04-17-2018 08:50 AM - edited 03-05-2019 10:17 AM
Dear friends
I need help With my cisco router. I have CISCO2921-SEC/K9 with EHWIC-4ESG.
What I want I access to web server from my internal network and from whole internet.
My public IP on WAN port is 212.87.232.8. My internal network which is 192.168.1.0/24 and the web server ip is 192.168.1.10. I am doing NAT on 212.87.232.8. Typically I should enable port 80 for server's ip and it should work - on any other router it works but on that cisco - doesn't
I have checked a lot forums and tried different solutions but it wont work. May You can help ?
Please check my config - probably I am missing something:
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname RouterAP
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
! ip dhcp pool PULA1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
!
interface GigabitEthernet0/2
description ##WAN2##
ip address 212.87.232.8 255.255.255.240
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/0/0
no ip address
!
interface GigabitEthernet0/0/1
no ip address
!
interface GigabitEthernet0/0/2
no ip address
!
interface GigabitEthernet0/0/3
no ip address
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip nat pool PULA8 212.87.232.8 212.87.232.8 netmask 255.255.255.240
ip nat inside source list 108 pool PULA8 overload
ip nat inside source static tcp 192.168.1.10 80 interface GigabitEthernet0/2 80
ip nat inside source static tcp 192.168.1.10 80 212.87.232.8 80 extendable
ip route 0.0.0.0 0.0.0.0 212.87.232.1
!
!
!
access-list 108 permit ip 192.168.1.0 0.0.0.255 any
access-list 108 permit tcp any host 192.168.1.10 eq www
04-17-2018 10:00 AM
Hi
Do you have Internet access on the internal web server?
04-17-2018 10:53 AM
04-17-2018 11:24 AM
Thank you, have you tried Natting with other IP of the public pool, for example .7?
04-17-2018 11:35 AM
Yes - the same problem
04-17-2018 11:46 AM - edited 04-17-2018 11:46 AM
04-18-2018 09:52 AM
That is right - because now it is not working on cisco router but on other.
But do You think I am missing something in my config ?
04-20-2018 12:51 AM
Anybody has any idea ?
Thanks in advance
04-20-2018 12:57 AM - edited 04-20-2018 01:00 AM
Hello,
try and take the line below out of your static NAT config:
--> ip nat inside source static tcp 192.168.1.10 80 interface GigabitEthernet0/2 80
so you are just left with:
ip nat inside source static tcp 192.168.1.10 80 212.87.232.8 80 extendable
For the sake of completeness, also add:
ip dhcp excluded-address 192.168.1.1
04-20-2018 03:47 AM
04-20-2018 05:46 AM
Hi
You could try executing a debug ip nat and try again it could be receiving the request.
04-22-2018 05:14 PM - edited 04-22-2018 05:34 PM
Why do you need a pool for this?
ip nat pool PULA8 212.87.232.8 212.87.232.8 netmask 255.255.255.240
I would just overload using the public IP of the router like this:
ip nat inside source list 108 interface GigabitEthernet0/2 overload
Then, i would modify this line to see whether it is generating any hits.
access-list 108 permit tcp any host 192.168.1.10 eq www log
I would be tempted to delete the last line of access list 108 as I am not completely sure its necessary.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: