Need help with my port forwarding config

oliver.mercado · ‎04-03-2013

interface GigabitEthernet0/0

ip address x.x.x.36 255.255.255.248

ip nat outside

ip virtual-reassembly in

no ip route-cache

duplex auto

speed auto

no cdp enable

!

interface GigabitEthernet0/1

ip address 192.168.1.3 255.255.255.0

ip nat inside

ip virtual-reassembly in

no ip route-cache

duplex auto

speed auto

no cdp enable

ip nat inside source static tcp 192.168.1.252 22 x.x.x.36 6922 extendable

ip route 0.0.0.0 0.0.0.0 x.x.x.33

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 1 permit any

Anything wrong with my config? port forwarding to my ssh wont work. Im using CISCO 1900 Series.

Thank you..

Bilal Nawaz · ‎04-03-2013

Hi Oliver,

Could you please try this:

ip nat inside source static tcp 192.168.1.252 22 interface gi0/0 6922

Anything coming in gi0/0 on port 6922 will be forwarded on to 192.168.1.252 on port 22.

Hope this helps.

Please rate useful posts and remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

oliver.mercado · ‎04-03-2013

thank for the reply Bilal. I tried that but I still can't connect to my ssh server (192.168.1.252).

here is my sh ip nat trans

Pro Inside global Inside local Outside local Outside global

tcp x.x.x.36:6922 192.168.1.252:22 27.x.x.167:50572 27.x.x.167:50572

tcp x.x.x.36:6922 192.168.1.252:22 --- ---

johnlloyd_13 · ‎04-03-2013

Hi,

Could you do:

ip nat inside source static tcp 192.168.1.252 22 22.x.x.36 22 extendable

Sent from Cisco Technical Support iPhone App

Bilal Nawaz · ‎04-03-2013

Could you try the same port number i.e. 22

Please rate useful posts and remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

oliver.mercado · ‎04-03-2013

I tried that one also... still can't connect to my local server.. I dont have any acls would that be a probem?

johnlloyd_13 · ‎04-03-2013

No, ACL is used for your PAT. Check you again the server's TCP/IP settings and issue a 'telnet 192.168.1.252 22' from the router?

Sent from Cisco Technical Support iPhone App

oliver.mercado · ‎04-03-2013

I can telnet from cisco to my local server...

telnet 192.168.1.252 22

Trying 192.168.1.252, 22 ... Open

SSH-2.0-OpenSSH_4.3

Protocol mismatch.

[Connection to 192.168.1.252 closed by foreign host]

johnlloyd_13 · ‎04-03-2013

Ok. Can your server ping 192.168.1.3 and 8.8.8.8?

Kindly post show run and hide sensitive data.

Sent from Cisco Technical Support iPhone App

Bilal Nawaz · ‎04-03-2013

I know this might be a silly question, so appologies in advance. What is the default gateway of the local server?

Should be 192.168.1.3?

Your translation seems fine.

Please rate useful posts and remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Bilal Nawaz · ‎04-03-2013

I just tried this quickly in a lab and worked. This is what I did:

R1 config:

interface FastEthernet0/0

ip address 1.1.1.1 255.255.255.0

duplex auto

speed auto

R2 config:

interface FastEthernet0/0

ip address 1.1.1.2 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.1.3 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

ip nat inside source static tcp 192.168.1.252 22 interface FastEthernet0/0 22

R3:

interface FastEthernet0/1

ip address 192.168.1.252 255.255.255.0

duplex auto

speed auto

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 192.168.1.3

Output is here:

R1#ssh -l bilal 1.1.1.2

Password:

R3#

R3#exit

[Connection to 1.1.1.2 closed by foreign host]

R1#

R2#show ip nat translations

Pro Inside global Inside local Outside local Outside global

tcp 1.1.1.2:22 192.168.1.252:22 --- ---

R2#

*Mar 1 00:47:19.799: NAT*: s=1.1.1.1, d=1.1.1.2->192.168.1.252 [11730]

*Mar 1 00:47:19.835: NAT*: s=192.168.1.252->1.1.1.2, d=1.1.1.1 [7189]

*Mar 1 00:47:19.863: NAT*: s=1.1.1.1, d=1.1.1.2->192.168.1.252 [11731]

*Mar 1 00:47:19.895: NAT*: s=192.168.1.252->1.1.1.2, d=1.1.1.1 [7190]

*Mar 1 00:47:19.931: NAT*: s=1.1.1.1, d=1.1.1.2->192.168.1.252 [11732]

*Mar 1 00:47:19.943: NAT*: s=1.1.1.1, d=1.1.1.2->192.168.1.252 [11733]

*Mar 1 00:47:19.955: NAT*: s=1.1.1.1, d=1.1.1.2->192.168.1.252 [11734]

*Mar 1 00:47:19.959: NAT*: s=192.168.1.252->1.1.1.2, d=1.1.1.1 [7191]

*Mar 1 00:47:19.967: NAT*: s=1.1.1.1, d=1.1.1.2->192.168.1.252 [11735]

*Mar 1 00:47:19.975: NAT*: s=1.1.1.1, d=1.1.1.2->192.168.1.252 [11736]

*Mar 1 00:47:19.987: NAT*: s=1.1.1.1, d=1.1.1.2->192.168.1.252 [11737]

*Mar 1 00:47:19.995: NAT*: s=1.1.1.1, d=1.1.1.2->192.168.1.252 [11738]

*Mar 1 00:47:20.007: NAT*: s=1.1.1.1, d=1.1.1.2->192.168.1.252 [11739]

*Mar 1 00:47:20.019: NAT*: s=1.1.1.1, d=1.1.1.2->192.168.1.252 [11740]

*Mar 1 00:47:20.099: NAT*: s=192.168.1.252->1.1.1.2, d=1.1.1.1 [7192]

*Mar 1 00:47:20.115: NAT*: s=192.168.1.252->1.1.1.2, d=1.1.1.1 [7193]

*Mar 1 00:47:20.127: NAT*: s=1.1.1.1, d=1.1.1.2->192.168.1.252 [11741]

*Mar 1 00:47:20.147: NAT*: s=1.1.1.1, d=1.1.1.2->192.168.1.252 [11742]

*Mar 1 00:47:20.171: NAT*: s=1.1.1.1, d=1.1.1.2->192.168.1.252 [11743]

*Mar 1 00:47:20.191: NAT*: s=192.168.1.252->1.1.1.2, d=1.1.1.1 [7194]

*Mar 1 00:47:20.211: NAT*: s=1.1.1.1, d=1.1.1.2->192.168.1.252 [11744]

*Mar 1 00:47:20.235: NAT*: s=1.1.1.1, d=1.1.1.2->192.168.1.252 [11745]

*Mar 1 00:47:20.243: NAT*: s=192.168.1.252->1.1.1.2, d=1.1.1.1 [7195]

*Mar 1 00:47:20.263: NAT*: s=192.168.1.252->1.1.1.2, d=1.1.1.1 [7196]

*Mar 1 00:47:20.283: NAT*: s=1.1.1.1, d=1.1.1.2->192.168.1.252 [11746]

*Mar 1 00:47:20.295: NAT*: s=1.1.1.1, d=1.1.1.2->192.168.1.252 [11747]

*Mar 1 00:47:20.503: NAT*: s=192.168.1.252->1.1.1.2, d=1.1.1.1 [7197]

R2#

*Mar 1 00:47:22.323: NAT*: s=192.168.1.252->1.1.1.2, d=1.1.1.1 [7198]

*Mar 1 00:47:22.343: NAT*: s=1.1.1.1, d=1.1.1.2->192.168.1.252 [11748]

*Mar 1 00:47:22.359: NAT*: s=1.1.1.1, d=1.1.1.2->192.168.1.252 [11749]

*Mar 1 00:47:22.559: NAT*: s=192.168.1.252->1.1.1.2, d=1.1.1.1 [7199]

R2#

*Mar 1 00:47:24.363: NAT*: s=192.168.1.252->1.1.1.2, d=1.1.1.1 [7200]

*Mar 1 00:47:24.395: NAT*: s=1.1.1.1, d=1.1.1.2->192.168.1.252 [11750]

*Mar 1 00:47:24.423: NAT*: s=1.1.1.1, d=1.1.1.2->192.168.1.252 [11751]

*Mar 1 00:47:24.631: NAT*: s=192.168.1.252->1.1.1.2, d=1.1.1.1 [7201]

R2#

*Mar 1 00:47:26.443: NAT*: s=192.168.1.252->1.1.1.2, d=1.1.1.1 [7202]

*Mar 1 00:47:26.695: NAT*: s=1.1.1.1, d=1.1.1.2->192.168.1.252 [11752]

R2#

*Mar 1 00:47:56.907: NAT*: s=1.1.1.1, d=1.1.1.2->192.168.1.252 [11753]

*Mar 1 00:47:56.927: NAT*: s=192.168.1.252->1.1.1.2, d=1.1.1.1 [7203]

*Mar 1 00:47:57.023: NAT*: s=192.168.1.252->1.1.1.2, d=1.1.1.1 [7204]

*Mar 1 00:47:57.055: NAT*: s=1.1.1.1, d=1.1.1.2->192.168.1.252 [11754]

R3#debug ip packet

IP packet debugging is on

R3#

*Mar 1 00:48:18.923: IP: tableid=0, s=1.1.1.1 (FastEthernet0/1), d=192.168.1.252 (FastEthernet0/1), routed via RIB

*Mar 1 00:48:18.923: IP: s=1.1.1.1 (FastEthernet0/1), d=192.168.1.252 (FastEthernet0/1), len 44, rcvd 3

*Mar 1 00:48:18.927: IP: tableid=0, s=192.168.1.252 (local), d=1.1.1.1 (FastEthernet0/1), routed via FIB

*Mar 1 00:48:18.931: IP: s=192.168.1.252 (local), d=1.1.1.1 (FastEthernet0/1), len 44, sending

*Mar 1 00:48:19.007: IP: tableid=0, s=1.1.1.1 (FastEthernet0/1), d=192.168.1.252 (FastEthernet0/1), routed via RIB

*Mar 1 00:48:19.011: IP: s=1.1.1.1 (FastEthernet0/1), d=192.168.1.252 (FastEthernet0/1), len 40, rcvd 3

*Mar 1 00:48:19.031: IP: tableid=0, s=192.168.1.252 (local), d=1.1.1.1 (FastEthernet0/1), routed via FIB

*Mar 1 00:48:19.031: IP: s=192.168.1.252 (local), d=1.1.1.1 (FastEthernet0/1), len 60, sending

Seems to work with this config.

Hope this helps.

Please rate useful posts and remember to mark any solved questions as answered. Thank you.

Please rate useful posts & remember to mark any solved questions as answered. Thank you.