10-16-2013 01:34 AM - edited 03-04-2019 09:19 PM
Dear Support team i have a Cisco 881 k9 box that does not allow access to a particular Website.
how could i address this issue.
I have the following Access-list on the router:
ip nat inside source list 110 interfa
ip route 0.0.0.0 0.0.0.0 197.255.52.89
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 110 deny ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 110 permit ip 192.168.1.0 0.0.0.255 any
no cdp run
!
10-16-2013 05:07 AM
Are you telling us that you have successful access to other web sites and that one web site does not work? Would you post the output of an attempt to ping to that web site? Would you post the output of nslookup for the name of the website?
HTH
Rick
10-29-2013 05:09 AM
Yes i have access to other websites.
A ping to the said site timed out
10-29-2013 07:18 AM
Part of the questions that I asked was to try to determine whether the problem is with DNS name resolution or is about IP connectivity. Your response gives me no information about that. Please post the outputs that I requested.
HTH
Rick
10-31-2013 05:01 AM
CADD#ping www.caddcentreng.com
Translating "www.caddcentreng.com"
% Unrecognized host or address, or protocol not running.
The above is a response from a ping to the website
below is the Ip address of the website
CADD#ping 192.64.112.59
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.64.112.59, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 196/208/224 ms
CADD#
p forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 110 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 197.255.52.89
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 110 deny ip 192.0.0.0 0.255.255.255 192.0.0.0 0.255.255.255
access-list 110 permit ip 192.168.1.0 0.0.0.255 any
access-list 110 permit ip 192.64.112.0 0.0.0.255 any
no cdp run
ip cef
no ip domain lookup
ip domain name www.caddcentreng.com
no ipv6 cef
10-31-2013 05:04 AM
THIS IS THE ERROR MESSAGE DISPLAYED WHEN ONE TRIES TO OPEN THE WEBSITE FROM WINDOWS
XML Parsing Error: unexpected parser state Location: jar:file:///C:/Program%20Files/Mozilla%20Firefox/omni.ja!/chrome/toolkit/content/global/netError.xhtml Line Number 311, Column 58:
10-31-2013 05:09 AM
That would appear to be a browser issue rather than the router blocking access to the website. Try opening Firefox in safemode and access the website then.
10-31-2013 05:29 AM
Thank you for the outputs that I requested. This one is quite helpful and does demonstrate that the problem is a failure with DNS
CADD#ping www.caddcentreng.com
Translating "www.caddcentreng.com"
% Unrecognized host or address, or protocol not running.
If you can not resolve the name then your browser will not be able to access the web server..
HTH
Rick
10-31-2013 06:31 AM
Hi,
you've got no ip domain lookup configured so it will never try to translate the name to IP.
You can try with a site that is working and see that the ping for the name fails on the router too.
So this doesn't demonstrate that your problem with accessing the site is a DNS problem.
You should ping the name from the host and if it fails but the pinging the IP succeeds then it is a DNS problem.
Regards
Alain
Don't forget to rate helpful posts.
10-31-2013 08:39 AM
Ok how best do i resolve this issue ?
what do i need to configure on the Router ?
10-31-2013 10:08 AM
Hi,
Can you ping the IP from your host but fail to ping the FQDN ?
Regards
Alain
Don't forget to rate helpful posts.
11-04-2013 06:25 AM
Yes i can ping the IP. But FQDN failed to Ping
11-04-2013 08:13 AM
Hi,
Can you tell us which DNS servers your host is using ?
Regards
Alain
Don't forget to rate helpful posts.
11-07-2013 04:16 AM
The DNS SERVER IS : 80.89.176.10 & 80.89.176.11
which is the DNS from the internet service provider.
11-07-2013 06:03 AM
In reading through this thread again I see that we talked about access list used for address translation but have not talked about the possibility of an access list applied to interfaces. So let me ask the question whether you have any access lists that are doing packet filtering on interfaces? If so please give us the details of this. I am wondering about the possibility that DNS traffic might be denied by access lists.
And if it is not an access list issue I wonder what else might be in the config that could impact DNS. So perhaps it would be helpful to post the complete config, masking out public addresses, passwords, and anything else that is sensitive.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: