Re: HTTPS web publish in cisco router

errrro · ‎05-14-2018

Hi,

I want to forward HTTPS for this address 77.77.0.2 in cisco router in order when I type https://my public address from outside the router redirect me to 77.77.0.2.

This is my router config:

#show running-config
Building configuration...

Current configuration : 2682 bytes
!
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname test
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
enable password ****
!
no aaa new-model
!
!
!
!
!
!

!
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 172.77.0.1
ip dhcp excluded-address 172.77.0.2
!
ip dhcp pool test
network 192.168.1.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.1.1
lease 0 1
!
ip dhcp pool vlan2
network 172.77.0.0 255.255.0.0
default-router 172.77.0.2
dns-server 8.8.8.8
!
!
!
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
no ip address
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface FastEthernet0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
switchport access vlan 2
no ip address
!
interface GigabitEthernet5
no ip address
!
interface GigabitEthernet6
no ip address
!
interface GigabitEthernet7
no ip address
!
interface GigabitEthernet8
ip address 172.0.0.2 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0 secondary
ip address (my pblic ip) 255.255.255.252
ip nat inside
ip virtual-reassembly in
!
interface Vlan2
ip address 192.168.2.1 255.255.255.0 secondary
ip address 172.77.0.1 255.255.0.0
ip nat inside
ip virtual-reassembly in
!
interface Async3
no ip address
encapsulation slip
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface Vlan1 overload
ip nat inside source list 2 interface Vlan1 overload
ip route 0.0.0.0 0.0.0.0 172.0.0.1
!
!
snmp-server community te RO
snmp-server enable traps tty
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 172.77.0.0 0.0.255.255
access-list 2 permit 192.168.2.0 0.0.0.255
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
line con 0
password ****
login
no modem enable
line aux 0
line 3
modem InOut
speed 115200
flowcontrol hardware
line vty 0 4
password ****
login
transport input all
!
scheduler allocate 20000 1000
!
end

Georg Pauwen · ‎05-14-2018

Hello,

add:

ip nat inside source static tcp 77.77.0.2 443 172.0.0.2 443 extendable

That said, where in your network is 77.77.0.2 ?

paul driver · ‎05-14-2018

Hello

Can you confirm if what you want is to be able to access your internal web server via its public ip address from hosts inside your local network?

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

errrro · ‎05-14-2018

Hello,
yes exactly that's what I need.

Georg Pauwen · ‎05-15-2018

Hello,

is the filled in blank (in bold) your public IP ?

nterface Vlan1
ip address 192.168.1.1 255.255.255.0 secondary
ip address 77.77.0.1 255.255.255.252
ip nat inside
ip virtual-reassembly in

What happens in your current setup when you ping 77.77.0.2 from a host in your 192.168.1.0/24 or 192.168.2.0/24 network ?

errrro · ‎05-15-2018

hi,

77.77.0.2 it's not my public ip, it's the gateway for wifi.

77.77.0.2 ping 192.168.1.0/24 and 192.168.2.0/24.

77.77.0.0/16: wifi

192.168.1.0/24: adminsitration

Georg Pauwen · ‎05-15-2018

I am lost. In your original post you say:

I want to forward HTTPS for this address 77.77.0.2 in cisco router in order when I type https://my public address from outside the router redirect me to 77.77.0.2.

So 77.77.0.2 is your WiFi gateway IP address ? And it is not a public IP address ?

Maybe you can post a schematic drawing of your setup, and indicate what you are trying to accomplish...

errrro · ‎05-15-2018

I want to be able to access to internal server (https://77.77.0.2) via my public ip address from hosts outside my local network.

paul driver · ‎05-15-2018

Hello

Okay due to nat order of operation on domain-based nat ( ip nat inside/outside) translation is performed differently for nat inside and nat outside this is why I guess it would fail using your current configuration.

Inside Nat = performs a rib look up before translation

Outside Nat = performs translation before rib lookup

NVI nat ( domain-less) performs two lookups before and after translation and in this case should work in providing you being able to reach your internal web server via is public address from your internal clients

try this:

interface GigabitEthernet8
no ip nat outside
ip nat enable

interface Vlan1
ip address 192.168.1.1 255.255.255.0
no ip address (my pblic ip) 255.255.255.252
no ip nat inside
ip nat enable

interface Vlan2
no ip nat inside
ip nat enable

no ip nat inside source list 1 interface vlan1 overload
no ip nat inside source list 2 interface vlan2 overload

ip nat source list 1 interface GigabitEthernet8 overload
ip nat source list 2 interface GigabitEthernet8 overload
ip nat source static tcp 77.77.0.2 443 77.77.0.2 443 extendable

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul