about a port 80 service

fffrrr1d3m · ‎03-22-2010

This is the scenario:

LAN

Server

(using IIS service)

[/WebFileAsp] <--------------------> ( Router ) <--------------> INTERNET

private IP 10.10.10.2 public IP 200.1.2.3

I want to enter through port 80 using the public ip (200.1.2.3) to a page (/WebFileAsp) on a server (10.10.10.2). I've entered the next command on the router to enable the nating:

# ip nat inside source static tcp 10.10.10.2 80 200.1.2.3 80 extendable

but I thing is not enought. I mean, by the LAN, if I enter on the url "http://10.10.10.2/WebFileAsp" I can see and access to the service, but if I enter by out of the LAN on the url "http://200.1.2.3/WebFileAsp" I cant, I mean, the browser doesnt find the page.

Here is my doubt. How can I enable the access to this specific page by internet?

I'll appreciate a lot the support. Thanks.

pompeychimes · ‎03-22-2010

Post a scrubbed copy of your Router config please.

fffrrr1d3m · ‎03-22-2010

you need the complete sh runn?

fffrrr1d3m · ‎03-22-2010

I think you need this part of the config:

ip nat inside source route-map NONAT interface FastEthernet0/0 overload

ip nat inside source static tcp 10.10.10.2 80 200.1.2.3 80 extendable

ip nat inside source static tcp 10.10.10.1 80 200.1.2.4 80 extendable

!

ip access-list standard REDISTRIBUTION

deny 0.0.0.0

permit any

!

ip access-list extended PHONELIST

permit ip any 10.20.14.0 0.0.0.31

ip access-list extended REMOTEVPN

permit ip 192.168.3.0 0.0.0.255 10.10.14.0 0.0.0.31

permit ip 10.10.0.0 0.0.63.255 10.10.14.0 0.0.0.31

permit ip 10.20.0.0 0.0.63.255 10.10.14.0 0.0.0.31

permit ip 192.168.21.0 0.0.0.255 10.10.14.0 0.0.0.31

permit ip 192.168.33.0 0.0.0.255 10.10.14.0 0.0.0.31

ip access-list extended TO_INET

deny ip 10.10.0.0 0.0.63.255 10.10.14.0 0.0.0.31

deny ip 10.20.0.0 0.0.63.255 10.10.14.0 0.0.0.31

deny ip 10.20.0.0 0.0.63.255 10.20.14.0 0.0.0.31

deny ip 192.168.3.0 0.0.0.255 any

deny ip 10.10.0.0 0.0.63.255 192.168.21.0 0.0.0.255

deny ip 10.20.0.0 0.0.63.255 192.168.33.0 0.0.0.255

permit ip 10.10.1.0 0.0.0.255 any

permit ip 10.20.1.128 0.0.0.127 any

ip access-list extended TO_INTERNET

permit ip 10.10.1.0 0.0.0.255 any

permit ip 10.20.1.0 0.0.0.255 any

permit ip 10.2.1.0 0.0.0.255 any

pompeychimes · ‎03-22-2010

Post the whole config please.

fffrrr1d3m · ‎03-22-2010

The whole config:

Building configuration...

Current configuration : 6571 bytes

!

interface FastEthernet0/0

description *** INTERFACE A INTERNET **

ip address 200.1.2.4 255.255.255.240

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

description TRUNK_SWITCH

no ip address

duplex auto

speed auto

!

interface FastEthernet0/1.10

description *** VLAN DATA USERS ***

encapsulation dot1Q 10

ip address 10.10.1.10 255.255.255.128

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/1.11

description *** VLAN DATA SERVERS ***

encapsulation dot1Q 11

ip address 10.10.1.90 255.255.255.192

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/1.20

description *** VLAN VOICE USERS ***

encapsulation dot1Q 20

ip address 10.20.1.10 255.255.255.128

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/1.21

description VLAN *** VOICESERVERS ***

encapsulation dot1Q 21

ip address 10.20.1.90 255.255.255.192

ip nat inside

ip virtual-reassembly

!

interface Serial0/0/0

no ip address

shutdown

clock rate 2000000

!

interface Serial0/0/1

no ip address

shutdown

clock rate 2000000

!

ip route profile

ip route 0.0.0.0 0.0.0.0 200.1.2.4

!

ip nat inside source route-map NONAT interface FastEthernet0/0 overload

ip nat inside source static tcp 10.10.10.2 80 200.1.2.3 80 extendable

ip nat inside source static tcp 10.10.10.1 80 200.1.2.4 80 extendable

!

ip access-list standard REDISTRIBUTION

deny 0.0.0.0

permit any

!

ip access-list extended PHONELIST

permit ip any 10.20.14.0 0.0.0.31

ip access-list extended REMOTEVPN

permit ip 192.168.3.0 0.0.0.255 10.10.14.0 0.0.0.31

permit ip 10.10.0.0 0.0.63.255 10.10.14.0 0.0.0.31

permit ip 10.20.0.0 0.0.63.255 10.10.14.0 0.0.0.31

permit ip 192.168.21.0 0.0.0.255 10.10.14.0 0.0.0.31

permit ip 192.168.33.0 0.0.0.255 10.10.14.0 0.0.0.31

ip access-list extended TO_INET

deny ip 10.10.0.0 0.0.63.255 10.10.14.0 0.0.0.31

deny ip 10.20.0.0 0.0.63.255 10.10.14.0 0.0.0.31

deny ip 10.20.0.0 0.0.63.255 10.20.14.0 0.0.0.31

deny ip 192.168.3.0 0.0.0.255 any

deny ip 10.10.0.0 0.0.63.255 192.168.21.0 0.0.0.255

deny ip 10.20.0.0 0.0.63.255 192.168.33.0 0.0.0.255

permit ip 10.10.1.0 0.0.0.255 any

permit ip 10.20.1.128 0.0.0.127 any

ip access-list extended TO_INTERNET

permit ip 10.10.1.0 0.0.0.255 any

permit ip 10.20.1.0 0.0.0.255 any

permit ip 10.2.1.0 0.0.0.255 any

!

route-map NONAT permit 10

match ip address TO_INET

!

control-plane

!

line con 0

logging synchronous

line aux 0

line vty 0 4

transport input telnet

!

scheduler allocate 20000 1000

end