| [Config] Need help with internal server on Cisco 2821 Router HELP! I'm spinning in circles trying to do something that ought to be trivial. I must be missing something -- can you help?
I am configuring a Cisco 2821 to provide NAT so that the LAN users can access the Internet. That part is working fine. Now I need to provide outside access to an internal web server at port 80. That should be a simple matter of adding an "ip nat inside source static ..." command, right? The command is accepted without a problem but the internal server never "sees" any access requests.
I have set up a test system with a configuration taken from a Cisco example. Here's what I've got:
--------------------------------------------------------
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$MOYU$uHn7.B0xmeE4Y3kRO3Qxh.
enable password xxxxxx
!
no network-clock-participate aim 0
no network-clock-participate aim 1
no aaa new-model
ip subnet-zero
!
ip cef
!
no ip domain lookup
ip domain name xxx.local
no ftp-server write-enable
!
bridge irb
!
interface GigabitEthernet0/0
description WAN
ip address 192.168.0.254 255.255.255.0
ip nat inside
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
ip address XXX.YYY.ZZZ.110 255.255.255.192
ip nat outside
duplex auto
speed auto
no mop enabled
!
ip classless
ip route 0.0.0.0 0.0.0.0 XXX.YYY.ZZZ.65
no ip http server
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip nat inside source static tcp 192.168.0.5 80 XXX.YYY.ZZZ.110 80 extendable
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
line aux 0
line vty 0 4
password xxxxxxx
login
!
scheduler allocate 20000 1000
ntp server 140.221.10.70
!
end
----------------------------------------------------------------
The goal is to connect using the public address XXX.YYY.ZZZ.110 and be forwarded to the server which is at the internal address 192.168.0.5.
So, what am I missing?
Thanks! |
|
 NOCManMacChatterPremium
join:2004-09-30
Colorado Springs, CO | try g0/0 instead of g0/1 maybe.. busy and cant check a config, but I think that's the problem. |
|
3 edits | reply to John Taylor
You need to use int gi 0/1 instead of the external IP in the NAT statement. |
|
| reply to John Taylor
Hi guys;
I'm not clear on NOCMan's suggestion to use g0/0 instead of g0/1. Are you suggesting that I switch which interfaces I use for Lan and Wan? The two interfaces should be interchangeable...
I tried using the interface in the NAT statement instead of the external IP as deaddawg suggested. That didn't make any difference.
Any other suggestions?
Thanks! |
|
| you need to remove this line:
ip nat inside source static tcp 192.168.0.5 80 XXX.YYY.ZZZ.110 80 extendable
and add this line:
ip nat inside source static tcp 192.168.0.5 80 interface gi 0/1 80 extendable
that didnt work? |
|
| reply to John Taylor
It turns out that our ISP was filtering ports upstream of our router. Once the filtering was disabled, the configuration works as advertised.
Thanks for your help ... and sorry to have taken your time for something that wasn't Cisco related! |
|
| said by John Taylor:It turns out that our ISP was filtering ports upstream of our router. Once the filtering was disabled, the configuration works as advertised. Thanks for your help ... and sorry to have taken your time for something that wasn't Cisco related! Guess that makes sense. I was starting to wonder why i couldnt see anything wrong with your config  |
|
