Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2584
Views
0
Helpful
11
Replies

Cannot access LAN from WAN

Go to solution
tristanrafael63184
Level 1
Level 1

‎01-27-2020 06:24 AM - edited ‎01-27-2020 11:46 AM

hi, can you help me, how to access Server-A from WAN. I have 3 devices:

 

- firewall (sonicwall)
- router (Cisco)
- Switch (Cisco)

 

with the topology as shown below:

 

topology3-1.jpg

 

as default initially installs the Sonicwall firewall, the x0 and x1 interfaces are activated. x0 as a LAN interface and x1 as a WAN interface.

interface x0 connects to the router interface gi0 / 0 and gets the ip address 192.168.168.65 as dhcp from the firewall device.

to drive traffic to Server-A, on my firewall device I create NAT policies and Access rules, as shown below:

 

192.168.168.65 -------------> referred to as "Web Server"

NAT Policy Settings
====================

Original Source       : Any
 
Translated Source     : Original

Original Destination : WAN Interface IP

Translated Destination : Web Server

Original Service     : HTTP

Translated Service   : Original

Inbound Interface     : X1

Outbound Interface   : Any


Access Rules
============

From         : WAN

To           : LAN

Source Port   : HTTP

Service       : HTTP

Source       : Any

Destination   : WAN Interface IP

Users Included : All

Users Excluded : None

Schedule     : Always On

also on cisco router devices, I made a NAT policy:

!
ip nat inside source static tcp 172.16.10.10 443 interface gi0/0 80
!
ip access-list standard NAT
 permit 172.16.10.0 0.0.0.255
!
ip nat inside source list NAT interface GigabitEthernet0/0 overload
!

using the settings above, on LAN I can access Server-A. Server-A can also access the internet.

but when I try to access Server-A from WAN, the connection is refused.


Thank you in advance

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to tristanrafael63184

‎01-28-2020 12:52 AM - edited ‎01-28-2020 12:53 AM

So Do you have on Sonicwall Firewall for this IP 

36.255.220.93

if anyone accessing from outside, do you have NAT and Access-list allowed the connection in?

 

you need put the config in place to work.

 

1. Sonicwall required to allow from outside connection NAT and ACL ( and forwarding to router)

 

https://www.sonicwall.com/support/knowledge-base/how-do-i-configure-nat-policies-on-a-sonicwall-firewall/170505782921100/

 

2. The router should have an ACL and forward table to server.

 

https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13772-12.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
11 Replies 11

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-27-2020 06:47 AM

Do you have enough policy ACL available from your Soniwall to allow traffc in ?

 

can you post full config of router to look your NAT and ACL.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
tristanrafael63184
Level 1
Level 1
In response to balaji.bandi

‎01-27-2020 11:36 AM

thank you for responding, "show run" my router:

Building configuration...
Current configuration : 3025 bytes

cwmp
!
vlan 1
!
vlan 10
 name VLAN-MGMT
!
vlan 16
 name VLAN_DMZ
!
vlan 20
 name VLAN-WIFI
!
!
no service password-encryption
service dhcp
!
ip dhcp excluded-address 192.168.10.1 192.168.10.9
ip dhcp excluded-address 192.168.20.1 192.168.20.9
ip dhcp excluded-address 172.16.10.1 172.16.10.9
!
!
ip dhcp pool User_Pool
 network 192.168.10.0 255.255.255.0
 dns-server 8.8.8.8
 default-router 192.168.10.1
!
ip dhcp pool User_Pool_20
 network 192.168.20.0 255.255.255.0
 dns-server 8.8.8.8
 default-router 192.168.20.1
!
ip dhcp pool DMZ_Pool
 network 172.16.10.0 255.255.255.0
 dns-server 8.8.8.8
 default-router 172.16.10.1
!
control-plane
!
control-plane protocol
 acpp bw-rate 1250 bw-burst-rate 2500
!
control-plane manage
 port-filter
 arp-car 5
 acpp bw-rate 1250 bw-burst-rate 2500
!
control-plane data
 glean-car 5
 acpp bw-rate 1250 bw-burst-rate 2500
!
enable secret 5 $1$mniP$pC9F4FzyuA3Dxyvx
enable service web-server http
enable service web-server https
!
interface GigabitEthernet 0/0
 ip nat outside
 ip address dhcp
 duplex auto
 speed auto
!
interface GigabitEthernet 0/1
 duplex auto
 speed auto
!
interface GigabitEthernet 0/2
 duplex auto
 speed auto
!
interface GigabitEthernet 0/3
 duplex auto
 speed auto
!
interface GigabitEthernet 1/0
!
interface GigabitEthernet 1/1
 switchport mode trunk
!
interface GigabitEthernet 1/2
!
interface GigabitEthernet 1/3
!
interface GigabitEthernet 1/4
!
interface GigabitEthernet 1/5
!
interface GigabitEthernet 1/6
!
interface GigabitEthernet 1/7
!
interface GigabitEthernet 1/8
!
interface GigabitEthernet 1/9
!
interface GigabitEthernet 1/10
!
interface GigabitEthernet 1/11
!
interface GigabitEthernet 1/12
!
interface GigabitEthernet 1/13
!
interface GigabitEthernet 1/14
!
interface GigabitEthernet 1/15
!
interface GigabitEthernet 1/16
!
interface GigabitEthernet 1/17
!
interface GigabitEthernet 1/18
!
interface GigabitEthernet 1/19
!
interface GigabitEthernet 1/20
!
interface GigabitEthernet 1/21
!
interface GigabitEthernet 1/22
!
interface GigabitEthernet 1/23
!
interface VLAN 1
 ip address 192.168.1.1 255.255.255.0
!
interface VLAN 10
 ip nat inside
 ip address 192.168.10.1 255.255.255.0
!
interface VLAN 16
 ip nat inside
 ip address 172.16.10.1 255.255.255.0
!
interface VLAN 20
 ip nat inside
 ip address 192.168.20.1 255.255.255.0
!
!
ip route 0.0.0.0 0.0.0.0 10.1.1.1
!
end

 

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎01-27-2020 07:16 AM

Hello,

 

what IP address are you using to connect from the WAN (I assume with WAN you mean the Internet) to Server-A ?

0 Helpful

Go to solution
tristanrafael63184
Level 1
Level 1
In response to Georg Pauwen

‎01-27-2020 11:41 AM - edited ‎01-27-2020 11:44 AM

as inbound, i use ip address 192.168.168.65 on the router interface gi0/0.

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to tristanrafael63184

‎01-27-2020 12:39 PM

Hello,

 

192.168.168.65 is a private space address, from where are you trying to access this address ? What is the WAN ? Is the WAN the Internet ?

 

I suggest you add the IP addresses to your drawing so we can see how you want to access the server, and from where.

0 Helpful

Go to solution
tristanrafael63184
Level 1
Level 1
In response to Georg Pauwen

‎01-27-2020 01:45 PM - edited ‎01-27-2020 01:53 PM

 

Firewall devices have 2 interfaces, x0 as a LAN interface and x1 as a WAN interface.

 

interface x0 is connected to the router interface gi0/0 and gets the ip address 192.168.168.65 from the firewall device.

 

 

topology3-1.jpg

 

 

thank you.

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to tristanrafael63184

‎01-27-2020 05:25 PM

adding to another post as your drawing not show any IP address, we understand the router has 192.x ip address, But from the internet what IP address you trying to connect (hope your WAN definition is from the internet ?)

 

so the NAT needs to take place from Sonicwall, Router - then Server.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
tristanrafael63184
Level 1
Level 1
In response to balaji.bandi

‎01-27-2020 07:41 PM - edited ‎01-27-2020 07:44 PM

I want to access the web server on port 443/80 and redirect to the internal (private) server ip address on port 443, for example:

 

if in the browser I access the ip address https://36.255.220.93 directed to server 
computer 172.16.10.12 on port 443.

that's it.

thank you

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to tristanrafael63184

‎01-28-2020 12:52 AM - edited ‎01-28-2020 12:53 AM

So Do you have on Sonicwall Firewall for this IP 

36.255.220.93

if anyone accessing from outside, do you have NAT and Access-list allowed the connection in?

 

you need put the config in place to work.

 

1. Sonicwall required to allow from outside connection NAT and ACL ( and forwarding to router)

 

https://www.sonicwall.com/support/knowledge-base/how-do-i-configure-nat-policies-on-a-sonicwall-firewall/170505782921100/

 

2. The router should have an ACL and forward table to server.

 

https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation-nat/13772-12.html

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
tristanrafael63184
Level 1
Level 1
In response to balaji.bandi

‎01-29-2020 03:16 AM

Thank you, I will try your advice. I will return with the results.

0 Helpful

Go to solution
tristanrafael63184
Level 1
Level 1
In response to tristanrafael63184

‎01-29-2020 12:35 PM

Hi, using my settings above, on the firewall device, I made a nat policy using the private use ip translation 192.168.168.65 (router ip address, get from the firewall device) And now I can access the web server from WAN / LAN.

 

Thank you guys for your help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card