about a port 80 service
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-22-2010 10:46 AM - edited 03-04-2019 07:53 AM
This is the scenario:
LAN
Server
(using IIS service)
[/WebFileAsp] <--------------------> ( Router ) <--------------> INTERNET
private IP 10.10.10.2 public IP 200.1.2.3
I want to enter through port 80 using the public ip (200.1.2.3) to a page (/WebFileAsp) on a server (10.10.10.2). I've entered the next command on the router to enable the nating:
# ip nat inside source static tcp 10.10.10.2 80 200.1.2.3 80 extendable
but I thing is not enought. I mean, by the LAN, if I enter on the url "http://10.10.10.2/WebFileAsp" I can see and access to the service, but if I enter by out of the LAN on the url "http://200.1.2.3/WebFileAsp" I cant, I mean, the browser doesnt find the page.
Here is my doubt. How can I enable the access to this specific page by internet?
I'll appreciate a lot the support. Thanks.
- Labels:
-
Other Routing
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-22-2010 11:43 AM
Post a scrubbed copy of your Router config please.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-22-2010 12:17 PM
you need the complete sh runn?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-22-2010 12:31 PM
I think you need this part of the config:
ip nat inside source route-map NONAT interface FastEthernet0/0 overload
ip nat inside source static tcp 10.10.10.2 80 200.1.2.3 80 extendable
ip nat inside source static tcp 10.10.10.1 80 200.1.2.4 80 extendable
!
ip access-list standard REDISTRIBUTION
deny 0.0.0.0
permit any
!
ip access-list extended PHONELIST
permit ip any 10.20.14.0 0.0.0.31
ip access-list extended REMOTEVPN
permit ip 192.168.3.0 0.0.0.255 10.10.14.0 0.0.0.31
permit ip 10.10.0.0 0.0.63.255 10.10.14.0 0.0.0.31
permit ip 10.20.0.0 0.0.63.255 10.10.14.0 0.0.0.31
permit ip 192.168.21.0 0.0.0.255 10.10.14.0 0.0.0.31
permit ip 192.168.33.0 0.0.0.255 10.10.14.0 0.0.0.31
ip access-list extended TO_INET
deny ip 10.10.0.0 0.0.63.255 10.10.14.0 0.0.0.31
deny ip 10.20.0.0 0.0.63.255 10.10.14.0 0.0.0.31
deny ip 10.20.0.0 0.0.63.255 10.20.14.0 0.0.0.31
deny ip 192.168.3.0 0.0.0.255 any
deny ip 10.10.0.0 0.0.63.255 192.168.21.0 0.0.0.255
deny ip 10.20.0.0 0.0.63.255 192.168.33.0 0.0.0.255
permit ip 10.10.1.0 0.0.0.255 any
permit ip 10.20.1.128 0.0.0.127 any
ip access-list extended TO_INTERNET
permit ip 10.10.1.0 0.0.0.255 any
permit ip 10.20.1.0 0.0.0.255 any
permit ip 10.2.1.0 0.0.0.255 any
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-22-2010 12:40 PM
Post the whole config please.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-22-2010 01:14 PM
The whole config:
Building configuration...
Current configuration : 6571 bytes
!
!
interface FastEthernet0/0
description *** INTERFACE A INTERNET **
ip address 200.1.2.4 255.255.255.240
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description TRUNK_SWITCH
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.10
description *** VLAN DATA USERS ***
encapsulation dot1Q 10
ip address 10.10.1.10 255.255.255.128
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1.11
description *** VLAN DATA SERVERS ***
encapsulation dot1Q 11
ip address 10.10.1.90 255.255.255.192
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1.20
description *** VLAN VOICE USERS ***
encapsulation dot1Q 20
ip address 10.20.1.10 255.255.255.128
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1.21
description VLAN *** VOICESERVERS ***
encapsulation dot1Q 21
ip address 10.20.1.90 255.255.255.192
ip nat inside
ip virtual-reassembly
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/0/1
no ip address
shutdown
clock rate 2000000
!
!
ip route profile
ip route 0.0.0.0 0.0.0.0 200.1.2.4
!
ip nat inside source route-map NONAT interface FastEthernet0/0 overload
ip nat inside source static tcp 10.10.10.2 80 200.1.2.3 80 extendable
ip nat inside source static tcp 10.10.10.1 80 200.1.2.4 80 extendable
!
ip access-list standard REDISTRIBUTION
deny 0.0.0.0
permit any
!
ip access-list extended PHONELIST
permit ip any 10.20.14.0 0.0.0.31
ip access-list extended REMOTEVPN
permit ip 192.168.3.0 0.0.0.255 10.10.14.0 0.0.0.31
permit ip 10.10.0.0 0.0.63.255 10.10.14.0 0.0.0.31
permit ip 10.20.0.0 0.0.63.255 10.10.14.0 0.0.0.31
permit ip 192.168.21.0 0.0.0.255 10.10.14.0 0.0.0.31
permit ip 192.168.33.0 0.0.0.255 10.10.14.0 0.0.0.31
ip access-list extended TO_INET
deny ip 10.10.0.0 0.0.63.255 10.10.14.0 0.0.0.31
deny ip 10.20.0.0 0.0.63.255 10.10.14.0 0.0.0.31
deny ip 10.20.0.0 0.0.63.255 10.20.14.0 0.0.0.31
deny ip 192.168.3.0 0.0.0.255 any
deny ip 10.10.0.0 0.0.63.255 192.168.21.0 0.0.0.255
deny ip 10.20.0.0 0.0.63.255 192.168.33.0 0.0.0.255
permit ip 10.10.1.0 0.0.0.255 any
permit ip 10.20.1.128 0.0.0.127 any
ip access-list extended TO_INTERNET
permit ip 10.10.1.0 0.0.0.255 any
permit ip 10.20.1.0 0.0.0.255 any
permit ip 10.2.1.0 0.0.0.255 any
!
!
route-map NONAT permit 10
match ip address TO_INET
!
!
!
!
control-plane
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
transport input telnet
!
scheduler allocate 20000 1000
end
