cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
704
Views
0
Helpful
2
Replies

Cisco 887VA Port Forwarding

veritas101
Level 1
Level 1

Hi Cisco family,

I've been working on this config for over month now and its driving me insane. After lot of tweaking I've got this config to work with my BT infinty 2 Internet connection which is a UK based VDSL2. NAT overload works perfectly for all my hosts. Tricky part is i can't seem port forward my web server which is assigned 10.20.20.199 and is VLAN20 on my Layer 3 switch(Please see the network diagram).What am I doing wrong ? Port forwarding works with supplied BT router (BT homehub 5) so I think it is safe to assume its not ISP side. Thanks for taking interest in this matter and for contributing. Appreciate your help.

Network

GRYPHON#sho running-config
Building configuration...

Current configuration : 4295 bytes
!
! Last configuration change at 22:42:15 UTC Mon Feb 24 2014 by cyvorex
! NVRAM config last updated at 22:52:09 UTC Thu Feb 20 2014
! NVRAM config last updated at 22:52:09 UTC Thu Feb 20 2014
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname GRYPHON
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 
!
no aaa new-model
memory-size iomem 10

ip source-route
!
!
!
ip dhcp excluded-address 172.16.10.100 172.16.10.200
!
ip dhcp pool gryphon-pool
 network 172.16.10.0 255.255.255.0
 dns-server 62.6.40.178
 default-router 172.16.10.1
 domain-name cyvorex.local
 lease infinite
!
!
ip cef
no ipv6 cef
!
!

!
!
vtp mode transparent

!
!
!
!
controller VDSL 0
!
vlan 10,101
!
!
!
!
!
!
!
!
interface Ethernet0
 no ip address
!
interface Ethernet0.101
 encapsulation dot1Q 101
 pppoe-client dial-pool-number 1
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
!
interface FastEthernet0
 switchport protected
 no ip address
!
interface FastEthernet1
 no ip address
!
interface FastEthernet2
 no ip address
!
interface FastEthernet3
 no ip address
!
interface Vlan1
 description DMZ
 ip address 172.16.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface Dialer1
 description ***Dialer for BT Infinity 2***
 mtu 1492
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip flow ingress
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 ppp authentication pap chap ms-chap callin
 ppp chap hostname bthomehub@btbroadband.com
 ppp chap password 0 bt
 ppp ipcp address accept
 no cdp enable
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source list NAT interface Dialer1 overload
ip nat inside source static tcp 10.20.20.199 80 Dialer1 80
!
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.10.10.0 255.255.255.0 172.16.10.254
ip route 10.20.20.0 255.255.255.0 172.16.10.254
ip route 10.30.30.0 255.255.255.0 172.16.10.254
!
ip access-list extended NAT
 permit ip 172.16.10.0 0.0.0.255 any
 remark access list for NAT
 permit ip 10.10.10.0 0.0.0.255 any
 permit ip 10.20.10.0 0.0.0.255 any
 permit ip 10.30.10.0 0.0.0.255 any
 remark access list for NAT
!
!
!
!
!
alias exec c conf t
alias exec s sho ip int br
!
line con 0
line aux 0
line vty 0 4
 privilege level 15
 password 
 login local
 transport input telnet ssh
!
end

GRYPHON#

2 Replies 2

shamax_1983
Level 3
Level 3

Hi veritas101,

 

Nothing obvious here.  But you can try denying the static NAT traffic from the overload statement like this..

!

ip access-list extended NAT

 deny tcp host 10.20.20.199 80 any
 permit ip 172.16.10.0 0.0.0.255 any
 remark access list for NAT
 permit ip 10.10.10.0 0.0.0.255 any
 permit ip 10.20.10.0 0.0.0.255 any
 permit ip 10.30.10.0 0.0.0.255 any
 remark access list for NAT
!

Give it ago and let me know.. 

 

Please don't forget to mark correct answers.

--------------

Shamal

 

This discussion has been reposted from Top Contributors to the WAN, Routing and Switching community.