09-27-2012 06:30 PM - edited 03-04-2019 05:41 PM
Hello, I'm in need of assistance .
I have a client with a cisco 1841 router with a static public ip. He has 3 dvr's he wanted to acces from the internet and we opened the ports for the dvr's ip's. The issue were having is that only the first ip that we opened shows the port opened and works ok, the other 2 ip with their ports show closed.
Heres the code:
ip nat inside source list 190 interface FastEthernet0/0.1214 overload
ip nat inside source static tcp 10.161.2.141 5445 Public IP 5445 extendable
ip nat inside source static udp 10.161.2.141 5445 Public IP 5445 extendable
ip nat inside source static tcp 10.161.2.141 5446 Public IP 5446 extendable
ip nat inside source static udp 10.161.2.141 5446 Public IP 5446 extendable
ip nat inside source static udp 10.161.2.142 37775 Public IP 37775 extendable
ip nat inside source static tcp 10.161.2.142 37776 Public IP 37776 extendable
ip nat inside source static tcp 10.161.2.140 37777 Public IP 37777 extendable
ip nat inside source static udp 10.161.2.140 37778 Public IP 37778 extendable
ip nat inside source static 10.161.2.1 66.50.152.237
!
tcp 10.161.2.140 37777 Public IP 37777 works ok all others dont, can anyone point me in the right direction here, this simple thing has made a long day for me, and the ISP support is not getting back to us, slow....
I apreciate any help!
-Joseph
Ps. Attached a copy of our config txt some info has bee edited for privacy concers but the commans are there.
09-29-2012 05:48 AM
Hi,
As I already said before telnet is TCP so 3775 TCP is opened as your telnet showed.
So i would stick with the static PAT entry for TCP 3775 and do a sh ip nat translation | i x.x.x.x where x.x.x.x is the IP from where you are telnetting from outside and see if there is a translation slot. This way at least we'll know if the NAT is ok.
if the telnet is still not working but the NAT is ok then I suggest you use RITE feature to sniff traffic on the inside interface
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/ht_rawip.html
use wireshark and save as pcap file and post here.
Also to get sure the listening ports/IP are ok use Nmap to scan for ports on hosts.
Regards.
Alain
Don't forget to rate helpful posts.
09-29-2012 07:11 PM
hi,
did you obtain multiple public IP addresses from the ISP? or are you referring to the same "Public IP" (i.e. WAN IP address) as per your code?
could you try using the 'interface' keyword for your static NAT?
ip nat inside source static tcp 10.161.2.141 5445 interface
09-30-2012 04:03 AM
Just 1 public ip, gonna try the interface renaming. Wil let you know.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide