Sign in with
Sign up | Sign in
Your question

Problem opening port 443 on cisco 851 router

Tags:
  • Networking
  • Routers
  • Servers
  • IP
  • Cisco
  • Port
October 3, 2014 4:42:02 AM

I'm new to using Cisco router. On the network I have to configure they are using an Cisco 851 router. I'm installing a new server which requires port 443 to be open. Port 80 is already open because of an old server which we will no longer need. I tried adding the port 443 but to no avail.

Below the configuration file.

Could anyone point out to me what is wrong and what I am doing wrong in opening port 443: ( I deleted/changed from below the crypto pki certificate, admin privilege 15 secret 5 and some ip adress pointing out to our location, because I had an feeling that I do not want those on the internet)





Building configuration...



Current configuration : 14177 bytes

!

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname ec

!

boot-start-marker

boot-end-marker

!

logging buffered 51200

logging console critical

enable secret 5 $

!

no aaa new-model

clock timezone Berlin 1

clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00

!

crypto pki trustpoint TP-self-signed-471741731

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-471741731

revocation-check none

rsakeypair TP-self-signed-471741731

!

!

crypto pki certificate chain TP-self-signed-471741731

certificate self-signed 01



quit

dot11 syslog

no ip source-route

ip dhcp excluded-address 10.10.10.1

!

!

ip cef

ip inspect log drop-pkt

ip inspect name fw appfw fw

ip inspect name fw tcp

ip inspect name fw imap

ip inspect name fw imap3

ip inspect name fw appleqtc

ip inspect name fw cuseeme

ip inspect name fw realaudio

ip inspect name fw rtsp

ip inspect name fw streamworks

ip inspect name fw vdolive

ip inspect name fw https

ip inspect name fw dns

ip inspect name fw ftp

ip inspect name fw pptp

ip inspect name fw smtp

ip inspect name sdm_ins_in_100 appfw sdm_ins_in_100

ip inspect name sdm_ins_in_100 dns

ip inspect name sdm_ins_in_100 h323

ip inspect name sdm_ins_in_100 https

ip inspect name sdm_ins_in_100 icmp

ip inspect name sdm_ins_in_100 pop3 reset

ip inspect name sdm_ins_in_100 rcmd

ip inspect name sdm_ins_in_100 sqlnet

ip inspect name sdm_ins_in_100 tcp

ip inspect name sdm_ins_in_100 udp

ip inspect name sdm_ins_in_100 cuseeme

ip inspect name sdm_ins_in_100 realaudio

ip inspect name sdm_ins_in_100 rtsp

ip inspect name sdm_ins_in_100 streamworks

ip inspect name sdm_ins_in_100 vdolive

ip inspect name sdm_ins_in_100 appleqtc

ip inspect name sdm_ins_in_100 pptp

ip inspect name sdm_ins_in_100 imap3

ip inspect name sdm_ins_in_100 smtp

ip inspect name SDM_HIGH appfw SDM_HIGH

ip inspect name SDM_HIGH icmp

ip inspect name SDM_HIGH dns

ip inspect name SDM_HIGH esmtp

ip inspect name SDM_HIGH https

ip inspect name SDM_HIGH imap reset

ip inspect name SDM_HIGH pop3 reset

ip inspect name SDM_HIGH tcp

ip inspect name SDM_HIGH udp

ip inspect name SDM_HIGH rtsp

ip inspect name SDM_HIGH realaudio

ip inspect name SDM_HIGH streamworks

ip inspect name SDM_HIGH vdolive

ip inspect name SDM_HIGH cuseeme

ip inspect name SDM_HIGH appleqtc

no ip bootp server

ip domain name internal.xxxxxx.com

ip name-server 111.111.14.196

ip name-server 111.111.14.212

!

