04-26-2019 08:17 AM - edited 04-26-2019 08:18 AM
Hi guys,
I'm having some issues with port forwarding on my 1921 ISR, it was all working fine about a week ago... Then overnight (isr restarted due to power failure) it stopped working... I've gone over my config again, and again... Checked IP addresses, firewalls and tested connecting from the LAN and all works as expected. 'I just can't seem to connect from the outside -> in :(
controller VDSL 0/0/0 ! interface GigabitEthernet0/0 no ip address duplex auto speed auto ! interface GigabitEthernet0/0.10 encapsulation dot1Q 10 ip address 192.168.10.254 255.255.255.0 ip nat inside ip virtual-reassembly in no cdp enable ! interface ATM0/0/0 no ip address shutdown no atm ilmi-keepalive ! interface Ethernet0/0/0 mac-address 7050.afb7.c5da no ip address ip nat outside ip virtual-reassembly in ! interface Ethernet0/0/0.101 encapsulation dot1Q 101 ip dhcp client request classless-static-route ip dhcp client client-id hex ************************************ ip dhcp client hostname ************@*****|******** ip address dhcp no ip redirects no ip proxy-arp ip nat outside ip virtual-reassembly in ! ip route 0.0.0.0 0.0.0.0 dhcp ! ip nat inside source list 100 interface Ethernet0/0/0.101 overload access-list 100 permit ip 192.168.10.0 0.0.0.255 any ! ip nat inside source static tcp 192.168.10.202 80 interface Ethernet0/0/0.101 8880
Thanks in advance for any help!
Solved! Go to Solution.
04-26-2019 09:44 AM - edited 04-26-2019 09:45 AM
If you change this port 8880 to another ports, its working?
04-26-2019 08:23 AM
04-26-2019 08:56 AM
04-26-2019 09:09 AM - edited 04-26-2019 09:11 AM
@Y. 'FoAmY' Vandenbossche try it;
no ip nat inside source static tcp 192.168.10.202 80 interface Ethernet0/0/0.101 8880 < certify the port
clear interface ethernet0/0/0.101
clear counters ethernet0/0/0.101
shutdown and shutdown under interface 0/0/0.101
ip nat inside source static tcp 192.168.10.202 80 interface Ethernet0/0/0.101 8880 < certify the port
maybe it is a bug
04-26-2019 09:24 AM
04-26-2019 09:09 AM - edited 04-26-2019 09:11 AM
Hello
from the rtr if you telnet to 192.168.10.202 80 source gig0/0.10 - do you get connection?
From outside telnet again to your public IP address on port 8880
sh ip nat translations
04-26-2019 09:21 AM
from the rtr if you telnet to 192.168.10.202 80 source gig0/0.10 - do you get connection? : yes, connects fine...
From outside telnet again to your public IP address on port 8880 : no connection, times out :(
VDB-R1# sh ip nat trans tcp xxx.xxx.xxx.xxx:8880 192.168.10.202:80 --- ---
04-26-2019 09:44 AM - edited 04-26-2019 09:45 AM
If you change this port 8880 to another ports, its working?
04-26-2019 01:40 PM
04-26-2019 02:11 PM - edited 04-26-2019 02:11 PM
Great, maybe theret this port stayed in block state in your router "bug" i dont know..
But great that your problem was solved.
:)
04-26-2019 09:56 AM
Hello
Shouldn't really make much difference but can you try using another source port maybe tcp 80 and amend the acl to deny that host from the dynamic nat
access-list 100 permit deny host 192.168.10.202 any
access-list 100 permit ip 192.168.10.0 0.0.0.255 any
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: