11-02-2012 10:40 AM - edited 03-04-2019 06:02 PM
Good afternoon
We have a 887VA and a dns/web/mail/ftp server behind (below address 192.168.99.100).
first problem
I forwarded the necessary ports to the server address, but now the domain became invisible and all the above servers stops to respond.
second problem
whenconfiguring a fixed ip addres on a PC with GW and DNS server the 887VA address no internet connection possible, but when put instead the route address in the dns the ISP dns address internet comes back.
third
can you help me to put this server on DMZ, so all services will be available from the outside?
forth
how to connect the route remotely (with putty)
sorry to be so high demanding but this site is my only hope to scceed one day to manage this "balck" box succssessfuly
Thanks a lot in advance
Help please.
Below the running conf
! No configuration change since last restart
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ADSL01
!
boot-start-marker
boot-end-marker
!
!
enable password XXXXXXXXXXXX
no aaa new-model
!
memory-size iomem 10
crypto pki token default removal timeout 0
!
!
ip source-route
!
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.99.99
ip dhcp excluded-address 192.168.99.1 192.168.99.200
ip dhcp excluded-address 192.168.98.99
!
ip dhcp pool ccp-pool1
network 192.168.99.0 255.255.255.0
default-router 192.168.99.99
domain-name 192.168.99.99
dns-server 212.217.0.1
!
!
ip cef
ip name-server 192.168.99.99
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO887VA-SEC-K9 sn FCZ1641C34N
!
!
username XXXXXXX password 0 XXXXXXXXXXX
!
!
!
controller VDSL 0
!
!
!
!
!
!
!
!
interface Ethernet0
no ip address
shutdown
no fair-queue
!
interface ATM0
description --- ADSL connection to Internet ---$ES_WAN$
no ip address
load-interval 30
no atm ilmi-keepalive
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Vlan1
ip address 192.168.99.99 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer0
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
ppp authentication chap callin
ppp chap hostname XXXXXXXXXXXX
ppp chap password 0 XXXXXXXXXXXXX
ppp ipcp dns request
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 101 interface Dialer0 overload
ip nat inside source static tcp 192.168.99.100 80 interface Dialer0 80
ip nat inside source static tcp 192.168.99.100 53 interface Dialer0 53
ip nat inside source static tcp 192.168.99.100 21 interface Dialer0 21
ip nat inside source static tcp 192.168.99.100 25 interface Dialer0 25
ip nat inside source static tcp 192.168.99.100 110 interface Dialer0 110
ip nat inside source static udp 192.168.99.100 53 interface Dialer0 53
ip route 0.0.0.0 0.0.0.0 Dialer0
!
access-list 101 permit ip 192.168.99.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password XXXXXXXXX
login
transport input all
!
end
Solved! Go to Solution.
11-05-2012 12:06 AM
Hi,
for the DNS problem I had already told you that if you look at my previous answer.
Don't forget that people helping here have also a working life as well as a private life outside of CSC so it may take
some time for them to reply.
For the server part:
1) is it listening on these ports? ---> netstat
2) is there a software firewall or a hardware firewall that could prevent access to these services?
3) can you access these services from inside ?
4) Is there a default gateway configured on this server ?
5) is there a translation when accessing from outside --< sh ip nat tra | i 192.168.99.100
Regards.
Alain
Don't forget to rate helpful posts.
11-02-2012 10:44 AM
Sorry i forget.
As you'll see below there are 3 lines of ip dhcp exclude.....
I typed them by error twice and don't know how to delete the unnecessary lines from the config
if you can help thanks in advance
11-02-2012 11:18 AM
Hi,
1) your port forwarding config is correct, what do you mean by the domain is invisible?
2) if you want your router to be a proxy dns which i don't recommend as there are some flaws with the dns implementation on the cisco devices( they are routers not pure dns servers) then do this:
enable
config t
no ip name-server 192.168.99.99
ip name-server 212.217.0.1
ip dns server
3) you would have to put it on a different subnet so on another VLAN to have a DMZ and configure IOS firewall feature for security
4) I suggest you configure ssh:http://www.cisco.com/en/US/tech/tk583/tk617/technologies_tech_note09186a00800949e2.shtml
Regards.
Alain
Don't forget to rate helpful posts.
11-02-2012 11:54 AM
First of all thank you for the response
BTW where is the button to rate the posts? I've searching but didn't find any.
back on my pain
I think that I didn't defined well my problem.
First
We have a server (not domain controller, we have workgroup only) which runs DNS, mail, web and ftp servers.
With the old modem I've redirected the related ports to this address where my serevr box is 192.168.99.100
In addition I've defined passtrough for same ports between public/privat and these servers worked fine, visible from the internet and usable as well.
When now i put same server on the 887, and perform an nslookup i don't receive any response from my dns server, nether i cvan connect the mai/web/ftp servers, even when i use the fixed outside ip which we have. There is no response, nada!
Second
I think It's better to give a sample before-after of the network card configuration on my PC
BEFORE 887VA AFTER887VA
ip 192.168.99.3 192.168.99.3
mask 255.255.255.0 255.255.255.0
gw 192.168.99.99 192.168.99.99
dns 192.168.99.99 192.168.99.99
(here all worked fine NO INTERNET
I had internet etc) 212.217.0.1 (ISP dns server)
(i have internet, but I sill can't have a response from my dns/mail/web servers)
Third
I knew that i have to put it on different vlan, but can you help me to configure it as well as the acces rights. I don't want to change the server address which is 192.168.99.100. Your help with a configuration how to define a DMZ will be very highly appreciated
Thanks for the forth I'll study this
Thanks again and best regards
11-04-2012 09:15 AM
Well,
as the waiting for help was too long, i've helped myself.
The lines below are for people like me who have to fight the 887va blackbox alone.
To fix the second of my prblems I had simplt to start a dsn server on the 887va
2 commands
ip dns server
ip domain lookup
and it worked.
Altough my web server running on a win 2008 R2 mashine behind the 887VA still doesn't respond.
Someone any idea?
Thanks
11-05-2012 12:06 AM
Hi,
for the DNS problem I had already told you that if you look at my previous answer.
Don't forget that people helping here have also a working life as well as a private life outside of CSC so it may take
some time for them to reply.
For the server part:
1) is it listening on these ports? ---> netstat
2) is there a software firewall or a hardware firewall that could prevent access to these services?
3) can you access these services from inside ?
4) Is there a default gateway configured on this server ?
5) is there a translation when accessing from outside --< sh ip nat tra | i 192.168.99.100
Regards.
Alain
Don't forget to rate helpful posts.
11-06-2012 07:19 AM
Hi,
Than ks for the help.
I discover that in reallity I didn't detect my problem at all. I mean I have not any problem with the server mashine neither with the running servers on it, but only when I access them from outside. I mean, when I'm home I can see the website, the mail server etc., but when I'm in office on a PC connected to the vlan and i try to connect one of these server I'm unable.
I don't know how to fix this. Can you advise? Thanks a lot for your time.
BTW I have NOD32 Internet Security with firewall on my inside PC, but even when i disable it the result is the same.
As on the server mashine is a DNS server running, the default dns on the server's mashine NIC point to the mashine IP itself and the gateway is the vlan's ip
There is a translation when accessing from outside (I saw the local dns server connected to an outside ip address) Apologize I use the telnet and I don't know how to save the screen on a text file.
All these servers works from about 5 years behind a 3com modem w/o any problems.
Thanks for your patience
11-06-2012 07:47 AM
Hi,
let me try to understand:
your server is located at your home, right? and you can access the services from your LAN using it private address, right? but you can't access it from a remote subnet when you type the public IP, right?You say in this case there is a NAT translation, can you copy paste output of your router output for following command: sh ip nat translation | i x.x.x.x where x.x.x.x is your private address of the server.
if you ping an outside address like 8.8.8.8 from your server, have you got a success?
Regards.
Alain
Don't forget to rate helpful posts.
11-06-2012 12:07 PM
Thanks again for helping me.
No the server is in my office. I check the different service servers responses from my office computer (inside, connected to the vlan) and my home (outside).
The server mashine pings w/o any problem 8.8.8.8 the dns works and responds to nslookup from inside (my office) and from outside (my home), resolving the domain name and ip (direct and reverse).
It responds of the website addres from outside (trying http://www.xxxxxxxx from home), but when trying to connect the website from an office computer (inside, vlan) it didn't aswer and explorer gives an error (from the server mashine and from ther conected to this router computer).
It receives emails from outside on mymail@mycompany.com, but its impossible from inside (office computer) as well from outside (my home) to send or receive emails via outlook.
The same mail server has a webmail acces. Tested from my home - works, tested from the company comuter didn't.
we have 2 adsl lines with 2 887va. when using an office pc connected to the second modem and trying to connect to the second (deserving the web or mail servers) it works.
I'm sorry it sure that I look as a fool, but all not working services was before perfect with an 3com adsl. So ther is I'm sure something little that I've didn't specify on the cisco.
So any idea it be wellcome.
BTW I'm using telnet to connect to the router and I don't know how to copy (or redirect to file) the result of sh ip nat.....
Thanks again
11-07-2012 02:01 AM
Hi,
if it's responding from outside then everything is ok. Just access it via private IP when you're in your LAN and it will work.
Regards.
Alain
Don't forget to rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide