cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2257
Views
5
Helpful
9
Replies

My Server behind a 887VA stops to working

RostislavVlaev
Level 1
Level 1

Good afternoon

We have a 887VA and a dns/web/mail/ftp server behind (below address 192.168.99.100).

first problem

I forwarded the necessary ports to the server address, but now the domain became invisible and all the above servers stops to respond.

second problem

whenconfiguring a fixed ip addres on a PC with GW and DNS server the 887VA address no internet connection possible, but when put instead the route address in the dns the ISP dns address internet comes back.

third

can you help me to put this server on DMZ, so all services will be available from the outside?

forth

how to connect the route remotely (with putty)

sorry to be so high demanding but this site is my only hope to scceed one day to manage this "balck" box succssessfuly

Thanks a lot in advance

Help please.

Below the running conf

! No configuration change since last restart

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname ADSL01

!

boot-start-marker

boot-end-marker

!

!

enable password XXXXXXXXXXXX

no aaa new-model

!

memory-size iomem 10

crypto pki token default removal timeout 0

!

!

ip source-route

!

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.99.99

ip dhcp excluded-address 192.168.99.1 192.168.99.200

ip dhcp excluded-address 192.168.98.99

!

ip dhcp pool ccp-pool1

network 192.168.99.0 255.255.255.0

default-router 192.168.99.99

domain-name 192.168.99.99

dns-server 212.217.0.1

!

!

ip cef

ip name-server 192.168.99.99

no ipv6 cef

!

!

multilink bundle-name authenticated

license udi pid CISCO887VA-SEC-K9 sn FCZ1641C34N

!

!

username XXXXXXX password 0 XXXXXXXXXXX

!

!

!

controller VDSL 0

!

!

!

!

!

!

!

!

interface Ethernet0

no ip address

shutdown

no fair-queue

!

interface ATM0

description --- ADSL connection to Internet ---$ES_WAN$

no ip address

load-interval 30

no atm ilmi-keepalive

pvc 8/35

pppoe-client dial-pool-number 1

!

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface Vlan1

ip address 192.168.99.99 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

interface Dialer0

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly in

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

ppp authentication chap callin

ppp chap hostname XXXXXXXXXXXX

ppp chap password 0 XXXXXXXXXXXXX

ppp ipcp dns request

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

ip nat inside source list 101 interface Dialer0 overload

ip nat inside source static tcp 192.168.99.100 80 interface Dialer0 80

ip nat inside source static tcp 192.168.99.100 53 interface Dialer0 53

ip nat inside source static tcp 192.168.99.100 21 interface Dialer0 21

ip nat inside source static tcp 192.168.99.100 25 interface Dialer0 25

ip nat inside source static tcp 192.168.99.100 110 interface Dialer0 110

ip nat inside source static udp 192.168.99.100 53 interface Dialer0 53

ip route 0.0.0.0 0.0.0.0 Dialer0

!

access-list 101 permit ip 192.168.99.0 0.0.0.255 any

dialer-list 1 protocol ip permit

!

!

!

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

password XXXXXXXXX

login

transport input all

!

end

1 Accepted Solution

Accepted Solutions

Hi,

for the DNS problem I had already told you that if you look at my previous answer.

Don't forget that people helping here have also a working life as well as a private life outside of CSC so it may take

some time for them to reply.

For the server part:

1) is it listening on these ports? ---> netstat

2) is there a software firewall or a hardware firewall that could prevent access to these services?

3) can you access these services from inside ?

4) Is there a default gateway configured on this server ?

5) is there a translation when accessing from outside --< sh ip nat tra | i  192.168.99.100

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

9 Replies 9

RostislavVlaev
Level 1
Level 1

Sorry i forget.

As you'll see below there are 3 lines of ip dhcp exclude.....

I typed them by error twice and don't know how to delete the unnecessary lines from the config

if you can help thanks in advance

Hi,

1) your port forwarding config is correct, what do you mean by the domain is invisible?

2) if you want your router to be a proxy dns which i don't recommend as there are some flaws with the dns implementation on the cisco devices( they are routers not pure dns servers) then do this:

enable

config t

no ip name-server 192.168.99.99

ip name-server 212.217.0.1

ip dns server

3)  you would have to put it on a different subnet so on another VLAN to have a DMZ and configure IOS firewall feature for security

4) I suggest  you configure ssh:http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

First of all thank you for the response

BTW where is the button to rate the posts? I've searching but didn't find any.

back on my pain

I think that I didn't defined well my problem.

First

We have a server (not domain controller, we have workgroup only) which runs DNS, mail, web and ftp servers.

With the old modem I've redirected the related ports to this address where my serevr box is 192.168.99.100

In addition I've defined passtrough for same ports between public/privat and these servers worked fine, visible from the internet and usable as well.

When now i put same server on the 887, and perform an nslookup i don't receive any response from my dns server, nether i cvan connect the mai/web/ftp servers, even when i use the fixed outside ip which we have. There is no response, nada!

Second

I think It's better to give a sample before-after of the network card configuration on my PC

                                   BEFORE 887VA               AFTER887VA

ip                    192.168.99.3                      192.168.99.3

mask               255.255.255.0                    255.255.255.0

gw                   192.168.99.99                    192.168.99.99

dns                  192.168.99.99                    192.168.99.99

                        (here all worked fine           NO INTERNET

                         I had internet etc)               212.217.0.1  (ISP dns server)

                                                                    (i have internet, but I sill can't have a response from my dns/mail/web servers)

Third

I knew that i have to put it on different vlan, but can you help me to configure it as well as the acces rights. I don't want to change the server address which is 192.168.99.100. Your help with a configuration how to define a DMZ will be very highly appreciated

Thanks for the forth I'll study this

Thanks again and best regards

Well,

as the waiting for help was too long, i've helped myself.

The lines below are for people like me who have to fight the 887va blackbox alone.

To fix the second of my prblems I had simplt to start a dsn server on the 887va

2 commands

     ip dns server

     ip domain lookup

and it worked.

Altough my web server running on a win 2008 R2 mashine behind the 887VA still doesn't respond.

Someone any idea?

Thanks

Hi,

for the DNS problem I had already told you that if you look at my previous answer.

Don't forget that people helping here have also a working life as well as a private life outside of CSC so it may take

some time for them to reply.

For the server part:

1) is it listening on these ports? ---> netstat

2) is there a software firewall or a hardware firewall that could prevent access to these services?

3) can you access these services from inside ?

4) Is there a default gateway configured on this server ?

5) is there a translation when accessing from outside --< sh ip nat tra | i  192.168.99.100

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi,

Than ks for the help.

I discover that in reallity I didn't detect my problem at all. I mean I have not any problem with the server mashine neither with the running servers on it, but only when I access them from outside. I mean, when I'm home I can see the website, the mail server etc., but when I'm in office on a PC connected to the vlan and i try to connect one of these server I'm unable.

I don't know how to fix this. Can you advise? Thanks a lot for your time.

BTW I have NOD32 Internet Security with firewall on my inside PC, but even when i disable it the result is the same.

As on the server mashine is a DNS server running, the default dns on the server's mashine NIC point to the mashine IP itself and the gateway is the vlan's ip

There is a translation when accessing from outside (I saw the local dns server connected to an outside ip address) Apologize I use the telnet and I don't know how to save the screen on a text file.

All these servers works from about 5 years behind a 3com modem w/o any problems.

Thanks for your patience

Hi,

let me try to understand:

your server is located at your home, right? and you can access the services from your LAN using it private address, right? but you can't access it from a remote subnet when you type the public IP, right?You say in this case there is a NAT translation, can you copy paste output of your router output for following command: sh ip nat translation |  i x.x.x.x where x.x.x.x is your private address of the server.

if you ping an outside address like 8.8.8.8 from your server, have you got a success?

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Thanks again for helping me.

No the server is in my office. I check the different service servers responses from my office computer (inside, connected to the vlan) and my home (outside).

The server mashine pings w/o any problem 8.8.8.8 the dns works and responds to nslookup from inside (my office) and from outside (my home), resolving the domain name and ip (direct and reverse).

It responds of the website addres from outside (trying http://www.xxxxxxxx from home), but when trying to connect the website from an office computer (inside, vlan) it didn't aswer and explorer gives an error (from the server mashine and from ther conected to this router computer).

It receives emails from outside on mymail@mycompany.com, but its impossible from inside (office computer) as well from outside (my home) to send or receive emails via outlook.

The same mail server has a webmail acces. Tested from my home - works, tested from the company comuter didn't.

we have 2 adsl lines with 2 887va. when using an office pc connected to the second modem and trying to connect to the second (deserving the web or mail servers) it works.

I'm sorry it sure that I look as a fool, but all not working services was before perfect with an 3com adsl. So ther is I'm sure something little that I've didn't specify on the cisco.

So any idea it be wellcome.

BTW I'm using telnet to connect to the router and I don't know how to copy (or redirect to file) the result of sh ip nat.....

Thanks again

Hi,

if it's responding from outside then everything is ok. Just access it via private IP when you're in your LAN and it will work.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.