5(54559), 1 packet 

Router2911(config-if)#

Feb 12 06:46:01.434: %SEC-6-IPACCESSLOGP: list proxy denied tcp 124.40.234.198(443) -> 192.168.13.5(54559), 1 packet 

Router2911(config-if)#

Feb 12 06:46:02.614: %SEC-6-IPACCESSLOGP: list proxy denied tcp 17.151.226.77(443) -> 10.0.10.76(59237), 1 packet 

Router2911(config-if)#

Feb 12 06:46:03.638: %SEC-6-IPACCESSLOGP: list proxy denied tcp 27.254.34.69(80) -> 10.0.10.110(1545), 1 packet 

Router2911(config-if)#

Router2911(config-if)#do show access-li proxy

Extended IP access list proxy

    1 deny tcp host 192.168.9.15 any eq www

    2 deny tcp host 192.168.9.15 any eq 443

    3 permit tcp any host 192.168.13.5 eq www

    4 permit tcp any host 192.168.13.5 eq 443

    5 permit tcp host 192.168.13.5 any eq www

    6 permit tcp host 192.168.13.5 any eq 443

    30 deny ip any any log (19392481 matches)

Router2911(config-if)#do show access-li Inside_nat_outside

Extended IP access list Inside_nat_outside

    5 deny tcp host 192.168.13.5 any eq www (1003 matches)

    6 deny tcp host 192.168.13.5 any eq 443 (2241 matches)

    450 permit ip any any (1055799 matches)

ip nat inside source list Inside_nat_outside interface GigabitEthernet0/0 overload

Router2911(config-if)#do show run int gi0/0

Building configuration...

Current configuration : 213 bytes

!

interface GigabitEthernet0/0

ip address "Connect to internet"

ip wccp 1 redirect out

ip wccp 62 redirect in

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

crypto map CRYPTO

end

Router2911(config-if)#do show run int gi0/1

Building configuration...

Current configuration : 189 bytes

!

interface GigabitEthernet0/1

ip address "Connect to Client"

ip wccp 1 redirect out

ip wccp 61 redirect in

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

end

Router2911(config-if)#do show run int gi0/2

Building configuration...

Current configuration : 165 bytes

!

interface GigabitEthernet0/2

ip address "Connect to Proxy"

ip wccp 1 redirect in

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

end

---------------------------------------------End of Router Log and Config----------------------------------------------

183
Views
0
Helpful
0
Replies
CreatePlease to create content