12-01-2010 02:28 PM - edited 03-04-2019 10:39 AM
Hello,
I have a WEB server running locally , and this work well.
Now I would like to see it from external , but it seams not to work and I do no know what I do wrong.
Here bellow some part of the configuration and the IP NAT TRANSLATION :
ROUTER1841#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
udp 81.164.201.195:1 192.168.1.251:123 66.27.60.10:123 66.27.60.10:123
udp 81.164.201.195:123 192.168.10.50:123 17.72.255.12:123 17.72.255.12:123
tcp 81.164.201.195:49778 192.168.10.50:49778 72.163.5.80:443 72.163.5.80:443
tcp 81.164.201.195:8099 192.168.10.3:80 --- ---
ROUTER1841#
I can PING the OUTSIDE 81.164.201.195 , but I can not see the WEB page
I have tried different port in case my ISP block some ports , I even try a LINKSYS WRT54GL , where I open the port 8099 and this one was working , so I am sure I do something wrong.
no ip http server
ip http authentication local
ip http secure-server
ip dns server
ip nat inside source list 101 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.10.3 80 81.164.201.195 8099 extendable
!
access-list 101 permit ip 192.168.10.0 0.0.0.255 any
access-list 101 permit ip 192.168.20.0 0.0.0.255 any
access-list 101 permit ip 192.168.30.0 0.0.0.255 any
access-list 101 permit ip 192.168.100.0 0.0.0.255 any
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
no cdp run
!
!
Best Regards,
Didier
Solved! Go to Solution.
12-02-2010 12:20 AM
Hi,
First clear dynamic entries in NAT table with clear ip nat translation * command
Then do a show ip nat translation command to see if indeed your static nat is in the table
Then do a debug ip nat and try to access this webserver so you can see if the nat is used indeed.
Regards.
12-02-2010 02:32 AM
Hi Didier,
Your config is runing.
and i think you must change your web panel password .
.
12-02-2010 05:52 AM
Hi,
No you can't do this:
Maybe , I can not test from INSIDE to BACK to the ROUTER INSIDE ?
Regards.
12-01-2010 03:35 PM
Can you post your interfaces config? Both inside one and outside one.
12-01-2010 11:03 PM
Hello Marcin,
Here You have the FULL CONFIG
MAYBE A IMPORTANT INFORMATION :
From OUTSIDE I am able to access the CISCO 1841 ROUTER on PORT 8096 via :
ssh://admin@cisco1841.dyndns.info:8096
This mean that my provider does not lock-out this port.
But this does not work:
http://admin@cisco1841.dyndns.info:8099//admin@cisco1841.dyndns.info:8099
Here bellow I put the IP instead of the name , both are still equal (I DO NOT KNOW YET HOW TO CHANGE THE IP TO admin@cisco1841.dyndns.info:8099
ip nat inside source static tcp 192.168.10.3 80 81.164.201.195 8099 extendable
Thank You in advance for your help
NOTE : The script in complete , I have just remove some part of the PASSWORD.
Best Regards,
Didier
!
! Last configuration change at 23:01:37 gmt+1 Wed Dec 1 2010 by admin
! NVRAM config last updated at 22:59:46 gmt+1 Wed Dec 1 2010 by admin
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ROUTER1841
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable password 7 050
!
aaa new-model
!
!
aaa authentication banner
THIS SYSTEM IS SOLELY FOR USE OF AUTHORISED USERS FOR OFFICIAL PURPOSES
!
!
aaa session-id common
clock timezone gmt+1 1
clock summer-time gmt+2 recurring last Sun Mar 2:00 last Sun Oct 3:00
dot11 syslog
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.10.1
ip dhcp excluded-address 192.168.20.1
ip dhcp excluded-address 192.168.30.1
ip dhcp excluded-address 192.168.100.1
ip dhcp excluded-address 192.168.1.250 192.168.1.254
!
ip dhcp pool vlan10
import all
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 8.8.8.8
lease 5
!
ip dhcp pool vlan20
import all
network 192.168.20.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.20.1
lease 5
!
ip dhcp pool vlan30
import all
network 192.168.30.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.30.1
!
ip dhcp pool FIX-IP
host 192.168.100.66 255.255.255.0
client-identifier 0100.089b.ad17.8f
client-name FIX-IP
!
ip dhcp pool TEST
host 192.168.100.20 255.255.255.0
client-identifier 0100.2241.353f.5e
!
ip dhcp pool internal
network 192.168.100.0 255.255.255.0
dns-server 192.168.100.1
default-router 192.168.100.1
!
ip dhcp pool vlan1
network 192.168.1.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.1.1
lease 5
!
ip dhcp pool MAC
host 192.168.10.50 255.255.255.0
client-identifier 0100.2312.1c0a.39
!
ip dhcp pool PRINTER
host 192.168.10.20 255.255.255.0
client-identifier 0100.242b.4d0c.5a
!
ip dhcp pool WAP610N
host 192.168.10.100 255.255.255.0
client-identifier 0100.259c.8fad.4c
!
!
no ip bootp server
ip domain name dri
ip host SW12 192.168.1.252
ip host SW24 192.168.1.251
ip ddns update method DynDNS
HTTP
add http://dri66:@members.dyndns.org/nic/update?system=dyndns&hostname=cisco1841.dyndns.info&myip=
interval maximum 1 0 0 0
interval minimum 1 0 0 0
!
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-2996
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-29967
revocation-check none
rsakeypair TP-self-signed-29967
!
!
username Admin privilege 15 secret 5 $1$gAFQ
archive
log config
hidekeys
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh port 8096 rotary 1
ip ssh version 2
!
!
!
interface FastEthernet0/0
description DMZ
ip ddns update hostname cisco1841.dyndns.info
ip ddns update DynDNS
ip address dhcp
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description INTERNAL$ETH-LAN$
ip address 192.168.100.1 255.255.255.0
no ip proxy-arp
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/0/0
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet0/0/1
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/0/2
switchport access vlan 30
spanning-tree portfast
!
interface FastEthernet0/0/3
switchport mode trunk
!
interface Vlan1
ip address 192.168.1.250 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan10
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan20
ip address 192.168.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan30
ip address 192.168.30.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
!
!
no ip http server
ip http authentication local
ip http secure-server
ip dns server
ip nat inside source list 101 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.10.3 80 81.164.201.195 8099 extendable
!
access-list 101 permit ip 192.168.10.0 0.0.0.255 any
access-list 101 permit ip 192.168.20.0 0.0.0.255 any
access-list 101 permit ip 192.168.30.0 0.0.0.255 any
access-list 101 permit ip 192.168.100.0 0.0.0.255 any
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
no cdp run
!
!
!
control-plane
!
!
banner exec
WELCOME YOU ARE NOW LOGED IN
banner login
WARNING !!!
IF YOU ARE NOT :
Didier Ribbens
Please Leave NOW !!!
YOUR IP and MAC address will be LOGGED !!!
!
line con 0
speed 115200
line aux 0
line vty 0 4
access-class 5 in
privilege level 15
rotary 1
transport input telnet ssh
line vty 5 15
access-class 5 in
rotary 1
!
scheduler allocate 20000 1000
ntp clock-period 17178401
ntp server 66.27.60.10
end
12-02-2010 12:20 AM
Hi,
First clear dynamic entries in NAT table with clear ip nat translation * command
Then do a show ip nat translation command to see if indeed your static nat is in the table
Then do a debug ip nat and try to access this webserver so you can see if the nat is used indeed.
Regards.
12-02-2010 02:32 AM
Hi Didier,
Your config is runing.
and i think you must change your web panel password .
.
12-02-2010 05:47 AM
Hello,
Really strange , I did not change anything , and YES it works .
I have to tell , now I test it abroad and it works , I am curious if it will work when I am back home ?
Maybe , I can not test from INSIDE to BACK to the ROUTER INSIDE ?
If this is the case I will try to login with a other connection at home , my provider give me 4 IP's so I have still 3 others that I can use before the cisco router.
I will keep you informed , in the mean time thank you for the info.
Any idea how I can replace the IP with the URL ADDRESS ?
Best Regards,
Didier
12-02-2010 05:52 AM
Hi,
No you can't do this:
Maybe , I can not test from INSIDE to BACK to the ROUTER INSIDE ?
Regards.
12-02-2010 11:40 PM
Thank You All for your great help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide