cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2058
Views
0
Helpful
7
Replies

Cannot forwarding port 80,443 on cisco 1941

Yes, I know the CLI command format

IP nat inside source static <protocol> <inside IP address> <inside port #> <Inside Global IP or Interface> <External Portx>

And I can  forwarding any port other than 80 and 443 on my router.

I mean I can forwarding port like 22 for ssh, 3389 for remote desktop.

But I just can not  forwarding port 80 and port 443.

Cisco 1941 have a "Cisco Configuration Professional Express" webpage embedded. 

So I wipe off that page by delete /force /recursive flash0:/ccpexp

and I config this line

no IP HTTP server

no IP HTTP security-server

 

But still can not forwarding port 80 and 443.

Any suggestion?

1 Accepted Solution

Accepted Solutions

Your connection looks fine. Can you confirm whether 443 is running at 10.1.1.111 and reachable by executing below command from your Router ?

 

Telnet 10.1.1.111 443

 

You should see connection "Open" once u execute above command

View solution in original post

7 Replies 7

Muhammad Awais Khan
Cisco Employee
Cisco Employee

Hi,

 

Are you able to execute the command ? I just tested on my 1111 router, there is no restriction to use 443 and 80 as long as you disable " ip http server and ip http secure-server"

 

i use this command "ip nat inside source static tcp 192.168.2.10 443 interface GigabitEthernet0/0/0 443"

 

i would be interested to see your complete config, can you share it ?

sure! here's my config:

version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname hello
!
boot-start-marker
boot system flash0:/c1900-universalk9-mz.SPA.156-3.M1.bin
boot-end-marker
!
!
ip dhcp excluded-address 10.1.1.1 10.1.1.100
ip dhcp excluded-address 172.16.1.1 172.16.1.10
ip dhcp excluded-address 192.168.1.1 192.168.1.96
!
ip dhcp pool wifi-192subnet-pool
network 192.168.1.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.1.1
!
ip dhcp pool 172subnet-pool
network 172.16.1.0 255.255.255.0
dns-server 8.8.8.8
default-router 172.16.1.1
!
ip dhcp pool 10subnet-pool
network 10.1.1.0 255.255.255.0
dns-server 8.8.8.8
default-router 10.1.1.1
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
!
redundancy
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1/0
switchport access vlan 10
no ip address
!
interface GigabitEthernet0/1/1
switchport access vlan 30
no ip address
spanning-tree portfast
!
interface GigabitEthernet0/1/2
switchport access vlan 30
no ip address
spanning-tree portfast
!
interface GigabitEthernet0/1/3
switchport access vlan 30
no ip address
spanning-tree portfast
!
interface GigabitEthernet0/1/4
switchport access vlan 30
no ip address
spanning-tree portfast
!
interface GigabitEthernet0/1/5
switchport access vlan 30
no ip address
spanning-tree portfast
!
interface GigabitEthernet0/1/6
switchport access vlan 30
no ip address
spanning-tree portfast
!
interface GigabitEthernet0/1/7
switchport access vlan 20
no ip address
spanning-tree portfast
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan20
ip address 172.16.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan30
ip address 10.1.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
!
no ip http server
ip http port 8080
ip http authentication local
no ip http secure-server
ip http secure-port 4443
!
ip nat inside source list 10 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 10.1.1.111 443 interface GigabitEthernet0/0 443
ip ssh maxstartups 3
ip ssh authentication-retries 2
ip ssh logging events
ip ssh version 2
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 10 permit 10.1.1.0 0.0.0.255
access-list 10 permit 172.16.1.0 0.0.0.255

 

access-list 100 deny ip 222.186.0.0 0.0.255.255 any log
access-list 100 deny ip host 65.49.20.67 any log
access-list 100 deny ip host 51.91.78.152 any log
access-list 100 deny ip 218.92.0.0 0.0.0.255 any log
access-list 100 permit ip any any
!
control-plane host
!
control-plane
!
line con 0
logging synchronous
speed 115200
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0
transport input ssh
line vty 1 4
transport input none
!
end

 

Your connection looks fine. Can you confirm whether 443 is running at 10.1.1.111 and reachable by executing below command from your Router ?

 

Telnet 10.1.1.111 443

 

You should see connection "Open" once u execute above command

Thank you. I know u wants to make sure that my service is actually running at Local IP address 10.1.1.111 and listening at port 443.

Yes, I can see connection "Open" because there is a Raspberry PI set up as a VPN server.
I can remote SSH to that server from outside with "ip nat inside source static tcp 10.1.1.111 22 interface GigabitEthernet0/0 22" configured on my router. And I have opened ports 22,80,443,992,5555 on my server. All the ports can be forwarding at my router except ports 80 and 443.
For find out a solution, I have using GNS3 to simulate this configuration. And I CAN forwarding port 443 and 80 in GNS3 simulate. BUT the configuration doesn't work on my physical router cisco 1941. I have tried so many times before I post this question. cry... :(

Hi,

  

    Have you tried upgrading the router?

 

Regards,
Cristian Matei.

Thank you very much.
To finger out what's wrong of my router, I run GNS3 simulator again, and I chose the same version of ios and even
install the last version of "Cisco CP express" on GNS3.
everything is ok on that virtual router.
Finally, I found out that the fault of my ISP.
I never thought about they block 443 port.
It's also because I am a cisco beginner and I don't have confidence.
I thought it was my configuration problem.
thank you.

First of all, thanks for you help, Muhammad Awais Khan.
Finally, I found out why I can not forward the port. Guest what?
Because of my ISP block the port!
-------------------------------
Why I spend $5/month to get a static IP address? because I want to run my own server in my home!
So I spend a lot of time to find out how to port forwarding on my router.
I try so many times to find out how to configure my router, I even buy a router to support port forwarding.
I never thought about my ISP will block port 443, the most important port in cyberspace.
Finally, I found out it's you! Aussie broadband! block the port!
I need port 80 and 443 to be opened!
That's why I spend 5$ on the static IP Address!
So please, open that port for me!
Thank you!
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: