Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Please help, youtube and gmail suddenly not working with Cisco 2821

Hello everyone,

I would appreciate any guidance in this scenario. I have an old Cisco 2821, which has not had any edits to the configuration, but the users on Vlan3 (172.16.9.1) are suddenly not able to access youtube and gmail (172.16.8.1 and 172.16.10.1 are unaffected). Could this be a DNS issue or something else? I scrubbed anything that might be a privacy risk, but let me know if I missed anything. This is my first post/request for help.

 

Thanks so much,

Jonathan

 

version 12.4

service timestamps debug uptime

service timestamps log uptime

service password-encryption

hostname XXX

boot-start-marker

boot-end-marker

 

logging buffered 51200 warnings

no logging console

enable secret 5 XXX

 

no aaa new-model

 

resource policy

 

clock timezone EST -5

clock summer-time EDT recurring

ip subnet-zero

no ip source-route

 

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 172.16.10.1 172.16.10.10

 

ip dhcp pool wcpl_wireless

   network 172.16.10.0 255.255.255.0

   domain-name XXX

   dns-server 8.8.8.8 8.8.4.4 

   default-router 172.16.10.1 

 

ip flow-cache timeout active 1

no ip bootp server

no ip domain lookup

ip domain name XXX

 

crypto pki trustpoint TP-self-signed-XXX

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-XXX

 revocation-check none

 rsakeypair TP-self-signed-XXX

 

crypto pki certificate chain TP-self-signed-XXX

 certificate self-signed 01

XXX

username XXX privilege 15 secret 5 XXX

 

crypto isakmp policy 10

 encr 3des

 hash md5

 authentication pre-share

 lifetime 1000

crypto isakmp key XXX address XXX

 

crypto ipsec transform-set wild1 esp-3des esp-md5-hmac 

 

crypto map WILD1 10 ipsec-isakmp 

 set peer XXX

 set transform-set wild1 

 match address 100

 

interface GigabitEthernet0/0

 description Public Computers - Main                                    $FW_OUTSIDE$

 ip address XXX 255.255.255.248

 ip flow ingress

 ip flow egress

 ip nat outside

 no ip virtual-reassembly

 ip route-cache flow

 duplex auto

 speed auto

 crypto map WILD1

 

interface GigabitEthernet0/1

 ip address XXX 255.255.255.248

 ip nat outside

 no ip virtual-reassembly

 ip route-cache flow

 duplex auto

 speed auto

 

interface FastEthernet0/0/0

 

interface FastEthernet0/0/1

 switchport access vlan 2

 

interface FastEthernet0/0/2

 switchport access vlan 3

 

interface FastEthernet0/0/3

 switchport access vlan 4

 

interface Vlan1

 description $FW_INSIDE$

 ip address 172.16.7.1 255.255.255.0

 ip nat inside

 ip virtual-reassembly

 

interface Vlan2

 description Public$FW_INSIDE$

 ip address 172.16.8.1 255.255.255.0

 ip nat inside

 ip virtual-reassembly

 ip route-cache flow

 ip policy route-map PUBLIC

 vlan-id dot1q 2

  description Public

  exit-vlan-config

 

interface Vlan3

 description $FW_INSIDE$

 ip address 172.16.9.1 255.255.255.0

 ip nat inside

 ip virtual-reassembly

 ip policy route-map STAFF

 

interface Vlan4

 description wcpl_wireless

 ip address 172.16.10.1 255.255.255.0

 ip access-group 150 in

 ip nat inside

 ip virtual-reassembly

 

interface Group-Async0

 physical-layer async

 no ip address

 no group-range

 

ip classless

ip route 0.0.0.0 0.0.0.0 XXX

 

ip flow-export source GigabitEthernet0/0

ip flow-export version 5 peer-as

ip flow-export destination XXX 4739

 

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat translation tcp-timeout 1800

ip nat pool sPublic XXX netmask 255.255.255.248

ip nat pool sWireless XXX netmask 255.255.255.248

ip nat inside source list 120 pool sPublic overload

ip nat inside source list 122 pool sWireless overload

ip nat inside source list 123 interface GigabitEthernet0/1 overload

!

access-list 23 permit any

access-list 100 permit ip 172.16.9.0 0.0.0.255 172.16.2.0 0.0.0.255

access-list 100 permit ip 172.16.9.0 0.0.0.255 172.16.4.0 0.0.0.255

access-list 100 permit ip 172.16.8.0 0.0.0.255 172.16.2.0 0.0.0.255

access-list 100 permit ip 172.16.8.0 0.0.0.255 172.16.4.0 0.0.0.255

access-list 100 permit ip 172.16.8.0 0.0.0.255 172.16.254.0 0.0.0.255

access-list 100 permit ip 172.16.9.0 0.0.0.255 172.16.254.0 0.0.0.255

access-list 120 deny   ip 172.16.8.0 0.0.0.255 10.0.4.0 0.0.0.255

access-list 120 deny   ip 172.16.8.0 0.0.0.255 172.16.0.0 0.0.255.255

access-list 120 permit ip 172.16.8.0 0.0.0.255 any

access-list 122 permit ip 172.16.10.0 0.0.0.255 any

access-list 123 permit ip 172.16.9.0 0.0.0.255 any

access-list 140 permit ip 172.16.9.0 0.0.0.255 any

access-list 145 permit ip 0.0.0.0 255.255.255.0 any

access-list 150 permit ip 172.16.10.0 0.0.0.255 host 172.16.8.91

access-list 150 permit ip 172.16.10.0 0.0.0.255 host 172.16.8.95

access-list 150 permit ip 172.16.10.0 0.0.0.255 host 172.16.8.9

access-list 150 permit tcp 172.16.10.0 0.0.0.255 host 172.16.9.4 eq 8080

access-list 150 permit tcp 172.16.10.0 0.0.0.255 host 172.16.8.3 eq 8080

access-list 150 deny   ip 172.16.10.0 0.0.0.255 172.16.8.0 0.0.0.255

access-list 150 deny   ip 172.16.10.0 0.0.0.255 172.16.9.0 0.0.0.255

access-list 150 permit ip any any

access-list 155 remark Websense java-list ACL

access-list 155 remark 

no cdp run

 

route-map PUBLIC permit 10

 match ip address 145

 set default interface GigabitEthernet0/0

 

route-map STAFF permit 10

 match ip address 140

 set ip default next-hop XXX

control-plane

banner login ^C ^C

banner motd ^C Only Authorized Users ^C

 

line con 0

 exec-timeout 30 0

 login local

line aux 0

line vty 0 4

 privilege level 15

 password 7 XXX

 login

 transport input telnet ssh

line vty 5 15

 access-class 23 in

 privilege level 15

 login local

 transport input telnet ssh

 

scheduler allocate 20000 1000

ntp clock-period 17180208

ntp update-calendar

ntp server 129.6.15.29 source GigabitEthernet0/0

 

end

42
Views
0
Helpful
0
Replies
CreatePlease login to create content