Cisco 877 Gremlins

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hi Guy's, feels a bit strange posting in this section but i took the pludge and got a cisco 877 with the security bundle. After 2 days of trying to setup my connection up (firmware was incompatible with my providers DSLAMs) it seems that something has gone a little wrong, my router seems to be blocking some webpages(www.certforums.co.uk in paticular)

eg.

www.certforums.co.uk - IE Cannot display the website
www.certforums.com - Status bar say's done but page is blank
www.certforums.co.uk/forums - work perfect

i have posted my config minus certain thing

Code:

  application http
    strict-http action reset alarm
    port-misuse im action reset alarm
    port-misuse p2p action reset alarm
    port-misuse tunneling action reset alarm
 

Would anyone be so kind and poke me in the right direction

Thanks

[Edit]
removed most of the config apart from the problem part

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I seem to be getting this error in the log when i request www.certforums.co.uk

Maximum of 10 unanswered HTTP requests exceeded from a.b.c.d:5647 to 209.200.235.89:80


Error Message
%PIX|ASA-4-415014:internal_sig_id Maximum of 10 unanswered HTTP requests
exceeded from source_address to dest_address

Explanation
This message is issued when the http-map strict-http command is configured and a more than unanswered 10 HTTP requests have been seen on a single connection.
internal_sig_id-This an internal "policy number" that can be used by developers to identify the specific policy that triggered the alert.
action-This can contain either: "Reset -" or "Drop -" depending upon the user-configured action. If the action is "log" then the null string "" is passed.
source_address-The source address of the packet in which the final unanswered request was detected.
dest_address-The destination address of the packet in which the final unanswered request was detected.

Recommended Action
Someone has sent multiple HTTP request messages that are not being answered. This may indicate an attack of that there is not an HTTP server on the server-side of the connection.

 

Your application firewall policy is inspecting http traffic as follows:

application http
strict-http action reset alarm
port-misuse im action reset alarm
port-misuse p2p action reset alarm
port-misuse tunneling action reset alarm

Currently you are blocking http used for instant messaging, and p2p such as edonkey, gnutella, etc., and http tunneling such as firethru, gnu httptunnel, httpport, etc. You are also enforcing strict compliance for http traffic, which is likely the cause of the problems with various websites. Try changing the following line:

strict-http action reset alarm

- to:

strict-http action allow alarm

- and see if that clears up the problem. There are lots of options available to control http traffic through the 877; hopefully the above change will help. If not there are some other things that can be tried.

As well I'd suggest access-lists to restrict management of the router. Although access-list 101 blocks telnet, ssh and http/s inbound, it is a good idea to protect your router's vty, http and https access with an acl to restrict access.

Spice_Weasel

 

Thanks spicey your a star problem resolved, would this be ok for the vty's

access-list 30 permit 10.10.10.0 0.0.0.7
access-list 30 deny ip any any log

line vty 0 4
access-class 30 in
privilege level 15
login local
transport input telnet ssh

And this for http/s

access-list 101 deny <outside ip> 80 any log
access-list 101 deny <outside ip> 443 any log


[added]
Spice do you know if this router supports Annex M

 

Thanks, glad to help!

The 877 supports annex m, I think from release 12.4(11)XJ.

The access-l 30 looks good, I would just add logging to the first line as well, it is always nice to track successful logins. To control http/s use a seperate access-list; acl 101 already blocks 80 and 443.
e.g.:
ip http access-class <access-list>


Spice_Weasel

 

Ah gotcha, thanks again Spice_Weasel for all your help(rep added). Now am off to try and find out whats so easy about Cisco Easy VPN