[Config] Accessing Services Behind CISCO 2811 Router

Author	All Replies
CraigSPL join:2006-02-26 Durham, NC	[Config] Accessing Services Behind CISCO 2811 Router I have tried every configuration I have been able to find but I am still unable to access internal web services from outside. I need to access my Dynamics interface away from the office. My configuration is below. I am able to get to the router from outside but thats it. I disabled the firewall on the host computer and I removed the firewall entries on the router. Please Help Building configuration... Current configuration : 5200 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname ROUTER! boot-start-marker boot-end-marker ! logging message-counter syslog no logging buffered enable secret XXXXXXXXX enable password XXXXXXXX ! aaa new-model ! ! aaa authentication login local_authen local aaa authentication login sdm_vpn_xauth_ml_1 local aaa authentication login sdm_vpn_xauth_ml_2 local aaa authorization exec local_author local aaa authorization network sdm_vpn_group_ml_1 local aaa authorization network sdm_vpn_group_ml_2 local ! ! aaa session-id common memory-size iomem 15 ! ! crypto pki trustpoint TP-self-signed-899310478 crypto pki certificate chain TP-self-signed-899310478 dot11 syslog no ip source-route ! ! ip cef no ip dhcp use vrf connected ! ip dhcp pool sdm-pool1 network 10.100.100.0 255.255.255.0 dns-server default-router 10.100.100.1 netbios-name-server 4.2.2.66 ! ! ip name-server 4.2.2.5 ip name-server 4.2.2.6 ip ddns update method dyndns HTTP add »XXXXXXXX:XXXXXXXX%40members.dynd···yip=BVI1 interval maximum 1 0 0 0 ! no ipv6 cef ! multilink bundle-name authenticated ! ! voice-card 0 ! ! ! username XXXXXXXXXl privilege 15 secret 5 $1$Di0I$F/rXXnVI7M2w3X4dYNF.V0 username XXXXXXXXXXXXX privilege 15 secret 5 $1$BTyS$lOw/KH9Q.b4MYcYkCYAq0. ! ! ! ! crypto dynamic-map SDM_DYNMAP_1 1 reverse-route ! ! crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1 ! archive log config hidekeys ! ! ! class-map type inspect match-any SDM-Voice match protocol h323 ! bridge irb ! ! ! ! interface FastEthernet0/0 description $ETH-LAN$$FW_INSIDE$ ip address 10.90.90.90 255.255.255.0 ip nat inside ip virtual-reassembly no ip route-cache cef no ip route-cache duplex full speed auto no mop enabled ! interface FastEthernet0/1 description $ETH-LAN$$FW_DMZ$ ip address 10.100.100.1 255.255.255.0 ip nat inside ip virtual-reassembly no ip route-cache cef no ip route-cache duplex auto speed auto ! interface Serial0/0/0 no ip address no ip route-cache cef no ip route-cache shutdown ! interface ATM0/1/0 mac-address XXXX.XXXX.XXXX no ip address no ip route-cache cef no ip route-cache no atm ilmi-keepalive bundle-enable hold-queue 208 in ! interface ATM0/1/0.35 point-to-point no ip route-cache bridge-group 1 pvc 0/35 encapsulation aal5snap ! ! interface BVI1 description $FW_OUTSIDE$ ip ddns update hostname anydomain.dyndns.org ip ddns update dyndns ip address dhcp ip nat outside ip virtual-reassembly ! no ip forward-protocol nd no ip http server ip http secure-server ! ! ip dns server ip nat inside source static tcp 10.100.100.48 80 interface BVI1 80 ip nat inside source list 1 interface BVI1 overload ip nat inside source list 3 interface BVI1 overload ip nat inside source list 10 interface BVI1 overload ! access-list 1 remark SDM_ACL Category=2 access-list 1 permit 10.100.100.0 0.0.0.255 access-list 2 remark SDM_ACL Category=16 access-list 2 permit 10.90.90.0 0.0.0.255 access-list 10 remark Local IP addresses for the dynamic PAT with the BVI1 interface IP address access-list 10 permit 10.10.32.0 0.0.0.255 no cdp run ! ! ! ! ! ! control-plane ! bridge 1 protocol ieee bridge 1 route ip ! ! ! mgcp fax t38 ecm ! ! ! !
	to forum · permalink · 2009-07-03 16:11:20 ·
TomS_ Git-r-done Premium,MVM join:2002-07-19 Ireland kudos:1	It is possible that your ISP doesnt allow you to host a "web server" so they block incomming connections to port 80. Try changing your port forward as follows: ip nat inside source static tcp 10.100.100.48 80 interface BVI1 8000 This will allow you to connect to your router IP/dyndns hostname on port 8000, and the connection will be redirected to your server/PC on port 80. Also note that you cannot test this configuration from within your network, you must test it from out on the Internet, a rather annoying feature of Cisco routers.
	to forum · permalink · 2009-07-04 02:41:32 ·

Equipment Support > Hardware By Brand > Cisco > [Config] Accessing Services Behind CISCO 2811 Router