Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3107
Views
0
Helpful
10
Replies

NAT / Port forwarding not working

Go to solution
Y. 'FoAmY' Vandenbossche
Level 1
Level 1

‎04-26-2019 08:17 AM - edited ‎04-26-2019 08:18 AM

Hi guys,

 

I'm having some issues with  port forwarding on my 1921 ISR, it was all working fine about a week ago... Then overnight (isr restarted due to power failure) it stopped working... I've gone over my config again, and again... Checked IP addresses, firewalls and tested connecting from the LAN and all works as expected. 'I just can't seem to connect from the outside -> in :( 

 

controller VDSL 0/0/0
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
no cdp enable
!
interface ATM0/0/0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Ethernet0/0/0
mac-address 7050.afb7.c5da
no ip address
ip nat outside
ip virtual-reassembly in
!
interface Ethernet0/0/0.101
encapsulation dot1Q 101
ip dhcp client request classless-static-route
ip dhcp client client-id hex ************************************
ip dhcp client hostname ************@*****|********
ip address dhcp
no ip redirects
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
!
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip nat inside source list 100 interface Ethernet0/0/0.101 overload
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
!
ip nat inside source static tcp 192.168.10.202 80 interface Ethernet0/0/0.101 8880

Thanks in advance for any help!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to Y. 'FoAmY' Vandenbossche

‎04-26-2019 09:44 AM - edited ‎04-26-2019 09:45 AM

If you change this port 8880 to another ports, its working?

Jaderson Pessoa
*** Rate All Helpful Responses ***

View solution in original post

0 Helpful
10 Replies 10

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni

‎04-26-2019 08:23 AM

This 192.168.10.202 80 is accessible from internal clients?
Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Go to solution
Y. 'FoAmY' Vandenbossche
Level 1
Level 1
In response to Jaderson Pessoa

‎04-26-2019 08:56 AM

Hi Jaderson,

Yes, it is. :)
0 Helpful

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to Y. 'FoAmY' Vandenbossche

‎04-26-2019 09:09 AM - edited ‎04-26-2019 09:11 AM

@Y. 'FoAmY' Vandenbossche try it;

 

no ip nat inside source static tcp 192.168.10.202 80 interface Ethernet0/0/0.101 8880  < certify the port

 clear interface ethernet0/0/0.101

clear counters  ethernet0/0/0.101

 

shutdown and shutdown under interface 0/0/0.101

 

ip nat inside source static tcp 192.168.10.202 80 interface Ethernet0/0/0.101 8880 < certify the port

 maybe it is a bug

Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Go to solution
Y. 'FoAmY' Vandenbossche
Level 1
Level 1
In response to Jaderson Pessoa

‎04-26-2019 09:24 AM

Tried that already, just tried again... No dice :(
0 Helpful

Go to solution
paul driver
VIP
VIP

‎04-26-2019 09:09 AM - edited ‎04-26-2019 09:11 AM

Hello

from the rtr if you telnet to 192.168.10.202 80 source gig0/0.10  - do you get connection?

 

From outside telnet again to your public IP address on port 8880

 

sh ip nat translations 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
Y. 'FoAmY' Vandenbossche
Level 1
Level 1
In response to paul driver

‎04-26-2019 09:21 AM

from the rtr if you telnet to 192.168.10.202 80 source gig0/0.10  - do you get connection?  :    yes, connects fine... 

From outside telnet again to your public IP address on port 8880  :    no connection, times out :(

 

VDB-R1# sh ip nat trans
tcp xxx.xxx.xxx.xxx:8880   192.168.10.202:80     ---                   ---

 

0 Helpful

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to Y. 'FoAmY' Vandenbossche

‎04-26-2019 09:44 AM - edited ‎04-26-2019 09:45 AM

If you change this port 8880 to another ports, its working?

Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Go to solution
Y. 'FoAmY' Vandenbossche
Level 1
Level 1
In response to Jaderson Pessoa

‎04-26-2019 01:40 PM

Indeed this fixes it, I guess I'll come up with another port to use!

Thanks for your help everyone!
0 Helpful

Go to solution
Jaderson Pessoa
VIP Alumni
VIP Alumni
In response to Y. 'FoAmY' Vandenbossche

‎04-26-2019 02:11 PM - edited ‎04-26-2019 02:11 PM

Great, maybe theret this port stayed in block state in your router "bug" i dont know..

But great that your problem was solved.

:)

Jaderson Pessoa
*** Rate All Helpful Responses ***
0 Helpful

Go to solution
paul driver
VIP
VIP
In response to Y. 'FoAmY' Vandenbossche

‎04-26-2019 09:56 AM

Hello

Shouldn't really make much difference but can you try using another source port maybe tcp 80 and amend the acl to deny that host from the dynamic nat


access-list 100 permit deny host 192.168.10.202  any
access-list 100 permit ip 192.168.10.0 0.0.0.255 any


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card