Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

How to Open port 80

I have configured Basic firewall on my cisco 2911, I want to open port 80 for a packaging machine IP ( which uses tcp port 80 to connect with live ip of its server in case of any technical problem, so that support technicians can access this machine. Actually it dials a VPN by using proprietry software buit in the machine. they provided me same software from which it can check if this software connects or not.

below is the snapshot of software.


Hall of Fame Super Silver

How to Open port 80

I suspect it not that port 80 isn't open but rather the request it uses to check tcp/80 is not actually http-encoded and your firewall is inspecting tcp/80 traffic to ensure it's legitimate http and not something else masquerading as web traffic.

If you used CCP, you probably have something like the following lines in your configuration:

class-map type inspect match-all ccp-protocol-http

match protocol http

policy-map type inspect ccp-inspect

class type inspect ccp-protocol-http


If you tell the policy-map to "pass" vs. "inspect" http that will probably fix it.

New Member

How to Open port 80

Thankyou for your reply

yes I used CCP for it and I found the same lines in my configuration, could you please define how to tell policy-map to allow/pass http from command line? I did not find allow or pass type in class-map, policy-map....kindly help

Hall of Fame Super Silver

Re: How to Open port 80

The command has to be done from within the right context in the modular QOS CLI framework. First go into the policy-map and then to the class so that your command prompt shows you are in Policy-map class configuration mode ("config-pmap-c"):

#conf t

Enter configuration commands, one per line.  End with CNTL/Z.

(config)#policy-map type inspect ccp-inspect

(config-pmap)#class type inspect ccp-protocol-http


Policy-map class configuration commands:

  drop            Drop the packet

  exit            Exit from QoS class action configuration mode

  inspect         Context-based Access Control Engine

  no              Negate or set default values of a command

  pass            Pass the packet

  police          Police

  service-policy  Deep Packet Inspection Engine


At that point you can negate the "inspect" action and add a "pass" action.

CreatePlease to create content