Velocity Reviews - Computer Hardware Reviews
Home Forums Reviews Guides Newsgroups Register Search
Member Login:

Velocity Reviews > General Computer Discussion > Hardware > Cisco 837 firewall help

Reply
Thread Tools

Cisco 837 firewall help

 
 
brent87 brent87 is offline
Junior Member
Join Date: Mar 2009
Posts: 1
 
      03-31-2009
Hey Guys,

I need some help with a cisco router firewall. I believe it has something to due with the "ip auth-proxy max-nodata-conns 1000 and ip admission max-nodata-conns 1000". The default was 3 instead of 1000 but still no change. The problem is the router will allow a connection to begin but drop it after a few secs. This is how far I get on the downloads from any machine and any download. Router config is at the bottom of the page. Any help would be great. Without the firewall enabled everything runs smoothly.

__________________________________________________ __________
$ wget ht t p://mirror.ebox-platform.com/ebox_live-1.0.iso
--2009-03-31 13:37:01-- h ttp ://mirror.ebox-platform.com/ebox_live-1.0.iso
Resolving mirror.ebox-platform.com... 87.98.190.119
Connecting to mirror.ebox-platform.com|87.98.190.119|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 353579008 (337M) [application/x-iso9660-image]
Saving to: `ebox_live-1.0.iso.7'

0% [ ] 34,438 6.71K/s eta 14h 17m
__________________________________________________ _____________


Current configuration : 4285 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
memory-size iomem 5
enable secret 5 *******
!
no aaa new-model
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.19
!
ip dhcp pool 1
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 61.9.211.33 61.9.211.49
!
!
ip cef
ip name-server 61.9.211.33
ip name-server 61.9.211.49
ip inspect name SDM_LOW tcp timeout 3600
ip inspect name SDM_LOW udp timeout 15
ip auth-proxy max-nodata-conns 1000
ip admission max-nodata-conns 1000
!
!
username ***** privilege 15 secret 5 ********
!
!
!
!
!
!
interface Ethernet0
description "LAN"
ip address 192.168.1.1 255.255.255.0
ip access-group 101 in
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
no ip mroute-cache
hold-queue 100 out
!
interface Ethernet2
no ip address
shutdown
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
interface Dialer0
description "INTERNET"
ip address negotiated
ip access-group 102 in
ip mtu 1452
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname ******
ppp chap password 7 ******
!
interface Dialer1
no ip address
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
no ip http server
ip http authentication local
no ip http secure-server
!
ip nat inside source list 100 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.2 22 interface Dialer0 1022
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip any any
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 permit tcp any any eq 1022
access-list 102 permit udp host 61.9.211.49 eq domain any
access-list 102 permit udp host 61.9.211.33 eq domain any
access-list 102 deny ip 192.168.1.0 0.0.0.255 any
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any time-exceeded
access-list 102 permit icmp any any unreachable
access-list 102 deny ip 10.0.0.0 0.255.255.255 any
access-list 102 deny ip 172.16.0.0 0.15.255.255 any
access-list 102 deny ip 192.168.0.0 0.0.255.255 any
access-list 102 deny ip 127.0.0.0 0.255.255.255 any
access-list 102 deny ip host 255.255.255.255 any
access-list 102 deny ip host 0.0.0.0 any
access-list 102 deny ip any any log
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet
!
scheduler max-task-time 5000
end
 
Reply With Quote
 
 
 
Reply

« Cisco 837 multiple IP addresses. | Gotta Transfer everything from Drive C to F »
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN between Cisco 837 and cisco 837 with IP static and ip dinamic lyvicro@hotmail.com Cisco 4 12-15-2005 09:10 PM
Cisco 837, Pix 515 Firewall, Easy VPN and split tunneling Bob Smith Cisco 3 11-10-2004 10:50 AM
Working: 837 Wake On Lan over internet using NAT (837) Richard Antony Burton Cisco 0 01-05-2004 10:08 AM
Cisco 837 to Cisco 837 VPN, ping OK, NetBios / VNC DROPPING! Suppa Lamah Cisco 8 12-19-2003 01:15 PM
Cisco 837-837 VPN Confused Cisco 0 07-09-2003 11:13 AM



Advertisments
 


Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc..
SEO by vBSEO ©2010, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top