Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
609
Views
0
Helpful
4
Replies

2611 Port Forwarding Nightmares

justinkarl
Level 1
Level 1

‎12-13-2007 07:12 PM - edited ‎03-03-2019 07:55 PM

I've got a 2611 with IOS 12.3 at an office of mine, and I'd like to set it up to forward port 80 to a small webserver. I've tried the same types of configurations that I used with my older 2611 and 12.0, but they aren't working. I've stripped the config down to barebones and still can't get it to do what I want... Am I going insane? Can someone please point out the flaw or suggest an alternate method?

Current configuration : 2075 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Cisco2611

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$rD#############yh8e/

enable password 7 1#############35

!

no aaa new-model

ip subnet-zero

no ip source-route

ip tcp timestamp

ip tcp path-mtu-discovery

!

!

ip name-server 68.87.64.146

ip name-server 68.87.75.194

!

no ip bootp server

ip cef

!

!

interface Ethernet0/0

description LAN

ip address 10.1.10.1 255.255.255.0

no ip redirects

no ip proxy-arp

ip nat inside

full-duplex

no cdp enable

no mop enabled

!

interface Ethernet0/1

description WAN

ip address 70.91.###.157 255.255.255.252

ip access-group 101 in

no ip redirects

no ip proxy-arp

ip nat outside

full-duplex

no cdp enable

!

ip nat inside source list 100 interface Ethernet0/1 overload

ip nat inside source static tcp 10.1.10.11 80 interface Ethernet0/1 80

no ip http server

ip classless

no ip forward-protocol udp netbios-ns

no ip forward-protocol udp netbios-dgm

ip route 0.0.0.0 0.0.0.0 70.91.###.158

!

!

access-list 100 permit ip 10.1.10.0 0.0.0.255 any

access-list 101 permit ip any any

no cdp run

!

line con 0

line aux 0

line vty 0 4

password ############

login

!

!

end

Labels:
0 Helpful
4 Replies 4

leonvd79
Level 4
Level 4

‎12-14-2007 02:29 AM

Hi Justin,

My suggestion is to append the "extendable" command to the end of your static NAT entry.

ip nat inside source static tcp 10.1.10.11 80 70.91.###.157 80 extendable

Regards,

Leon

0 Helpful

justinkarl
Level 1
Level 1
In response to leonvd79

‎12-15-2007 10:38 AM

Leon:

It seems that this didn't make any difference... Do you think there is a conflicting statement somewhere else in the config?

Thanks,

Justin

0 Helpful

JORGE RODRIGUEZ
Level 10
Level 10
In response to justinkarl

‎12-15-2007 11:47 AM

In your acl 101 you may try it differently

no access-list 101 permit ip any any

replace with

access-list 101 permit tcp any 10.1.10.1 0.0.0.255 eq www log

HTH

Jorge

Jorge Rodriguez
0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to JORGE RODRIGUEZ

‎12-15-2007 03:36 PM

Careful with that, an implied deny any any will take effect.

ACL 101 does not present any problems as its currently entered.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card