appfw policy-name sdm_ins_in_100

application im aol

service default action allow alarm

service text-chat action allow alarm

server permit name login.oscar.aol.com

server permit name toc.oscar.aol.com

server permit name oam-d09a.blue.aol.com

application im msn

service default action allow alarm

service text-chat action allow alarm

server permit name messenger.hotmail.com

server permit name gateway.messenger.hotmail.com

server permit name webmessenger.msn.com

application http

strict-http action allow alarm

port-misuse p2p action reset alarm

port-misuse im action reset alarm

port-misuse tunneling action allow alarm

application im yahoo

service default action allow alarm

service text-chat action allow alarm

server permit name scs.msg.yahoo.com

server permit name scsa.msg.yahoo.com

server permit name scsb.msg.yahoo.com

server permit name scsc.msg.yahoo.com

server permit name scsd.msg.yahoo.com

server permit name cs16.msg.dcn.yahoo.com

server permit name cs19.msg.dcn.yahoo.com

server permit name cs42.msg.dcn.yahoo.com

server permit name cs53.msg.dcn.yahoo.com

server permit name cs54.msg.dcn.yahoo.com

server permit name ads1.vip.scd.yahoo.com

server permit name radio1.launch.vip.dal.yahoo.com

server permit name in1.msg.vip.re2.yahoo.com

server permit name data1.my.vip.sc5.yahoo.com

server permit name address1.pim.vip.mud.yahoo.com

server permit name edit.messenger.yahoo.com

server permit name messenger.yahoo.com

server permit name http.pager.yahoo.com

server permit name privacy.yahoo.com

server permit name csa.yahoo.com

server permit name csb.yahoo.com

server permit name csc.yahoo.com

!

appfw policy-name SDM_HIGH

application im aol

service default action reset alarm

service text-chat action reset alarm

server deny name login.oscar.aol.com

server deny name toc.oscar.aol.com

server deny name oam-d09a.blue.aol.com

application http

strict-http action reset alarm

port-misuse im action reset alarm

port-misuse p2p action reset alarm

port-misuse tunneling action reset alarm

application im yahoo

service default action reset alarm

service text-chat action reset alarm

server deny name scs.msg.yahoo.com

server deny name scsa.msg.yahoo.com

server deny name scsb.msg.yahoo.com

server deny name scsc.msg.yahoo.com

server deny name scsd.msg.yahoo.com

server deny name cs16.msg.dcn.yahoo.com

server deny name cs19.msg.dcn.yahoo.com

server deny name cs42.msg.dcn.yahoo.com

server deny name cs53.msg.dcn.yahoo.com

server deny name cs54.msg.dcn.yahoo.com

server deny name ads1.vip.scd.yahoo.com

server deny name radio1.launch.vip.dal.yahoo.com

server deny name in1.msg.vip.re2.yahoo.com

server deny name data1.my.vip.sc5.yahoo.com

server deny name address1.pim.vip.mud.yahoo.com

server deny name edit.messenger.yahoo.com

server deny name messenger.yahoo.com

server deny name http.pager.yahoo.com

server deny name privacy.yahoo.com

server deny name csa.yahoo.com

server deny name csb.yahoo.com

server deny name csc.yahoo.com

!

appfw policy-name fw

application http

!

parameter-map type protocol-info msn-servers

server name messenger.hotmail.com

server name gateway.messenger.hotmail.com

server name webmessenger.msn.com



parameter-map type protocol-info aol-servers

server name login.oscar.aol.com

server name toc.oscar.aol.com

server name oam-d09a.blue.aol.com



parameter-map type protocol-info yahoo-servers

server name scs.msg.yahoo.com

server name scsa.msg.yahoo.com

server name scsb.msg.yahoo.com

server name scsc.msg.yahoo.com

server name scsd.msg.yahoo.com

server name cs16.msg.dcn.yahoo.com

server name cs19.msg.dcn.yahoo.com

server name cs42.msg.dcn.yahoo.com

server name cs53.msg.dcn.yahoo.com

server name cs54.msg.dcn.yahoo.com

server name ads1.vip.scd.yahoo.com

server name radio1.launch.vip.dal.yahoo.com

server name in1.msg.vip.re2.yahoo.com

server name data1.my.vip.sc5.yahoo.com

server name address1.pim.vip.mud.yahoo.com

server name edit.messenger.yahoo.com

server name messenger.yahoo.com

server name http.pager.yahoo.com

server name privacy.yahoo.com

server name csa.yahoo.com

server name csb.yahoo.com

server name csc.yahoo.com



!

!

username admin privilege 15 secret 5 !

!

archive

log config

hidekeys

!

!

ip tcp synwait-time 10

ip ssh time-out 60

ip ssh authentication-retries 2

!

