I'm new to using Cisco router. On the network I have to configure they are using an Cisco 851 router. I'm installing a new server which requires port 443 to be open. Port 80 is already open because of an old server which we will no longer need. I tried adding the port 443 but to no avail.
Below the configuration file.
Could anyone point out to me what is wrong and what I am doing wrong in opening port 443: ( I deleted/changed from below the crypto pki certificate, admin privilege 15 secret 5 and some ip adress pointing out to our location, because I had an feeling that I do not want those on the internet)
Building configuration...
Current configuration : 14177 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ec
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $
!
no aaa new-model
clock timezone Berlin 1
clock summer-time Berlin date Mar 30 2003 2:00 Oct 26 2003 3:00
!
crypto pki trustpoint TP-self-signed-471741731
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-471741731
revocation-check none
rsakeypair TP-self-signed-471741731
!
!
crypto pki certificate chain TP-self-signed-471741731
certificate self-signed 01
quit
dot11 syslog
no ip source-route
ip dhcp excluded-address 10.10.10.1
!
!
ip cef
ip inspect log drop-pkt
ip inspect name fw appfw fw
ip inspect name fw tcp
ip inspect name fw imap
ip inspect name fw imap3
ip inspect name fw appleqtc
ip inspect name fw cuseeme
ip inspect name fw realaudio
ip inspect name fw rtsp
ip inspect name fw streamworks
ip inspect name fw vdolive
ip inspect name fw https
ip inspect name fw dns
ip inspect name fw ftp
ip inspect name fw pptp
ip inspect name fw smtp
ip inspect name sdm_ins_in_100 appfw sdm_ins_in_100
ip inspect name sdm_ins_in_100 dns
ip inspect name sdm_ins_in_100 h323
ip inspect name sdm_ins_in_100 https
ip inspect name sdm_ins_in_100 icmp
ip inspect name sdm_ins_in_100 pop3 reset
ip inspect name sdm_ins_in_100 rcmd
ip inspect name sdm_ins_in_100 sqlnet
ip inspect name sdm_ins_in_100 tcp
ip inspect name sdm_ins_in_100 udp
ip inspect name sdm_ins_in_100 cuseeme
ip inspect name sdm_ins_in_100 realaudio
ip inspect name sdm_ins_in_100 rtsp
ip inspect name sdm_ins_in_100 streamworks
ip inspect name sdm_ins_in_100 vdolive
ip inspect name sdm_ins_in_100 appleqtc
ip inspect name sdm_ins_in_100 pptp
ip inspect name sdm_ins_in_100 imap3
ip inspect name sdm_ins_in_100 smtp
ip inspect name SDM_HIGH appfw SDM_HIGH
ip inspect name SDM_HIGH icmp
ip inspect name SDM_HIGH dns
ip inspect name SDM_HIGH esmtp
ip inspect name SDM_HIGH https
ip inspect name SDM_HIGH imap reset
ip inspect name SDM_HIGH pop3 reset
ip inspect name SDM_HIGH tcp
ip inspect name SDM_HIGH udp
ip inspect name SDM_HIGH rtsp
ip inspect name SDM_HIGH realaudio
ip inspect name SDM_HIGH streamworks
ip inspect name SDM_HIGH vdolive
ip inspect name SDM_HIGH cuseeme
ip inspect name SDM_HIGH appleqtc
no ip bootp server
ip domain name internal.xxxxxx.com
ip name-server 111.111.14.196
ip name-server 111.111.14.212
!
appfw policy-name sdm_ins_in_100
application im aol
service default action allow alarm
service text-chat action allow alarm
server permit name login.oscar.aol.com
server permit name toc.oscar.aol.com
server permit name oam-d09a.blue.aol.com
application im msn
service default action allow alarm
service text-chat action allow alarm
server permit name messenger.hotmail.com
server permit name gateway.messenger.hotmail.com
server permit name webmessenger.msn.com
application http
strict-http action allow alarm
port-misuse p2p action reset alarm
port-misuse im action reset alarm
port-misuse tunneling action allow alarm
application im yahoo
service default action allow alarm
service text-chat action allow alarm
server permit name scs.msg.yahoo.com
server permit name scsa.msg.yahoo.com
server permit name scsb.msg.yahoo.com
server permit name scsc.msg.yahoo.com
server permit name scsd.msg.yahoo.com
server permit name cs16.msg.dcn.yahoo.com
server permit name cs19.msg.dcn.yahoo.com
server permit name cs42.msg.dcn.yahoo.com
server permit name cs53.msg.dcn.yahoo.com
server permit name cs54.msg.dcn.yahoo.com
server permit name ads1.vip.scd.yahoo.com
server permit name radio1.launch.vip.dal.yahoo.com
server permit name in1.msg.vip.re2.yahoo.com
server permit name data1.my.vip.sc5.yahoo.com
server permit name address1.pim.vip.mud.yahoo.com
server permit name edit.messenger.yahoo.com
server permit name messenger.yahoo.com
server permit name http.pager.yahoo.com
server permit name privacy.yahoo.com
server permit name csa.yahoo.com
server permit name csb.yahoo.com
server permit name csc.yahoo.com
!
appfw policy-name SDM_HIGH
application im aol
service default action reset alarm
service text-chat action reset alarm
server deny name login.oscar.aol.com
server deny name toc.oscar.aol.com
server deny name oam-d09a.blue.aol.com
application http
strict-http action reset alarm
port-misuse im action reset alarm
port-misuse p2p action reset alarm
port-misuse tunneling action reset alarm
application im yahoo
service default action reset alarm
service text-chat action reset alarm
server deny name scs.msg.yahoo.com
server deny name scsa.msg.yahoo.com
server deny name scsb.msg.yahoo.com
server deny name scsc.msg.yahoo.com
server deny name scsd.msg.yahoo.com
server deny name cs16.msg.dcn.yahoo.com
server deny name cs19.msg.dcn.yahoo.com
server deny name cs42.msg.dcn.yahoo.com
server deny name cs53.msg.dcn.yahoo.com
server deny name cs54.msg.dcn.yahoo.com
server deny name ads1.vip.scd.yahoo.com
server deny name radio1.launch.vip.dal.yahoo.com
server deny name in1.msg.vip.re2.yahoo.com
server deny name data1.my.vip.sc5.yahoo.com
server deny name address1.pim.vip.mud.yahoo.com
server deny name edit.messenger.yahoo.com
server deny name messenger.yahoo.com
server deny name http.pager.yahoo.com
server deny name privacy.yahoo.com
server deny name csa.yahoo.com
server deny name csb.yahoo.com
server deny name csc.yahoo.com
!
appfw policy-name fw
application http
!
parameter-map type protocol-info msn-servers
server name messenger.hotmail.com
server name gateway.messenger.hotmail.com
server name webmessenger.msn.com
parameter-map type protocol-info aol-servers
server name login.oscar.aol.com
server name toc.oscar.aol.com
server name oam-d09a.blue.aol.com
parameter-map type protocol-info yahoo-servers
server name scs.msg.yahoo.com
server name scsa.msg.yahoo.com
server name scsb.msg.yahoo.com
server name scsc.msg.yahoo.com
server name scsd.msg.yahoo.com
server name cs16.msg.dcn.yahoo.com
server name cs19.msg.dcn.yahoo.com
server name cs42.msg.dcn.yahoo.com
server name cs53.msg.dcn.yahoo.com
server name cs54.msg.dcn.yahoo.com
server name ads1.vip.scd.yahoo.com
server name radio1.launch.vip.dal.yahoo.com
server name in1.msg.vip.re2.yahoo.com
server name data1.my.vip.sc5.yahoo.com
server name address1.pim.vip.mud.yahoo.com
server name edit.messenger.yahoo.com
server name messenger.yahoo.com
server name http.pager.yahoo.com
server name privacy.yahoo.com
server name csa.yahoo.com
server name csb.yahoo.com
server name csc.yahoo.com
!
!
username admin privilege 15 secret 5 !
!
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $FW_OUTSIDE$$ETH-WAN$$ES_WAN$
ip address 111.111.146.167 255.255.255.0
ip access-group 105 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect sdm_ins_in_100 in
ip inspect fw out
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.0.3 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 111.111.146.161
!
ip http server
ip http port 8080
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 192.168.0.2 80 interface FastEthernet4 80
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.0.2 1723 interface FastEthernet4 1723
ip nat inside source static tcp 192.168.0.2 143 interface FastEthernet4 143
ip nat inside source static tcp 192.168.0.2 47 interface FastEthernet4 47
ip nat inside source static tcp 192.168.0.244 5003 interface FastEthernet4 5003
ip nat inside source static tcp 192.168.0.2 25 interface FastEthernet4 25
ip nat inside source static tcp 192.168.0.2 443 interface FastEthernet4 443
!
ip access-list extended sdm_fastethernet4_in
remark SDM_ACL Category=1
remark PPTP
permit tcp any eq 1723 host 192.168.0.2 eq 1723
!
logging trap debugging
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip 111.111.146.0 0.0.0.255 any
access-list 101 remark SDM_ACL Category=0
access-list 101 permit ip any host 192.168.0.2
access-list 102 remark SDM_ACL Category=128
access-list 102 permit ip host 255.255.255.255 any
access-list 102 permit ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip 111.111.146.0 0.0.0.255 any
access-list 103 remark SDM_ACL Category=0
access-list 103 permit ip any host 192.168.0.2
access-list 104 remark auto generated by SDM firewall configuration
access-list 104 remark SDM_ACL Category=1
access-list 104 deny ip 111.111.146.0 0.0.0.255 any
access-list 104 deny ip host 255.255.255.255 any
access-list 104 deny ip 127.0.0.0 0.255.255.255 any
access-list 104 permit ip any any
access-list 104 permit tcp any host 192.168.0.2 eq www
access-list 105 remark auto generated by SDM firewall configuration
access-list 105 remark SDM_ACL Category=1
access-list 105 permit tcp any host 111.111.146.167 eq www
access-list 105 remark filemaker
access-list 105 permit tcp any host 111.111.146.167 eq 5003
access-list 105 permit tcp any host 111.111.146.167 eq 143 log
access-list 105 remark test smtp
access-list 105 permit tcp any host 111.111.146.167 eq smtp log
access-list 105 remark imapudp
access-list 105 permit udp any host 111.111.146.167 eq 143
access-list 105 remark GRE
access-list 105 permit gre any host 111.111.146.167
access-list 105 remark pptp
access-list 105 permit tcp any host 111.111.146.167 eq 1723
access-list 105 remark FMUDP
access-list 105 permit udp any host 111.111.146.167 eq 5003
access-list 105 permit udp host 111.111.4.5 eq domain host 111.111.146.167
access-list 105 deny ip 192.168.0.0 0.0.0.255 any
access-list 105 permit icmp any host 111.111.146.167 echo-reply
access-list 105 permit icmp any host 111.111.146.167 time-exceeded
access-list 105 permit icmp any host 111.111.146.167 unreachable
access-list 105 deny ip 10.0.0.0 0.255.255.255 any
access-list 105 deny ip 172.16.0.0 0.15.255.255 any
access-list 105 deny ip 192.168.0.0 0.0.255.255 any
access-list 105 deny ip 127.0.0.0 0.255.255.255 any
access-list 105 deny ip host 255.255.255.255 any
access-list 105 deny ip host 0.0.0.0 any
access-list 105 deny ip any any log
access-list 105 permit tcp any any eq 443
access-list 105 permit udp any host 111.111.146.167 eq 443
access-list 105 permit tcp any host 111.111.146.167 eq 443 log
no cdp run
!
control-plane
!
banner exec ^C
% Password expiration warning.
More about :
problem opening port 443 cisco 851 router