cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
845
Views
0
Helpful
4
Replies

ISR 1921 Port Forwarding issue

JUNHOLEE95720
Beginner
Beginner

Hello.

We have configured port forwarding and it works fine.


1. Port forwarding from the external Internet to the internal server, OK
2. Port forwarding from the external Internet to the domain address of the internal server, OK
3. Access to the internal server from the internal Internet, OK
4. Inaccessible to the domain address of the internal server from the internal Internet

 

That is, the current problem is number 4.
There seems to be a command to put something in the router, but I do not know what it is.

Thanks

 

router#show running-config 

Building configuration...

 

Current configuration : 4198 bytes

!

! Last configuration change at 01:27:33 UTC Mon Sep 14 2020 by cisco

!

version 15.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname router

!

boot-start-marker

boot-end-marker

!

!

logging buffered 51200 warnings

!

no aaa new-model

!

!

!

!

!         

!

!

!

!

!

!

ip dhcp excluded-address 192.168.1.200

ip dhcp excluded-address 192.168.1.201

ip dhcp excluded-address 192.168.1.202

ip dhcp excluded-address 192.168.1.14

ip dhcp excluded-address 192.168.1.99

!

ip dhcp pool DHCP

 network 192.168.1.0 255.255.255.0

 default-router 192.168.1.254 

 dns-server 85.93.5.142 8.8.4.4 

 lease 0 1

!

!

!

ip cef

no ipv6 cef

!         

multilink bundle-name authenticated

!

cts logging verbose

!

crypto pki trustpoint TP-self-signed-1146144679

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-1146144679

 revocation-check none

 rsakeypair TP-self-signed-1146144679

!

!

crypto pki certificate chain TP-self-signed-1146144679

 certificate self-signed 01

  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 

  69666963 6174652D 31313436 31343436 3739301E 170D3136 30393230 30383535 

  32335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31343631 

  34343637 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 

  8100B2CC 4A2B2D60 31B13776 7009B6B4 4A4C08DE 6CAE5554 777C9FED B38EEA4F 

  DC2A4676 5F709759 8B510898 2640F781 FBC92B04 4B08AA91 80DFAC93 0CD615DC 

  9AF73B11 F3DBF04C 5DA2CF53 E0DE5943 2D0462D0 E60FDAA0 0A00B104 6886E5C4 

  C9EBF08A FDD92EFE F9E95EDC 8B1BB295 5FEEE3EB DDC43DC7 05C0F8BB 63C98CF6 

  88670203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 

  551D2304 18301680 14F365BF 293FE4A7 FF8BC359 2D60B9C5 2F0C18B8 B9301D06 

  03551D0E 04160414 F365BF29 3FE4A7FF 8BC3592D 60B9C52F 0C18B8B9 300D0609 

  2A864886 F70D0101 05050003 818100A0 0280932D BBEB37FB BEEF219D E1ED0030 

  39A2E73D A754F040 8F2099B0 3B8DFC6D 7E110F1D E35150BD 4C069382 F57A3681 

  5919CF07 AB19E614 21494430 7B5EABD4 C82DD03F F161C4A1 B10C47A0 3A691667 

  1E280B2E 20CDE150 2C7FD344 39236C18 EE33C1C0 A39C5BF6 A018EFC0 9BA1AFD3 

  EF606476 6F05A484 A6728BA1 BFA2C8

        quit

license udi pid CISCO1921/K9 sn FGL203920YG

!

!

username cisco privilege 15 password 0 cisco

!

redundancy

!

!

!

!

!

!

!         

!

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

 no ip address

 shutdown

!

interface GigabitEthernet0/0

 ip address dhcp

 ip nat outside

 ip virtual-reassembly in

 duplex auto

 speed auto

!

interface GigabitEthernet0/1

 ip address 192.168.1.254 255.255.255.0

 ip nat inside

 ip virtual-reassembly in

 duplex auto

 speed auto

!

ip forward-protocol nd

!

no ip http server

ip http authentication local

no ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source list 1 interface GigabitEthernet0/0 overload

ip nat inside source static tcp 192.168.1.14 21 interface GigabitEthernet0/0 21

ip nat inside source static udp 192.168.1.14 21 interface GigabitEthernet0/0 21

ip nat inside source static tcp 192.168.1.14 20 interface GigabitEthernet0/0 20

ip nat inside source static udp 192.168.1.14 20 interface GigabitEthernet0/0 20

ip nat inside source static tcp 192.168.1.14 3307 interface GigabitEthernet0/0 3307

ip nat inside source static udp 192.168.1.14 3307 interface GigabitEthernet0/0 3307

ip nat inside source static tcp 192.168.1.14 5000 interface GigabitEthernet0/0 80

ip nat inside source static udp 192.168.1.14 5000 interface GigabitEthernet0/0 80

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp

!

!

!

!

control-plane

!

!

!

line con 0

 login local

line aux 0

line 2

 no activation-character

 no exec

 transport preferred none

 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

 stopbits 1

line vty 0 4

 access-class 20 in

 privilege level 15

 login local

 transport input ssh

 transport output all

line vty 5 15

 access-class 20 in

 login

 transport input ssh

!

scheduler allocate 20000 1000

!

end

4 Replies 4

Hello,

 

--> Inaccessible to the domain address of the internal server from the internal Internet

 

Is the domain name of the internal server different for users that are trying to reach it internally than externally ?

Hi,

I am sorry for the late reply.

The domains are the same.

Hello

4. Inaccessible to the domain address of the internal server from the internal Internet

 

you will to hairpin your nat to accomplish this 

the most simplistic way would to use domain less nat instead 

interfacess

up nat enable

no ip nat inside/outside

nat commands

io nat aource xxx

no ip nat inside xxx

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi

If configured like that, is there no problem with the operation of 1, 2, and 3?

The site is far away so you need to check in advance.

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: