Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4967
Views
0
Helpful
6
Replies

Cannot connect to router via public IP address

Go to solution
Joshua Smick
Level 1
Level 1

‎10-10-2013 09:43 PM - edited ‎03-04-2019 09:17 PM

Forgive me, I'm pretty much brand new to Cisco networking.  I've just set up a Cisco 3825 router to practice on, and I cannot connect to the router via my public IP address (http(s), telnet, ssh, etc), and I'm not quite sure as to where I've gone wrong.  I'm not having any issues connecting to the router from behind the network, and there are no issues with anything behind the network accessing the internet.  Where might I start looking to troublehsoot this issue? 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to Joshua Smick

‎10-11-2013 02:27 AM

Hi,

1st do this:

no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0

ip route 0.0.0.0 0.0.0.0  dhcp

And tell us what is connected out g0/0, I suppose it is an xdsl modem/router, if so you should make  a manual reservation on it for the IP address of g0/0 and port forward the necessary services you want to access on the router.

do this on the router to facilitate the reservation on the modem/router:

int g0/0

ip dhcp client client-id interface g0/0

and take note of the MAC of g0/0 interface with do show int g0/0 | i bia

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

0 Helpful
6 Replies 6

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎10-10-2013 11:24 PM

Hi,

Can you post your config and tell us from where you are trying to access the router with its public IP.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
Joshua Smick
Level 1
Level 1
In response to cadet alain

‎10-11-2013 01:02 AM

Hi Alain, I just wiped my original configuration and rebuilt it because I thought I had too many mistakes in the old one.  This is what I have now:

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

enable secret 4 L3yDU5muhsZ/hpwNZQ1owTr51gJKqTKSL0o7ewMUVJs

!

no aaa new-model

!

!

dot11 syslog

ip source-route

!

ip cef

!

!

ip dhcp excluded-address 192.168.1.1

!

ip dhcp pool TARDIS_CLIENTS

import all

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

!

!

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

!

voice-card 0

!

!

!

!

!

!

!

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-2013182566

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2013182566

revocation-check none

rsakeypair TP-self-signed-2013182566

!

!

crypto pki certificate chain TP-self-signed-2013182566

certificate self-signed 01

  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 32303133 31383235 3636301E 170D3133 31303131 30373437

  30355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 30313331

  38323536 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100B56B E21BB94D EAF82B97 8DD74544 37CB065C 4167BCE8 07919F9E A40ECB10

  52E01F20 0C99DBA6 575488F5 471F5D44 F22008D9 EB8A43A2 04543B98 2DE93479

  FCD433D4 99413B0C A46DE6DE 9E7702B7 D3AD3C72 D0C30F65 6461870E B55ADA2A

  E8EC6AB5 477F2163 909EC85C 5432C5B6 6C57C95A EF9389AC AF9AE269 0A2A48A1

  823D0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

  551D2304 18301680 14B4B90E 6B3A34C7 4BF07C00 53CA4C07 466BFBD5 C3301D06

  03551D0E 04160414 B4B90E6B 3A34C74B F07C0053 CA4C0746 6BFBD5C3 300D0609

  2A864886 F70D0101 05050003 8181009C 3947D807 D136FE11 E394F131 B9DFCE81

  68EE60F4 C53C8D4E 3E6D98E5 A9F64DC4 B6B31D6D DDCC34BD DD732735 77CBBB84

  EDA5A708 324CFEB4 2D42374B E0751E80 D526D9AB 662BD3F9 3DF8F952 3BF042E7

  6BB3B1EB 30763DFC 010DEC50 13451155 422ADC5D 6A70A370 31DA33F2 1BA5173F

  176269F9 39919D01 0D393B55 3815FC

            quit

!

!

license udi pid CISCO3825 sn FTX1002C11E

username josh privilege 15 secret 4 L3yDU5muhsZ/hpwNZQ1owTr51gJKqTKSL0o7ewMUVJs

!

redundancy

!

!

!

!

!

!

!

!

!

!

interface GigabitEthernet0/0

ip address dhcp

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

media-type rj45

!

interface GigabitEthernet0/1

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

media-type rj45

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

!

ip nat inside source list 101 interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0

!

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

!

!

!

!

!

!

control-plane

!

!

!

!

mgcp profile default

!

!

!

!

!

!

line con 0

line aux 0

line vty 0 4

privilege level 15

password 7 0023120A0D550A5457711C0F

login local

transport input telnet ssh

transport output telnet ssh

line vty 5 15

privilege level 15

login local

transport input telnet ssh

transport output telnet ssh

!

scheduler allocate 20000 1000

end

Thanks,

Josh

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to Joshua Smick

‎10-11-2013 02:27 AM

Hi,

1st do this:

no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0

ip route 0.0.0.0 0.0.0.0  dhcp

And tell us what is connected out g0/0, I suppose it is an xdsl modem/router, if so you should make  a manual reservation on it for the IP address of g0/0 and port forward the necessary services you want to access on the router.

do this on the router to facilitate the reservation on the modem/router:

int g0/0

ip dhcp client client-id interface g0/0

and take note of the MAC of g0/0 interface with do show int g0/0 | i bia

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to cadet alain

‎10-11-2013 07:27 AM

I would suggest changing your address translation. Try using something like this and tell us if it makes a difference

ip nat inside source list 1 interface GigabitEthernet0/0 overload

access-list 1 permit ip 192.168.1.0 0.0.0.255

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
Joshua Smick
Level 1
Level 1
In response to cadet alain

‎10-11-2013 08:33 PM

Alain, that absolutely fixed it.  Thank you so much!  Richard, if Alain's suggestion worked, should I try adding yours as well? 

Thanks, 

Josh

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Joshua Smick

‎10-12-2013 09:44 AM

Josh

I am glad that the suggestion from Alain fixed your problem.

The standard access list that I suggest has the same effect as the extended access list that you were using, since your extended access list was checking only the source address and not the destination address. I still believe that a standard access list is better than an extended access list for your address translation (especially since your extended access list 101 was only checking the source address - and I have seen some situations where extended access lists with permit any destination caused some issues). But if your router is working fine with the extended access list then maybe it is good enough.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card