cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


399
Views
0
Helpful
17
Replies
Highlighted
Beginner

I Can't Port forwarding with Cisco 1921 to internal web server

I have a cisco 1921 router that I can not get to port forward/allow access to my internal webserver. SSH is open so it appears that the ISP or modem isn't blocking it (I could be wrong). Inside LAN works getting out to the internet.

 

Gateway of last resort is 68.119.44.1 to network 0.0.0.0

S*    0.0.0.0/0 [254/0] via 68.119.44.1
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.0.0.0/24 is directly connected, GigabitEthernet0/0
L        10.0.0.1/32 is directly connected, GigabitEthernet0/0
      68.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
S        68.114.38.242/32 [254/0] via 68.119.44.1, GigabitEthernet0/1
C        68.119.44.0/22 is directly connected, GigabitEthernet0/1
L        68.119.44.240/32 is directly connected, GigabitEthernet0/1
R     192.168.1.0/24 [120/1] via 10.0.0.2, 00:00:01, GigabitEthernet0/0
crib#
crib#show run
Building configuration...

Current configuration : 1347 bytes
!
! Last configuration change at 01:39:03 UTC Fri Jan 18 2019 by jigga
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname crib
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
no ip domain lookup
ip domain name xxxxxxxxxx
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1921/K9 sn xxxxxxxx
!
!
username grover privilege 15 secret 5 xxxxxxxxxxxx
!
!
!
!
!
!
interface GigabitEthernet0/0
 ip address 10.0.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Serial0/0/0
 no ip address
 shutdown
 no clock rate 2000000
!
router rip
 version 2
 network 10.0.0.0
 network 68.0.0.0
 no auto-summary
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip nat inside source static tcp 192.168.1.21 80 interface GigabitEthernet0/1 80

!
access-list 1 permit 10.0.0.0 0.255.255.255
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 transport input ssh
!
scheduler allocate 20000 1000
end
Everyone's tags (3)
17 REPLIES 17
Beginner

Re: I Can't Port forwarding with Cisco 1921 to internal web server

please show: sh ip nat trans

with section about 

192.168.1.21 80
Beginner

Re: I Can't Port forwarding with Cisco 1921 to internal web server

 

tcp 68.119.44.240:64981 10.0.0.2:64981    23.46.200.165:443  23.46.200.165:443
tcp 68.119.44.240:80   192.168.1.21:80    ---                ---
crib#

Beginner

Re: I Can't Port forwarding with Cisco 1921 to internal web server

try this:

ip nat inside source static tcp 192.168.1.21 80 interface GigabitEthernet0/1 80 extendable
Beginner

Re: I Can't Port forwarding with Cisco 1921 to internal web server

still port 80 not opened

 

crib#show ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
udp 68.119.44.240:49399 10.0.0.2:49399    62.248.193.132:51348 62.248.193.132:51348
udp 68.119.44.240:49399 10.0.0.2:49399    176.228.38.95:63342 176.228.38.95:63342
tcp 68.119.44.240:56106 10.0.0.2:56106    40.122.32.148:443  40.122.32.148:443
udp 68.119.44.240:59855 10.0.0.2:59855    74.125.21.190:443  74.125.21.190:443
tcp 68.119.44.240:60353 10.0.0.2:60353    34.212.58.105:443  34.212.58.105:443
tcp 68.119.44.240:80   192.168.1.21:80    ---                ---
crib#

Hall of Fame Guru

Re: I Can't Port forwarding with Cisco 1921 to internal web server

 

Can you ping the web server from the router ? 

 

If not check default gateway of web server. 

 

Jon

Beginner

Re: I Can't Port forwarding with Cisco 1921 to internal web server

Nope
Hall of Fame Guru

Re: I Can't Port forwarding with Cisco 1921 to internal web server

 

If you cannot ping the server then it is not going to work. 

 

You have a route to the 192.168.1.0/24 network on your firewall so check your server and see where it's default gateway points to. 

 

Jon

Beginner

Re: I Can't Port forwarding with Cisco 1921 to internal web server

It looks like my Netgear N150 logs that someone from 52.202.215.126 was able to get LAN access from Remote 52.202.215.126.  Looks like they're using AWS probably a hacker.  It's a shame others can get access but I can't, lol

Beginner

Re: I Can't Port forwarding with Cisco 1921 to internal web server

show route from 192.168.1.21

Beginner

Re: I Can't Port forwarding with Cisco 1921 to internal web server

Looks like the issue is with Charter...

Beginner

Re: I Can't Port forwarding with Cisco 1921 to internal web server

This whole thing is weird.  How my setup is, I have Charter Spectrum a cable modem, connected to e1 on cisco router, e0 goes to netgear router, on this router, I can't enter any (0.0.0.0 0.0.0.0 route).

When I put the Netgear N150 that was originally behind the cisco router, connect it directly to the modem and I get an entirely different ip address.  From 68.x.x.x, to 100.x.x.x.  If I connect my laptop directly, I get an entire new address scheme.  If I do have the netgear wifi router plugged directly to the modem, then the port forwarding works, but not with the cisco router.

Hall of Fame Guru

Re: I Can't Port forwarding with Cisco 1921 to internal web server

 

As I have said already if you cannot ping the server from your router then it will not work. 

 

Either get the routing between the routers working or remove one of the routers. 

 

Jon

Beginner

Re: I Can't Port forwarding with Cisco 1921 to internal web server

I connected the modem to the router via switch, eliminating other netgear router.  I verified i could ping all 3 devices in the switch.   Router, server, laptop.  All can communicate.  I start my server, open  the website canyouseeme.com.  scan port 80, it's open.  I stop the server, scan again, port 80 is closed.  

Hall of Fame Guru

Re: I Can't Port forwarding with Cisco 1921 to internal web server

 

So either you need to sort the routing out or just use the Cisco router instead. 

 

Jon