Thanks but i'm not sure it should be 80 and not 5555. Anyway, i changed it to http/https/80/5555 just to be sure and include all. Now when i try to connect if i type /start.html it doesn't work BUT when i just type fa0/0 ip it says 'It works!'. I guess it's the apache server that replies that. Strange that it says that. It should pop SDM if i only type fa0/0 ip adress.

I'm just geting more confused.

Hi,

As Toshi said above it must be 80, don't forget you are doing static PAT on your router.

It should pop SDM if i only type fa0/0 ip adress

Why? as long as you're hitting the router at tcp port 5555 then it will translate to server at port 80 and when you don't specify the page it should go to index..html.

So your port forwarding is now working .

Regards.

Alain.

No mate, when i input just fa0/0 ip, without a port number, it says 'It works!'

Typing the port number results in an 'cannot display the page' error

Now when i try to connect if i type /start.html it 
doesn't work BUT when i just type fa0/0 ip it says 'It works!'

I see no reference to any port

When it says it works can you do  sh tcp brief on the router as well as sh ip nat transl and post output

Typing the port number results in an 'cannot display the page' error

Which page ? /start.html?  Do you still not see connections on port 80 of server with netstat?

Are you testing from internet or on the LAN?

Regards.

Alain.

I am testing from the internet.

Again, when i type fa0/0:5555/start.html or fa0/0:5555 it doesn't work but i can see the NAT working in my router

When i type just fa0/0 the browser says 'It works!'. I can see NAT working too.

Here is some output:

sh ip nat translations | inc webserver_ip

tcp fa0/0:5555     webserver_ip:80         85.204.149.218:12331  85.204.149.218:12331

tcp fa0/0:5555     webserver_ip:80         150.70.75.31:56259    150.70.75.31:56259

sh tcp brief

TCB            Local Address               Foreign Address                  (state)

45B5D74C         fa0/1.23                  webserver_ip.61087             ESTAB

Maybe i should've said this at the begining, maybe not but i have a policy in my router to drop all torrent trafic. Any idea if this might drop trafic received on port 5555? Maybe this is why i see no connections on server, because all packets are droped?

Hi,

     OKay,We need to check the following things.

1. You want to connect this server via TCP/5555 when you're not in local lan.  URL should be http://fa0/0:5555

2.  Did you enable HTTP server on the router to be accessed via GUI? If yes, you can connect this router via http://fa0/0.  Keep in mind, "show tcp brief" shows connections connecting to the router.

3.  Router does what it has to do for NAT

    tcp fa0/0:5555     :80         92.85.253.180:59626   92.85.253.180:59626

4. Now we are connecting to the webserver via TCP/80  because the router already modified it.

5. Router forwards the packets to ISA. ISA is in between.

6. ISA needs to allow from to webserver_ip:80. We are connecting to webserver via TCP/80.

7. If the packets can pass through ISA, we can now check the connections on the webserver with "netstat -an" command.  Yes, you need to create connections from the internet to generate the packets.

Please get back and let us know how things work out.

Toshi

First i'd like to thank you for all the pacience and for all the help so far.

Ok, on to business.

1. From outside i am trying to connect to http://fa0/0:5555 but it times out. It tryed to load something but fails in the end.

2. From the local lan if i type http://fa0/0 in a browser, SDM GUI pops up. From the internet if i type http://fa0/0 in a browser it says 'It works!'

3. I guess the router does what its suposed to do since i get output with it translating, right?

5. I can't really say if the router forwards the packets to ISA. I tryed to netstat -an on ISA but there is too much output and i can't see anything or scroll up.

6. ISA rule is as follows: allow protocol_80 from external/anywhere to webserver_ip for all users

where protocol_80 is portrange tcp 80-80 direction inbound

7. I can't verify the packet is geting to ISA. I can't use netstat -an because there is too much output and it all gets lost in the scrollback.

Hi,

    From the local lan if i type http://fa0/0 in a browser, SDM GUI pops up.

    We cannot test this from local lan. It has to be http:// when testing this from local lan.

    From the internet if i type http://fa0/0 in a browser it says 'It works!

    Did it show the page on webserver?

    Please post the entire configuration,excluding sensitive information such as Public IP addresses.

    Please post the output of "Router#telnet " 80 /source-interface f0/0"

    From the router, Can you temporarily test the connections by using a ping command?

    Router#ping .

    Seems you need to allow ICMP policies on ISA. Does it work?

     I just want to make sure that the routing is okay.

HTH,

Toshi

Hi

I must've missunderstood. On the local lan if i type http://webserver_ip it works, i get the webserver 'statistics' page (it shows that the server is runing, what version, what ports are opened, what features it has etc). The actual website i'm trying to view can be accesed by typing http://webserver_ip/start.html

From the internet if i type http://fa0/0 i get a blank page and in the upper left corner it says "It works!" in big bold characters. Basicaly it's the default message you get by accessing a webserver that has no webpage configured. It's what you get when accessing a 'blank' webserver.

router#telnet 10.5.4.150 80 /source-interface fa0/0

Trying 10.5.4.150, 80 ...

% Connection timed out; remote host not responding

same result from fa0/1

When i telnet from my desktop to the webserver the connection is closed and i get:

HTTP/1.1 501 Not Implemented

Content-Length: 54

Content-Type: text/html

The requested method is not implemented by this server

I can't ping the webserver from the router but i can ping it from my desktop. The router can ping my desktop. Both my desktop and my webserver are on the same subnet. I will try and setup a temporary webserver on my desktop for testing purposes.

After i will test this, i will get back with the results.

Ok i've setup a webserver on my desktop.

telnet 10.5.4.81 80 /source-interface fa0/1

Trying 10.5.4.81, 80 ... Open

[Connection to 10.5.4.81 closed by foreign host]

telnet 10.5.4.81 80 /source-interface fa0/0

Trying 10.5.4.81, 80 ...

% Connection timed out; remote host not responding

So the outside interface can't connect to the webserver. What's next?

Hi,

  Good job! Seems we're working well together.

  Please post the output of "Router#ping 10.5.4.81 source f0/0".

  Please confirm me the connections need to pass through ISA to connect the webserver and your PC. Right?

Toshi

ping 10.5.4.81 source fa0/0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.5.4.81, timeout is 2 seconds:

Packet sent with a source address of 82.77.196.42

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms

Yes, they need to pass through the ISA server.

Hi,

  Time to investigate ISA.

ISA , Policy , From Outside Interface - To - Inside Interface

Permit:

SourceIP:Any | SourcePort:Any 

DesticationIP: | DesticationPort:TCP/80

HTH,

Toshi

Hi, on ISA i have the following policy

Action     Protocols                  From/Listener                            To           condition

Allow     All outbound traffic  External/Internal/Anywhere        10.5.4.81        all users

After adding one more line to basicaly permit all outbound from external to any internal, i got the following error on my offsite computer:

Error Code 10060: Connection timeout

Background: The gateway could not receive a timely response from the website you are trying to access. This might indicate that the network is congested, or that the website is experiencing technical difficulties.

Date: 5/20/2011 10:33:07 AM [GMT]