cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1051
Views
0
Helpful
2
Replies
Highlighted
Beginner

NAT issue with 877-k9 on IOS 12.4(15)T5

As per title, we are trying to configure (simple) port forwarding for port 8080 to an internal server

The server internal IP is 192.168.1.10, and (assuming) our public IP address is 119.75.30.128, the mapping is done as follow:

Private IP Address: 192.168.1.10 (8080)

Public IP Address: 119.75.30.128 (8080)

Protocol: TCP

We are a web development company and has no in-depth knowledge on routers or networking, but we supposed by just setting the above is all we need to do...

Additionally, we tried doing it on Web Server (port 80) and when we access http://119.75.30.128 it prompts us the Router login, meaning the NAT doesnt work..

We are using Cisco 877-k9 on IOS 12.4(15)T5, and have "Enable NAT" checkbox checked

Appreciate if anyone could help resolve the issue, many thanks!!

Everyone's tags (6)
2 REPLIES 2
Highlighted
Participant

NAT issue with 877-k9 on IOS 12.4(15)T5

Chen,

I can help you with the configuration through command line interface of the router.

Telnet/SSH into the router & capture the output of "show run". Please share that & I can send you the sample config then.

Config example:

ip nat inside source static tcp 192.168.1.10 8080 119.75.30.128 8080

interface x/y <<

ip nat inside

interface x/z<<<

ip nat outside

HTH,

Amit Aneja

Regards,

Amit Aneja

Highlighted
Beginner

NAT issue with 877-k9 on IOS 12.4(15)T5

Hi Amit Aneja,

Thanks for your kind help in advance!

Please find our config as follow:

-----------------------------------------------

Current configuration : 7623 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname MYHOST

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

enable secret 5 $1$PtjP$prh8eXCB2a/WqqxMPmBpA/

!

no aaa new-model

!

crypto pki trustpoint TP-self-signed-HEXKEY

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-HEXKEY

revocation-check none

rsakeypair TP-self-signed-HEXKEY

!

!

crypto pki certificate chain TP-self-signed-HEXKEY

certificate self-signed 01

  30820255 308201BE A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 34303934 30323338 3632301E 170D3032 30333031 30303037

  33345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30393430

  32333836 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100AA22 86926C23 C1683D8B 78A5006D 90428FC8 939C5E52 26F42DD4 EB6BA6A3

  0A049DAB FE71D2E9 AFBF75B7 BD82685E AB6FE57B 29E1EB8E 09D2CAD2 23F573C2

  A4BEB324 92431A5B B55C6D03 A4763792 B8C157B7 C30DD2DC 982E9CCA 3767C1D0

  E1F80497 3F002347 6CF255CA C4A452B6 40293356 E477F8B4 C4C3AF1A 8622B83A

  976F0203 010001A3 7D307B30 0F060355 1D130101 FF040530 030101FF 30280603

  551D1104 21301F82 1D436F6E 76657274 75696D5F 3837372E 796F7572 646F6D61

  696E2E63 6F6D301F 0603551D 23041830 16801463 1FF378C7 D1124CC3 B0A6B037

  51AECF3B E3BC7730 1D060355 1D0E0416 0414631F F378C7D1 124CC3B0 A6B03751

  AECF3BE3 BC77300D 06092A86 4886F70D 01010405 00038181 0047CE84 0B91911F

  B956476E 59D0734C 1329E6AF E5DA1CAF CFE40F55 81E0F09C EFB42B10 2863ED4A

  A50E62E8 958B625A 0FF2F723 9EA3192E 0D54F30A C84DEC08 C244D68A B2CCC8F8

  F3BE8198 12D5D41B F6E18FCE 54107036 109B3C80 09EE73B6 2D651894 0F0109E6

  C35978F3 B99579A9 5B0AC074 E25A3A10 4AAE1902 43BDB3B8 E1

        quit

dot11 syslog

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 10.10.10.1

ip dhcp excluded-address 192.168.1.1

ip dhcp excluded-address 192.168.1.109 192.168.1.254

!

ip dhcp pool sdm-pool

   import all

   network 192.168.1.0 255.255.255.0

   default-router 192.168.1.1

   dns-server 165.21.100.88 165.21.83.88

   lease 0 2

!

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

ip domain name yourdomain.com

ip name-server 165.21.83.88

ip name-server 165.21.100.88

!

vpdn enable

!

vpdn-group 1

! Default PPTP VPDN group

accept-dialin

  protocol pptp

  virtual-template 1

!

!

!

username admin privilege 15 password 0 MYPASSWORD

!

!

archive

log config

  hidekeys

!

!