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

description $FW_OUTSIDE$$ETH-WAN$$ES_WAN$

ip address 111.111.146.167 255.255.255.0

ip access-group 105 in

ip verify unicast reverse-path

no ip redirects

no ip unreachables

no ip proxy-arp

ip inspect sdm_ins_in_100 in

ip inspect fw out

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$

ip address 192.168.0.3 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

ip tcp adjust-mss 1452

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 111.111.146.161

!

ip http server

ip http port 8080

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source static tcp 192.168.0.2 80 interface FastEthernet4 80

ip nat inside source list 1 interface FastEthernet4 overload

ip nat inside source static tcp 192.168.0.2 1723 interface FastEthernet4 1723

ip nat inside source static tcp 192.168.0.2 143 interface FastEthernet4 143

ip nat inside source static tcp 192.168.0.2 47 interface FastEthernet4 47

ip nat inside source static tcp 192.168.0.244 5003 interface FastEthernet4 5003

ip nat inside source static tcp 192.168.0.2 25 interface FastEthernet4 25

ip nat inside source static tcp 192.168.0.2 443 interface FastEthernet4 443

!

ip access-list extended sdm_fastethernet4_in

remark SDM_ACL Category=1

remark PPTP

permit tcp any eq 1723 host 192.168.0.2 eq 1723

!

logging trap debugging

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.0.0 0.0.0.255

access-list 100 remark SDM_ACL Category=128

access-list 100 permit ip host 255.255.255.255 any

access-list 100 permit ip 127.0.0.0 0.255.255.255 any

access-list 100 permit ip 111.111.146.0 0.0.0.255 any

access-list 101 remark SDM_ACL Category=0

access-list 101 permit ip any host 192.168.0.2

access-list 102 remark SDM_ACL Category=128

access-list 102 permit ip host 255.255.255.255 any

access-list 102 permit ip 127.0.0.0 0.255.255.255 any

access-list 102 permit ip 111.111.146.0 0.0.0.255 any

access-list 103 remark SDM_ACL Category=0

access-list 103 permit ip any host 192.168.0.2

access-list 104 remark auto generated by SDM firewall configuration

access-list 104 remark SDM_ACL Category=1

access-list 104 deny ip 111.111.146.0 0.0.0.255 any

access-list 104 deny ip host 255.255.255.255 any

access-list 104 deny ip 127.0.0.0 0.255.255.255 any

access-list 104 permit ip any any

access-list 104 permit tcp any host 192.168.0.2 eq www

access-list 105 remark auto generated by SDM firewall configuration

access-list 105 remark SDM_ACL Category=1

access-list 105 permit tcp any host 111.111.146.167 eq www

access-list 105 remark filemaker

access-list 105 permit tcp any host 111.111.146.167 eq 5003

access-list 105 permit tcp any host 111.111.146.167 eq 143 log

access-list 105 remark test smtp

access-list 105 permit tcp any host 111.111.146.167 eq smtp log

access-list 105 remark imapudp

access-list 105 permit udp any host 111.111.146.167 eq 143

access-list 105 remark GRE

access-list 105 permit gre any host 111.111.146.167

access-list 105 remark pptp

access-list 105 permit tcp any host 111.111.146.167 eq 1723

access-list 105 remark FMUDP

access-list 105 permit udp any host 111.111.146.167 eq 5003

access-list 105 permit udp host 111.111.4.5 eq domain host 111.111.146.167

access-list 105 deny ip 192.168.0.0 0.0.0.255 any

access-list 105 permit icmp any host 111.111.146.167 echo-reply

access-list 105 permit icmp any host 111.111.146.167 time-exceeded

access-list 105 permit icmp any host 111.111.146.167 unreachable

access-list 105 deny ip 10.0.0.0 0.255.255.255 any

access-list 105 deny ip 172.16.0.0 0.15.255.255 any

access-list 105 deny ip 192.168.0.0 0.0.255.255 any

access-list 105 deny ip 127.0.0.0 0.255.255.255 any

access-list 105 deny ip host 255.255.255.255 any

access-list 105 deny ip host 0.0.0.0 any

access-list 105 deny ip any any log

access-list 105 permit tcp any any eq 443

access-list 105 permit udp any host 111.111.146.167 eq 443

access-list 105 permit tcp any host 111.111.146.167 eq 443 log

no cdp run

!

control-plane

!

banner exec ^C

% Password expiration warning.

More about : problem opening port 443 cisco 851 router

!