Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1818
Views
0
Helpful
7
Replies

Port forwarding in cisco isr4221

wanumet
Level 1
Level 1

‎12-25-2021 02:59 AM

Hello, I want to access a PaBx (172.16.0.86) so I tried to do port forwarding for it in Isr4221 but still can't reach it. 

When I do port check on the public ip, it still shows that the port(80) is closed.

What more should I do.

Screenshot_20211225-135144_ConnectBot.jpg

Labels:
0 Helpful
7 Replies 7

Georg Pauwen
VIP
VIP

‎12-25-2021 09:11 AM

Hello, 

 

does GigabitEthernet0/0/1 have an actual IP address ? If so, try and change the entry to:

 

ip nat inside source static tcp 172.16.0.86 80 x.x.x.x 80

0 Helpful

wanumet
Level 1
Level 1
In response to Georg Pauwen

‎12-25-2021 11:55 PM

Hello @Georg Pauwen 

GigabitEthernet0/0/1 has a public ip.

I also tried using the public IP in place of the interface name but still was not successful. 

0 Helpful

Georg Pauwen
VIP
VIP
In response to wanumet

‎12-26-2021 12:33 AM

Hello,

 

can you post the output of:

 

sh ip nat portblock dynamic global

 

show ip nat portblock pat global

0 Helpful

wanumet
Level 1
Level 1
In response to Georg Pauwen

‎12-26-2021 12:42 AM

Here it is

YH-Cisco-Router#sh ip nat portblock dynamic global
tcp:
  5062 -6085   rfcnt 1 545  -617    rfcnt 1
udp:
  5062 -6085   rfcnt 1 585  -648    rfcnt 1 512  -584    rfcnt 1
YH-Cisco-Router#show ip nat portblock pat global
tcp:
  80     rfcnt 1
YH-Cisco-Router#
0 Helpful

wanumet
Level 1
Level 1
In response to Georg Pauwen

‎12-26-2021 12:58 AM

I have also forwarded it on udp but still the same problem

YH-Cisco-Router#show ip nat portblock pat global
tcp:
  80     rfcnt 1
udp:
  80     rfcnt 1
YH-Cisco-Router#
0 Helpful

Georg Pauwen
VIP
VIP
In response to wanumet

‎12-26-2021 03:07 AM

Hello,

 

try the below:

 

Delete both NAT entries:

 

no ip nat inside source static tcp 172.16.0.86 80 interface GigabitEthernet0/0/1 80
no ip nat inside source list 1 interface GigabitEthernet0/0/1 overload

 

Then clear the NAT translations:

 

clear ip nat translation *

 

Then re-add the NAT entries (static first):

 

ip nat inside source static tcp 172.16.0.86 80 interface GigabitEthernet0/0/1 80
ip nat inside source list 1 interface GigabitEthernet0/0/1 overload

0 Helpful

wanumet
Level 1
Level 1
In response to Georg Pauwen

‎12-27-2021 02:03 AM - edited ‎12-28-2021 12:23 AM

@Georg Pauwen 

not successful yet

 
 
YH-Cisco-Router#sh ip nat translation
Pro  Inside global         Inside local          Outside local         Outside global
tcp  X.X.X.X:443    172.16.0.254:443      ---                   ---
udp  X.X.X.X:80     172.16.0.254:80       ---                   ---
tcp  X.X.X.X:80     172.16.0.254:80       ---                   ---
udp  X.X.X.X:539    172.16.0.11:123       132.163.97.4:123      132.163.97.4:123
tcp  X.X.X.X:5309   172.16.0.56:35118     216.58.223.86:443     216.58.223.86:443
tcp  X.X.X.X:5366   172.16.0.56:43326     172.217.170.206:443   172.217.170.206:443
udp  X.X.X.X:517    172.16.0.13:123       132.163.97.1:123      132.163.97.1:123

I did what you said and still not successfull.

172.16.0.254 is a PaBx whic I want to access and connect telephones from another branch

X.X.X.X is the public IP of the cisco ISR4221

The hhtp port of the PaBx is 80

https port of the PaBX is 443

 

0 Helpful
Customers Also Viewed These Support Documents