!

class-map type inspect match-any SDM_HTTPS

match access-group name SDM_HTTPS

class-map type inspect match-any SDM_SSH

match access-group name SDM_SSH

class-map type inspect match-any SDM_SHELL

match access-group name SDM_SHELL

class-map type inspect match-any sdm-cls-access

match class-map SDM_HTTPS

match class-map SDM_SSH

match class-map SDM_SHELL

class-map type inspect match-any sdm-cls-insp-traffic

match protocol cuseeme

match protocol dns

match protocol ftp

match protocol h323

match protocol https

match protocol icmp

match protocol imap

match protocol pop3

match protocol netshow

match protocol shell

match protocol realmedia

match protocol rtsp

match protocol smtp extended

match protocol sql-net

match protocol streamworks

match protocol tftp

match protocol vdolive

match protocol tcp

match protocol udp

class-map type inspect match-all sdm-insp-traffic

match class-map sdm-cls-insp-traffic

class-map type inspect match-any SDM-Voice-permit

match protocol h323

match protocol skinny

match protocol sip

class-map type inspect match-all sdm-nat--1

match access-group 103

class-map type inspect match-all sdm-nat--2

match access-group 104

class-map type inspect match-any sdm-cls-icmp-access

match protocol icmp

match protocol tcp

match protocol udp

class-map type inspect match-all sdm-access

match class-map sdm-cls-access

match access-group 102

class-map type inspect match-all sdm-icmp-access

match class-map sdm-cls-icmp-access

class-map type inspect match-all sdm-invalid-src

match access-group 100

class-map type inspect match-all sdm-protocol-http

match protocol http

!

!

policy-map type inspect sdm-permit-icmpreply

class type inspect sdm-icmp-access

  inspect

class class-default

  pass

policy-map type inspect sdm-pol-NATOutsideToInside-1

class type inspect sdm-nat--1

  inspect

class type inspect sdm-nat--2

  inspect

class class-default

policy-map type inspect sdm-inspect

class type inspect sdm-invalid-src

  drop log

class type inspect sdm-insp-traffic

  inspect

class type inspect sdm-protocol-http

  inspect

class type inspect SDM-Voice-permit

  inspect

class class-default

  pass

policy-map type inspect sdm-permit

class type inspect sdm-access

  inspect

class class-default

!

zone security out-zone

zone security in-zone

zone-pair security sdm-zp-self-out source self destination out-zone

service-policy type inspect sdm-permit-icmpreply

zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone

service-policy type inspect sdm-pol-NATOutsideToInside-1

zone-pair security sdm-zp-out-self source out-zone destination self

service-policy type inspect sdm-permit

zone-pair security sdm-zp-in-out source in-zone destination out-zone

service-policy type inspect sdm-inspect

!

!

!

interface ATM0

description $FW_OUTSIDE$$ES_WAN$

ip address XXX.XX.XX.XXX 255.255.255.252

ip nat outside

ip virtual-reassembly

zone-member security out-zone

no atm ilmi-keepalive

pvc 8/35

  protocol ip XXX.XX.XX.XXX broadcast

!

dsl operating-mode auto

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface Virtual-Template1

no ip address

peer default ip address pool defaultpool

ppp authentication chap ms-chap

!

interface Vlan1

description lan:203.169.117.56-63 and 58.185.68.152-159$FW_INSIDE$

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

zone-member security in-zone

ip tcp adjust-mss 1452

!

ip local pool defaultpool 192.168.100.1 192.168.100.254

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 XXX.XX.XX.XXX

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 101 interface ATM0 overload

ip nat inside source static tcp 192.168.1.5 80 interface ATM0 80

ip nat inside source static tcp 192.168.1.5 8080 interface ATM0 8080

!

ip access-list extended SDM_HTTPS

remark SDM_ACL Category=1

permit tcp any any eq 443

ip access-list extended SDM_SHELL

remark SDM_ACL Category=1

permit tcp any any eq cmd

ip access-list extended SDM_SSH

remark SDM_ACL Category=1

permit tcp any any eq 22

!

access-list 100 remark SDM_ACL Category=128

access-list 100 permit ip host 255.255.255.255 any

access-list 100 permit ip 127.0.0.0 0.255.255.255 any

access-list 100 permit ip XXX.XX.XX.XXX 0.0.0.3 any

access-list 101 remark SDM_ACL Category=2

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 102 remark SDM_ACL Category=128

access-list 102 permit ip any any

access-list 103 remark SDM_ACL Category=0

access-list 103 permit ip any host 192.168.1.50

access-list 104 remark SDM_ACL Category=0

access-list 104 permit ip any host 192.168.1.50

no cdp run

!

!

!

control-plane

!

!

line con 0

login local

no modem enable

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet ssh

!

scheduler max-task-time 5000

end