Theme

Welcome · log in · join	food

	All Forums		Hot Topics		Gallery

Search similar:

Forums → Equipment Support → Hardware By Brand →

Cisco → Cisco Mac User cant access certain websites

uniqs
970

« [H/W] Cisco replacements for 2811 series routers • [H/W] ASA 5510 won't boot (amber status, no power light) »

Stiofean join:2014-06-17 Ireland 1 edit	Stiofean Member 2014-Sep-3 10:58 am Cisco Mac User cant access certain websites Mac Users cannot access certain websites only particular sites Windows Users can access the So it seems Windows Machines can access anything but Mac users cannot config: Building configuration... Current configuration : 4277 bytes ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! enable secret 5 XXX ! aaa new-model ! ! aaa authentication login xxx local aaa authentication login xxx local aaa authorization network xxx local aaa authorization network xxx local ! ! aaa session-id common ! ! dot11 syslog no ip subnet-zero ip cef no ip dhcp use vrf connected ip dhcp excluded-address 192.168.0.190 192.168.0.254 ip dhcp excluded-address 192.168.0.1 192.168.0.160 ! ip dhcp pool pool1 network 192.168.0.0 255.255.255.0 default-router 192.168.0.2 dns-server 8.8.8.8 ! ! ! vpdn enable ! vpdn-group 1 request-dialin protocol pppoe ! ! ! username xxx secret 5 xxx ! ! crypto isakmp policy 3 encr 3des authentication pre-share group 2 ! crypto isakmp client configuration group vpn-users key xxx dns 192.168.0.2 wins 192.168.0.2 pool vpn-dynamic-pool acl 101 ! ! crypto ipsec transform-set myset esp-3des esp-md5-hmac ! crypto dynamic-map dynmap 10 set transform-set myset reverse-route ! ! crypto map clientmap client authentication list userauthen crypto map clientmap isakmp authorization list groupauthor crypto map clientmap client configuration address respond crypto map clientmap 10 ipsec-isakmp dynamic dynmap ! archive log config hidekeys ! ! ! ! ! interface Loopback0 ip address 192.168.2.1 255.255.255.0 ip nat inside ip nat enable ip virtual-reassembly ! interface Tunnel0 no ip address ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 no ip address ip virtual-reassembly ip tcp adjust-mss 1452 no ip mroute-cache duplex auto speed auto pppoe-client dial-pool-number 1 crypto map clientmap ! interface Virtual-Template1 no ip address ip nat inside ip virtual-reassembly ! interface Virtual-Template2 no ip address ! interface Vlan1 ip address 192.168.0.2 255.255.255.0 ip nat inside ip nat enable ip virtual-reassembly ! interface Dialer0 bandwidth 102400 ip address negotiated ip nat outside ip nat enable ip virtual-reassembly encapsulation ppp no ip mroute-cache dialer pool 1 dialer-group 1 ppp authentication chap pap callin ppp chap hostname xxx ppp chap password xxx ppp pap sent-username xxx password 0 xxx ppp ipcp dns request accept ppp ipcp route default ppp ipcp address accept crypto map clientmap ! ip local pool vpn-dynamic-pool 192.168.2.2 192.168.2.254 ip forward-protocol nd ! no ip http server no ip http secure-server ip dns server ip nat pool inside 192.168.0.1 192.168.0.254 netmask 255.255.255.0 ip nat inside source static tcp 192.168.0.200 x interface Dialer0 x ip nat inside source static udp 192.168.0.250 x interface Dialer0 x ip nat inside source static tcp 192.168.0.219 x interface Dialer0 x ip nat inside source static udp 192.168.0.219 x interface Dialer0 x ip nat inside source static tcp 192.168.0.201 x interface Dialer0 x ip nat inside source static udp 192.168.0.201 x interface Dialer0 x ip nat inside source static udp 192.168.0.201 x interface Dialer0 x ip nat inside source static tcp 192.168.0.201 x interface Dialer0 x ip nat inside source static tcp 192.168.0.201 x interface Dialer0 x ip nat inside source static tcp 192.168.0.250 x interface Dialer0 x ip nat inside source list 100 interface Dialer0 overload ip nat inside source list inside interface Dialer0 overload ! access-list 100 remark == [Control NAT Service]== access-list 100 deny ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255 access-list 100 permit ip 192.168.0.0 0.0.0.255 any access-list 101 permit ip 192.168.0.0 0.0.0.255 192.168.2.0 0.0.0.255 dialer-list 1 protocol ip permit ! ! ! control-plane ! banner motd ^C *********************************************************** ACCESS RESTRICTED DISSCONNECT NOW *********************************************************** ^C ! line con 0 no modem enable line aux 0 line vty 0 4 password xxx ! scheduler max-task-time 5000 end Router#
	actions · 2014-Sep-3 10:58 am ·
TomS_ Git-r-done MVM join:2002-07-19 London, UK	TomS_ MVM 2014-Sep-3 3:28 pm Youre going to need to be more specific about what the problem is before we can even figure out where to start looking.
	actions · 2014-Sep-3 3:28 pm ·
HELLFIRE MVM join:2009-11-25	HELLFIRE to Stiofean MVM 2014-Sep-3 5:25 pm to Stiofean 2nd TomS_ ... exactly WHAT can Windows users access and Mac users cannot access? The internet? the VPN? Something else? Also, exactly what make / model is this config from? Regards
	actions · 2014-Sep-3 5:25 pm ·
cramer Premium Member join:2007-04-10 Raleigh, NC Westell 6100 Cisco PIX 501	cramer to Stiofean Premium Member 2014-Sep-3 7:20 pm to Stiofean `ip tcp adjust-mss 1452` has ZERO effect on F4 because it's not running IP. It belongs on the IP interface (dialer0). Also, dialer0 needs an MTU set. The Macs are having issues with PMTU-D (path MTU discovery.) Windows has historically been more conservative on MSS, so it doesn't run into the same problems.
	actions · 2014-Sep-3 7:20 pm ·

Stiofean join:2014-06-17 Ireland	Stiofean Member 2014-Sep-5 9:59 am Thank you i fixed the issue by changing the packet size on the Mac machines »support.apple.com/kb/ht2532
	actions · 2014-Sep-5 9:59 am ·

Forums → Equipment Support → Hardware By Brand → Cisco	« [H/W] Cisco replacements for 2811 series routers • [H/W] ASA 5510 won't boot (amber status, no power light) »