Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
857
Views
0
Helpful
11
Replies

Cisco 2921 - can not access Web server

maciumpek91
Level 1
Level 1

‎04-17-2018 08:50 AM - edited ‎03-05-2019 10:17 AM

Dear friends 

 

I need help With my cisco router. I have CISCO2921-SEC/K9 with  EHWIC-4ESG. 

What I want I access to web server from my internal network and from whole internet. 

My public IP on WAN port is 212.87.232.8. My internal network which is 192.168.1.0/24 and the web server ip is 192.168.1.10. I am doing NAT on 212.87.232.8. Typically I should enable port 80 for server's ip and it should work - on any other router it works but on that cisco - doesn't

I have checked a lot forums and tried different solutions but it wont work. May You can help ? 

 

Please check my config - probably I am missing something: 

 

version 15.4

service timestamps debug datetime msec

service timestamps log datetime msec

 

!

hostname RouterAP

!

boot-start-marker

boot-end-marker

!

 

no aaa new-model

!

! ip dhcp pool PULA1

 network 192.168.1.0 255.255.255.0

 default-router 192.168.1.1

 dns-server 8.8.8.8

!

 

 

interface GigabitEthernet0/2

 description ##WAN2##

 ip address 212.87.232.8 255.255.255.240

 ip nat outside

 ip virtual-reassembly in

 duplex auto

 speed auto

interface GigabitEthernet0/0/0

 no ip address

!

interface GigabitEthernet0/0/1

 no ip address

!

interface GigabitEthernet0/0/2

 no ip address

!

interface GigabitEthernet0/0/3

 no ip address

!

interface Vlan1

 ip address 192.168.1.1 255.255.255.0

 ip nat inside

 ip virtual-reassembly in

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

 

ip nat pool PULA8 212.87.232.8 212.87.232.8 netmask 255.255.255.240

ip nat inside source list 108 pool PULA8 overload

ip nat inside source static tcp 192.168.1.10 80 interface GigabitEthernet0/2 80

ip nat inside source static tcp 192.168.1.10 80 212.87.232.8 80 extendable

ip route 0.0.0.0 0.0.0.0 212.87.232.1

!

!

!

access-list 108 permit ip 192.168.1.0 0.0.0.255 any

access-list 108 permit tcp any host 192.168.1.10 eq www

 

Labels:
0 Helpful
11 Replies 11

Julio E. Moisa
VIP
VIP

‎04-17-2018 10:00 AM

Hi

Do you have Internet access on the internal web server?




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

maciumpek91
Level 1
Level 1
In response to Julio E. Moisa

‎04-17-2018 10:53 AM

Yes, I have
0 Helpful

Julio E. Moisa
VIP
VIP
In response to maciumpek91

‎04-17-2018 11:24 AM

Thank you, have you tried Natting with other IP of the public pool, for example  .7?




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

maciumpek91
Level 1
Level 1
In response to Julio E. Moisa

‎04-17-2018 11:35 AM

Yes - the same problem

0 Helpful

Julio E. Moisa
VIP
VIP
In response to maciumpek91

‎04-17-2018 11:46 AM - edited ‎04-17-2018 11:46 AM

Hi

I tried to reach the IP 212.87.232.8 from my browser and it opened a website

 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
Preview file
54 KB
0 Helpful

maciumpek91
Level 1
Level 1
In response to Julio E. Moisa

‎04-18-2018 09:52 AM

That is right - because now it is not working on cisco router but on other. 

 

But do You think I am missing something in my config ? 

0 Helpful

maciumpek91
Level 1
Level 1

‎04-20-2018 12:51 AM

Anybody has any idea ? 

 

Thanks in advance

0 Helpful

Georg Pauwen
VIP
VIP
In response to maciumpek91

‎04-20-2018 12:57 AM - edited ‎04-20-2018 01:00 AM

Hello,

 

try and take the line below out of your static NAT config:

 

--> ip nat inside source static tcp 192.168.1.10 80 interface GigabitEthernet0/2 80

 

so you are just left with:

 

ip nat inside source static tcp 192.168.1.10 80 212.87.232.8 80 extendable

 

For the sake of completeness, also add:

 

ip dhcp excluded-address 192.168.1.1

0 Helpful

maciumpek91
Level 1
Level 1
In response to Georg Pauwen

‎04-20-2018 03:47 AM

Thank You.

I did this: ip nat inside source static tcp 192.168.1.10 80 interface GigabitEthernet0/2 80
And the same problem. No access
0 Helpful

Julio E. Moisa
VIP
VIP
In response to maciumpek91

‎04-20-2018 05:46 AM

Hi

You could try executing a debug ip nat and try again it could be receiving the request. 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Alan Ng'ethe
Level 3
Level 3

‎04-22-2018 05:14 PM - edited ‎04-22-2018 05:34 PM

Why do you need a pool for this?

 

ip nat pool PULA8 212.87.232.8 212.87.232.8 netmask 255.255.255.240

 

I would just overload using the public IP of the router like this:

ip nat inside source list 108 interface GigabitEthernet0/2 overload

 

Then, i would modify this line to see whether it is generating any hits. 

 

access-list 108 permit tcp any host 192.168.1.10 eq www log

 

I would be tempted to delete the last line of access list 108 as I am not completely sure its necessary. 

 

 

 

Remember to rate helpful posts and/or mark as a solution if your issue is resolved.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card