Hi To All,
Its the same old help question,
I have a small network , a Cisco 1841 router configured with pppoe and connected,(no extra public IP), I have server which I would like to reach from outside through port 23424 , and I'm not able to do it, I tried the usuall way known to me, nat rule mapping the dialer to the inside ip address of server and an access list permiting the port the port on Dialer but my intenet disconnects when ever I create the access rule. so the router version is:
================================================================================
#sh ver
Cisco IOS Software, 1841 Software (C1841-SPSERVICESK9-M), Version 12.4(12a), RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Thu 22-Feb-07 15:56 by prod_rel_team
ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
jerdi uptime is 12 hours, 46 minutes
System returned to ROM by reload at 11:04:04 UTC Sun Nov 30 2014
System image file is "flash:c1841-spservicesk9-mz.124-12a.bin"
================================================================================
and my config is
================================================================================
Using 1972 out of 196600 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname jerdi
!
boot-start-marker
boot-end-marker
!
no logging buffered
!
no aaa new-model
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.115
!
ip dhcp pool home
import all
network 192.168.1.0 255.255.255.0
dns-server xxx.xxx.xxx.xxx
default-router 192.168.1.254
domain-name xxxxx.xxx
!
!
vpdn enable
!
!
!
!
!
controller E1 0/0/0
!
!
interface FastEthernet0/0
description $ETH-LAN$
ip address 192.168.1.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
no ip mroute-cache
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/1
description ADSL WAN Interface
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no ip mroute-cache
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
interface BRI0/1/0
no ip address
encapsulation hdlc
shutdown
!
interface Dialer1
description ADSL WAN Dialer
ip address negotiated
no ip unreachables
ip mtu 1492
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1452
no ip mroute-cache
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname xxxxxxxx
ppp chap password 0 xxxxxxx
ppp pap sent-username xxxxxxx password 0 xxxxxxx
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
ip http server
no ip http secure-server
ip nat inside source list 10 interface Dialer1 overload
ip nat inside source static tcp 192.168.1.115 23424 interface Dialer1 23424
!
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 101 permit tcp any host 192.168.1.115 eq 23424
dialer-list 1 protocol ip permit
disable-eadi
no cdp run
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end
============================================================
the configuration is at the very basic yet, now I have only inserted the nat for the internal server
"ip nat inside source static tcp 192.168.1.115 23424 interface Dialer1 23424"
if I will insert the access-list
"ip access-list extended 100"
"permit any any eq 23424"
and then I bound this access list to interface Dialer1
"interface Dialer1''
"ip access-group 100 in"
my internet disconnects....., If I remove the "ip access-group 100 in", my internet connection resumes at once,
I made a test and I was able to portforward ssh (22), by only implementing the IP nat rule to same server and want to portforward 23424 , it was worked normally,
please any Idea what I'm doing wrong.
very thanks
Jordi
