Re: Cisco Edge WAN Router Port Forwarding

maani · ‎03-28-2019

Hello Everyone, I've one old Cisco 1841 Router running as Edge WAN Router. Now, I want to forward ports through it just like any normal home routers.... Kindly help. Pasting Show run....

EdgeRouter#show run

Building configuration...

Current configuration : 1485 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname EdgeRouter

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$18P8$zophbkZPasse7890xZID50

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

ip cef

!

ip dhcp excluded-address 192.168.2.1 192.168.2.10

!

ip dhcp pool Local

network 192.168.2.0 255.255.255.0

default-router 111.111.111.14

dns-server 84.235.6.55 84.235.57.230

!

no ip domain lookup

ip ips po max-events 100

no ftp-server write-enable

!

no crypto isakmp ccm

!

interface FastEthernet0/0

ip address 111.111.111.15 255.255.255.248

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 111.111.111.14

!

ip dns server

!

ip http server

no ip http secure-server

ip nat inside source list 1 interface FastEthernet0/0 overload

!

access-list 1 permit 192.168.2.0 0.0.0.255

!

control-plane

!

banner login ^Cine

Your Activity is being Monitored ^C

!

line con 0

password 7 110A1016141D

login

line aux 0

line vty 0 4

privilege level 15

password 7 0132202A7A26260635624B1D0E0A05194F58566B

login

line vty 5 15

privilege level 15

password 7 0132202A7A26260635624B1D0E0A05194F58566B

login

!

end

EdgeRouter#

AndreaTornaghi · ‎03-28-2019

Dear,

you have a problem in your DHCP configuration, your default-router is 192.168.2.1 and not 111.111.111.14 .

Is your scope only NAT your network for surfing over internet or to publish an internal server?

maani · ‎03-29-2019

Yes, Andrea,
we've corrected the GW in local subnet.

Router is on NAT for surfing internet service to LAN clients. Now with this we want to port forward some of internal server just like any other routers. (e.g. Port Forwarding / DMZ)

Deepak Kumar · ‎03-28-2019

Hi,

Before starting the port forwarding let's make some correction in your configuration:

ip dhcp pool Local
   network 192.168.2.0 255.255.255.0
   default-router 192.168.2.1
   dns-server 84.235.6.55 84.235.57.230

In your case, the default-router must be LAN interface IP: 192.168.2.1

Port forwarding:

Some pieces of information are missing as Port number, Internal Server IP address etc. But let's try with an example:

Suppose your internal Server IP address: 192.168.2.10 and IIS (port 443) is enabled on the server:

IP nat inside source static 192.168.2.10 111.111.111.15 tcp 443

Now if you sitting on the internet and will try to access your internal server (web page) then you need to follow steps as:

Open browser and type in the address bar as "https://111.111.111.15

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

maani · ‎03-28-2019

yes You're absolutely right Mr. Kumar, the GW we configured on first configurations with Public GW then we changed it to local subnet 192.168.2.1.

Secondly,

This one line command is enough?? I mean there's no need for ACL to create??