Here is our running config with the NAT configuration

When we try to access the webserver from inside our network:

We have tried first with only the inside-out rule but we still got the login window to the router.

Then we added a outside-in rule, but it didn't have any effect.

When we try to access the webserver from outside our local network, we get the following error:

Error

The requested URL could not be retrieved

When trying to retreive the url xxxxx

The following error was encountered:

Connection to Failed

The system returned:

(111) Connection refused

We use CCProfessional in combination with CCExpress to setup the router. Screendumps attached.

Hope somebody can help us out!

Cheers,

Cyberhus Staff

Building configuration...

Current configuration : 5840 bytes

!

! Last configuration change at 21:05:39 PCTime Thu Mar 24 2011 by admin

! NVRAM config last updated at 21:09:39 PCTime Thu Mar 24 2011 by admin

!

version 15.0

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname router

!

boot-start-marker

boot-end-marker

!

logging buffered 51200

logging console critical

enable secret 5 $1$kW.9$.5.LuIPyN5W4IhNoZMaEt1

!

no aaa new-model

memory-size iomem 10

clock timezone PCTime 1

clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00

!

no ip source-route

!

!

ip dhcp excluded-address 192.168.0.1 192.168.0.99

!

ip dhcp pool ccp-pool1

   import all

   network 192.168.0.0 255.255.255.0

   dns-server 8.8.8.8 8.8.4.4

   default-router 192.168.0.1

!

ip dhcp pool Printer

   host 192.168.0.111 255.255.255.0

   hardware-address 0015.9960.1184

!

ip dhcp pool Filserver

   host 192.168.0.156 255.255.255.0

   hardware-address 0021.85c8.4033

!

!

ip cef

no ip bootp server

ip name-server 8.8.8.8

ip name-server 8.8.4.4

!

!

license udi pid CISCO861W-GN-E-K9 sn FCZ15049974

!

!

username admin privilege 15 secret 5 $1$CPlD$FRJAbIQxPNp55I3Odhx8w/

!

!

ip tcp synwait-time 10

ip ssh time-out 60

ip ssh authentication-retries 2

!

!

!

!

!

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

description $ETH-WAN$

ip address 93.160.121.146 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface wlan-ap0

description Service module interface to manage the embedded AP

ip unnumbered Vlan1

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

arp timeout 0

!

interface Wlan-GigabitEthernet0

description Internal switch interface connecting to the embedded AP

!

interface Vlan1

description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$

ip address 192.168.0.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source list 1 interface FastEthernet4 overload

ip nat inside source static tcp 192.168.0.156 80 93.160.121.146 80 extendable

ip nat outside source static tcp 93.160.121.146 80 192.168.0.156 80 extendable

ip route 0.0.0.0 0.0.0.0 93.160.121.145

!

logging trap debugging

access-list 1 remark INSIDE_IF=Vlan1

access-list 1 remark CCP_ACL Category=2

access-list 1 permit 192.168.0.0 0.0.0.255

no cdp run

!

control-plane

!

banner exec ^C

% Password expiration warning.

-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device

and it provides the default username "cisco" for  one-time use. If you have

already used the username "cisco" to login to the router and your IOS image

supports the "one-time" user option, then this username has already expired.

You will not be able to login to the router with this username after you exit

this session.

It is strongly suggested that you create a new username with a privilege level

of 15 using the following command.

username privilege 15 secret 0

Replace and with the username and password you

want to use.

-----------------------------------------------------------------------

^C

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

login local

no modem enable

transport output telnet

line aux 0

login local

transport output telnet

line 2

no activation-character

no exec

transport preferred none

transport input all

line vty 0 4

privilege level 15

login local

transport input telnet ssh

!

scheduler max-task-time 5000

scheduler allocate 4000 1000

scheduler interval 500

end

Hi Alain,

we have deleted the outside statement - still we get the login-window to "level_15" or view_access. The web server is up and running and can be accessed locally on the IP-address. We have not rebooted the router.

new running config:

Building configuration...

Current configuration : 5761 bytes
!
! Last configuration change at 22:19:36 PCTime Thu Mar 24 2011 by admin
! NVRAM config last updated at 22:19:37 PCTime Thu Mar 24 2011 by admin
!
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$kW.9$.5.LuIPyN5W4IhNoZMaEt1
!
no aaa new-model
memory-size iomem 10
clock timezone PCTime 1
clock summer-time PCTime date Mar 30 2003 2:00 Oct 26 2003 3:00
!

!
ip dhcp excluded-address 192.168.0.1 192.168.0.99
!
ip dhcp pool ccp-pool1
   import all
   network 192.168.0.0 255.255.255.0
   dns-server 8.8.8.8 8.8.4.4
   default-router 192.168.0.1
!
ip dhcp pool Printer
   host 192.168.0.111 255.255.255.0
   hardware-address 0015.9960.1184
!
ip dhcp pool Filserver
   host 192.168.0.156 255.255.255.0
   hardware-address 0021.85c8.4033
!
!
ip cef
no ip bootp server
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
!
license udi pid CISCO861W-GN-E-K9 sn FCZ15049974
!
!
username admin privilege 15 secret 5 $1$CPlD$FRJAbIQxPNp55I3Odhx8w/
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ETH-WAN$
ip address 93.160.121.146 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.0.156 80 93.160.121.146 80 extendable
ip route 0.0.0.0 0.0.0.0 93.160.121.145
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.0.0 0.0.0.255
no cdp run

!
control-plane
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username privilege 15 secret 0

Replace and with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end

Hi,

To which address and from where are you trying to connect?

I've just tried from my computer and it works( Ubuntu rocks).

Regards.

Alain

Hi Alain,

now it works from outside for us as well! Don't know what went wrong in the first case.

So now we only need to be able to see the webserver from inside our local network - here we still get the login window.

Thanks for your help until now,

Benjamin

So now we only need to be able to see the webserver from inside our local network

Just use the internal IP of your Apache server then.

Regards.

Alain.

Using the LAN ip of our web server is not optimal: If a script on the server refers back to another script on the server, things fails.

So we have to be able to access the server by domain name from LAN.

We could set up the DNS locally on the server and the workstations. However I think this is a kind of 'dirty' way to fix the problem.

Hi,

Using the LAN ip of our web server is not optimal: If a script on the 
server refers back to another script on the server, things fails.

Can you explain why?

So we have to be able to access the server by domain name from LAN.

Maybe youcould use 2 DNS Servers, one for internal users and the other for external?

Regards.

Alain.

Things fails because:

1. We can not access our web server from lan by domain name.

2. Our webserver is situated on lan.

So: Our web server cant refer to itself by domain name.

Ex:

script1.php:

script2.php:

When script1.php attempts to call script2.php, it fails.