Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
453
Views
0
Helpful
1
Replies

Cisco C897VA ISR Port Forwarding

TaylorSmith
Level 1
Level 1

‎05-02-2020 06:03 PM - edited ‎05-02-2020 06:04 PM

Hi All,

 

I'm trying to set up a local nginx instance for fun. I also have a static IP from my ISP. I can connect to the nginx instance over localhost/loopback but my settings on my 897 don't seem to be forwarding port 80 requests from Dialer0 to my local machine.

Any advice on this would be awesome! Also happy to take on any unrelated advice to improving my config, I'm not very good at CSICO management.

My config;

 

 

version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname HOME-897-R1
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 x
!
no aaa new-model
clock timezone AEST 10 0
clock summer-time AEDST recurring 1 Sun Oct 2:00 1 Sun Apr 2:00
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!


!
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.0.2
!
ip dhcp pool fullhouseDHCP
 network 192.168.0.0 255.255.255.0
 default-router 192.168.0.1
 dns-server 1.1.1.1
!
!
!
ip domain name fullhouse.home
ip name-server 1.1.1.1
ip name-server 208.67.222.222
ip name-server 8.8.8.8
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
chat-script lte "" "AT!CALL" TIMEOUT 20 "OK"
!
!
!
!
!
license udi pid C897VAG-LTE-LA-K9 sn FGL2125949P
!
!
username x privilege 15 secret 5 x
!
redundancy
!
!
!
!
!
controller VDSL 0
 firmware filename flash:VA_A_39m_B_38h3_24h.bin
!
controller Cellular 0
 lte modem link-recovery rssi onset-threshold -110
 lte modem link-recovery monitor-timer 20
 lte modem link-recovery wait-timer 10
 lte modem link-recovery debounce-count 6
!
!
!
!
!
!
!
!
!
!
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
!
interface Cellular0
 no ip address
 encapsulation slip
 shutdown
 dialer in-band
 dialer string lte
!
interface Cellular1
 no ip address
 encapsulation slip
 shutdown
!
interface Ethernet0
 description -- Ethernet WAN --
 ip address dhcp
 ip nat outside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface GigabitEthernet0
 no ip address
 spanning-tree portfast
!
interface GigabitEthernet1
 no ip address
 spanning-tree portfast
!
interface GigabitEthernet2
 no ip address
!
interface GigabitEthernet3
 no ip address
 spanning-tree portfast
!
interface GigabitEthernet4
 no ip address
!
interface GigabitEthernet5
 no ip address
!
interface GigabitEthernet6
 no ip address
!
interface GigabitEthernet7
 no ip address
!
interface GigabitEthernet8
 no ip address
 duplex auto
 speed auto
!
interface Vlan1
 description -- LAN --
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
!
interface Vlan2
 no ip address
!
interface Dialer0
 description -- VDSL --
 mtu 1492
 ip address negotiated
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip flow ingress
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 0
 dialer-group 1
 no keepalive
 ppp authentication chap callin
 ppp chap hostname x
 ppp chap password x
 ppp ipcp dns request accept
 ppp ipcp route default
 ppp ipcp address accept
 no cdp enable
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list outbound_nat interface Dialer0 overload
ip nat inside source static tcp 192.168.0.18 80 interface Dialer0 80
ip route 0.0.0.0 0.0.0.0 Dialer0
ip ssh port 9001 rotary 1
ip ssh version 2
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
ip access-list extended outbound_nat
 permit ip 192.168.0.0 0.0.255.255 any
 permit ip 192.0.2.0 0.0.0.255 any
!
ipv6 ioam timestamp
!
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
line con 0
 no modem enable
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 stopbits 1
line 3
 script dialer lte
 no exec
line 8
 no exec
line vty 0 4
 privilege level 15
 login local
 rotary 1
 transport input ssh
 transport output ssh
!
scheduler allocate 20000 1000
ntp server 27.124.125.251
!
end
Labels:
0 Helpful
1 Reply 1

dkilpatrick1
Level 1
Level 1

‎05-03-2020 05:49 AM

Remove 'ip nat outside' from your WAN interface (let the Dialer handle it).

 

interface Ethernet0
 description -- Ethernet WAN --
 no ip address
 pppoe enable group global
 pppoe-client dial-pool-number 1

 

As for suggestions for improving your config, start by implementing some sort of firewall, either zone-based or CBAC.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card