Cisco 837 firewall help

Discussion in 'Hardware' started by brent87, Mar 31, 2009.

  1. brent87

    brent87

    Joined:
    Mar 31, 2009
    Messages:
    1
    Hey Guys,

    I need some help with a cisco router firewall. I believe it has something to due with the "ip auth-proxy max-nodata-conns 1000 and ip admission max-nodata-conns 1000". The default was 3 instead of 1000 but still no change. The problem is the router will allow a connection to begin but drop it after a few secs. This is how far I get on the downloads from any machine and any download. Router config is at the bottom of the page. Any help would be great. Without the firewall enabled everything runs smoothly.

    __________________________________________________ __________
    $ wget ht t p://mirror.ebox-platform.com/ebox_live-1.0.iso
    --2009-03-31 13:37:01-- h ttp ://mirror.ebox-platform.com/ebox_live-1.0.iso
    Resolving mirror.ebox-platform.com... 87.98.190.119
    Connecting to mirror.ebox-platform.com|87.98.190.119|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 353579008 (337M) [application/x-iso9660-image]
    Saving to: `ebox_live-1.0.iso.7'

    0% [ ] 34,438 6.71K/s eta 14h 17m
    __________________________________________________ _____________


    Current configuration : 4285 bytes
    !
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname Router
    !
    boot-start-marker
    boot-end-marker
    !
    memory-size iomem 5
    enable secret 5 *******
    !
    no aaa new-model
    !
    !
    no ip dhcp use vrf connected
    ip dhcp excluded-address 192.168.1.1 192.168.1.19
    !
    ip dhcp pool 1
    import all
    network 192.168.1.0 255.255.255.0
    default-router 192.168.1.1
    dns-server 61.9.211.33 61.9.211.49
    !
    !
    ip cef
    ip name-server 61.9.211.33
    ip name-server 61.9.211.49
    ip inspect name SDM_LOW tcp timeout 3600
    ip inspect name SDM_LOW udp timeout 15
    ip auth-proxy max-nodata-conns 1000
    ip admission max-nodata-conns 1000
    !
    !
    username ***** privilege 15 secret 5 ********
    !
    !
    !
    !
    !
    !
    interface Ethernet0
    description "LAN"
    ip address 192.168.1.1 255.255.255.0
    ip access-group 101 in
    ip nat inside
    ip virtual-reassembly
    no ip route-cache cef
    no ip route-cache
    no ip mroute-cache
    hold-queue 100 out
    !
    interface Ethernet2
    no ip address
    shutdown
    hold-queue 100 out
    !
    interface ATM0
    no ip address
    no atm ilmi-keepalive
    dsl operating-mode auto
    !
    interface ATM0.1 point-to-point
    pvc 8/35
    pppoe-client dial-pool-number 1
    !
    !
    interface FastEthernet1
    duplex auto
    speed auto
    !
    interface FastEthernet2
    duplex auto
    speed auto
    !
    interface FastEthernet3
    duplex auto
    speed auto
    !
    interface FastEthernet4
    duplex auto
    speed auto
    !
    interface Dialer0
    description "INTERNET"
    ip address negotiated
    ip access-group 102 in
    ip mtu 1452
    ip nat outside
    ip inspect SDM_LOW out
    ip virtual-reassembly
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    ppp authentication chap callin
    ppp chap hostname ******
    ppp chap password 7 ******
    !
    interface Dialer1
    no ip address
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 Dialer0
    !
    no ip http server
    ip http authentication local
    no ip http secure-server
    !
    ip nat inside source list 100 interface Dialer0 overload
    ip nat inside source static tcp 192.168.1.2 22 interface Dialer0 1022
    !
    access-list 100 permit ip 192.168.1.0 0.0.0.255 any
    access-list 101 remark auto generated by SDM firewall configuration
    access-list 101 remark SDM_ACL Category=1
    access-list 101 deny ip host 255.255.255.255 any
    access-list 101 deny ip 127.0.0.0 0.255.255.255 any
    access-list 101 permit ip any any
    access-list 102 remark auto generated by SDM firewall configuration
    access-list 102 remark SDM_ACL Category=1
    access-list 102 permit tcp any any eq 1022
    access-list 102 permit udp host 61.9.211.49 eq domain any
    access-list 102 permit udp host 61.9.211.33 eq domain any
    access-list 102 deny ip 192.168.1.0 0.0.0.255 any
    access-list 102 permit icmp any any echo-reply
    access-list 102 permit icmp any any time-exceeded
    access-list 102 permit icmp any any unreachable
    access-list 102 deny ip 10.0.0.0 0.255.255.255 any
    access-list 102 deny ip 172.16.0.0 0.15.255.255 any
    access-list 102 deny ip 192.168.0.0 0.0.255.255 any
    access-list 102 deny ip 127.0.0.0 0.255.255.255 any
    access-list 102 deny ip host 255.255.255.255 any
    access-list 102 deny ip host 0.0.0.0 any
    access-list 102 deny ip any any log
    !
    !
    !
    control-plane
    !
    !
    line con 0
    no modem enable
    line aux 0
    line vty 0 4
    privilege level 15
    login local
    transport input telnet
    !
    scheduler max-task-time 5000
    end
    brent87, Mar 31, 2009
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Confused

    Cisco 837-837 VPN

    Confused, Jul 9, 2003, in forum: Cisco
    Replies:
    0
    Views:
    1,638
    Confused
    Jul 9, 2003
  2. Suppa Lamah
    Replies:
    8
    Views:
    1,597
  3. Richard Antony Burton
    Replies:
    0
    Views:
    6,066
    Richard Antony Burton
    Jan 5, 2004
  4. Bob Smith
    Replies:
    3
    Views:
    5,785
    Bob Smith
    Nov 10, 2004
  5. lyvicro@hotmail.com
    Replies:
    4
    Views:
    4,119
    lyvicro@hotmail.com
    Dec 15, 2005
Loading...

Share This Page