Cisco 877-sec-k9 - Firewall blocca .exe e youtube

[cocis01]

ciao a tutti, ho acquistato ieri un cisco 877-sec-k9 ed installato sulla mia connessione Tiscali 20 mega.
1) Tutto funziona perfettamente, ma se abilito il firewall non riesco più a scaricare file .exe è a vedere video su youtube, i video partono e dopo poci secondi non scarica più, lo stesso per i download di file .exe partono e poi si fermano, cosa devo modificare???

2) Come posso effettuare un upgrade del firmware?

Show Version:


Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(24)T4,
RELEASE SOFTWARE (fc2)

ROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARE


System image file is "flash:c870-advipservicesk9-mz.124-24.T4.bin"


Cisco 877 (MPC8272) processor (revision 0x400) with 118784K/12288K bytes of memo
ry.
MPC8272 CPU Rev: Part Number 0xC, Mask Number 0x10
4 FastEthernet interfaces
1 ATM interface
128K bytes of non-volatile configuration memory.
28672K bytes of processor board System flash (Intel Strataflash)

Configuration register is 0x2102

[anubisg1]

posta la configurazione e non sappiamo come aiutarti,

[cocis01]

ecco, ho anche il problema che il ddns non mi aggiorna l'IP

Codice: Seleziona tutto

Building configuration...

Current configuration : 6456 bytes
!
! Last configuration change at 14:44:57 PCTime Sun May 6 2012 by admin
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 52000
!
no aaa new-model
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00

  
dot11 syslog
ip source-route
!
!
!
ip dhcp pool ccp-pool
   import all
   network 10.10.10.0 255.255.255.248
   default-router 10.10.10.1 
   dns-server 213.205.32.70 213.205.36.70 
   lease 1 2
!
!
ip cef
ip domain name yourdomain.com
ip name-server 213.205.32.70
ip name-server 213.205.36.70
ip ddns update method ddns
 HTTP
  add http://xxxxx:[email protected]/nic/update?system=dyndns&hostname=<h>&myip=<a>
  remove http://xxxxx:[email protected]/nic/update?system=dyndns&hostname=<h>&myip=<a>
 interval maximum 28 0 0 0
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!

!
!
archive
 log config
  hidekeys
!
!
!
class-map type inspect match-all sdm-cls-http
 match protocol http
!
!
!
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
 pvc 8/35 
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
 ip address 10.10.10.1 255.255.255.248
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface Dialer0
 description $FW_OUTSIDE$
 ip ddns update hostname xxxxx.dyndns.org
 ip ddns update ddns
 ip ddns update dyndns host xxxxx.dyndns.org
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname xxxxx
 ppp chap password 0 xxxxx
 ppp pap sent-username xxxxx password 0 xxxxx
 ppp multilink
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.7
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 101 permit tcp host 204.13.248.112 eq www any log
access-list 101 permit tcp host 204.13.248.111 eq www any log
dialer-list 1 protocol ip permit
no cdp run

control-plane
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
end

[Gianremo.Smisek]

al volo, non ho letto con attenzione tutta la cfg:

- per il DDNS:

http://www.firewall.cx/cisco-technical- ... -ddns.html

- per il firewall, attiva l'inspect (oppure vai direttamente su ZFW)


ciao

[cocis01]

al volo, non ho letto con attenzione tutta la cfg:

- per il DDNS:

http://www.firewall.cx/cisco-technical- ... -ddns.html

- per il firewall, attiva l'inspect (oppure vai direttamente su ZFW)


ciao

mi puoi fare la traduzione?

[Gianremo.Smisek]

l'inspect serve ad accettare il traffico di ritorno, in caso di regole ACL applicate ad una interfaccia, che ovviamente sara' droppato a causa dell'implicit deny:

http://www.cisco.com/en/US/products/sw/ ... 4e8b.shtml

ciao