04-09-2013 10:46 AM - edited 03-04-2019 07:32 PM
I have a 857w adsl router, I have configured it to connected to my ISP and i get a dhcp address from them, and I have dhcp pool to assign ip addresses to wireless or LAN, i have nat overload on a BVI . I am now trying to get one of the LAN port which has a device of 172.16.0.3 to be accessible from the outside world, but it will not let anyone connect to it.
I will upload my Config if anyone can help
Solved! Go to Solution.
04-09-2013 11:14 AM
Hello Neil,
I assume that you have only one publi IP, one which you obtain via dhcp. You have also configured NAT overload, so now you can configure only port forward to make some devices available from internet.
try this config:
ip nat inside source static 172.16.0.3 PORT interface_with_public_IP[probably Dialer] PORT
Also check if some ACL is not blocking your traffic.
Best Regards
Please rate all helpful posts and close solved questions
04-09-2013 11:14 AM
Hello Neil,
I assume that you have only one publi IP, one which you obtain via dhcp. You have also configured NAT overload, so now you can configure only port forward to make some devices available from internet.
try this config:
ip nat inside source static 172.16.0.3 PORT interface_with_public_IP[probably Dialer] PORT
Also check if some ACL is not blocking your traffic.
Best Regards
Please rate all helpful posts and close solved questions
04-09-2013 11:18 AM
Thanks for the reply, yeah I have one ip via dhcp from ISP , and I only want one device accessible for the Internet. I have tried the command below already but it did not work, I also don't have ACL configured yet.
here is my config
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid Wireless1
vlan 1
authentication open
guest-mode
wpa-psk ascii 0 XXXXXXXX
!
dot11 ssid Wireless
authentication open
!
no ip dhcp use vrf connected
ip dhcp excluded-address 172.16.0.1
ip dhcp excluded-address 172.16.0.3
!
ip dhcp pool sdm-pool1
network 172.16.0.0 255.255.0.0
default-router 172.16.0.1
dns-server 212.159.6.10 212.159.6.9
!
!
ip cef
!
!
!
username neil privilege 15 password 0 XXXXXXXXXXXXXXXXXXXXXX
!
!
archive
log config
hidekeys
!
!
!
bridge irb
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no ip mroute-cache
atm vc-per-vp 128
no atm ilmi-keepalive
pvc 0/38
oam-pvc 0
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
hold-queue 224 in
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
!
ssid Wireless
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
bridge-group 1
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXXXl@XXXXX.net
ppp chap password 0 XXXX
ppp pap sent-username XXXX@XXXXX.net password 0 XXXXXXX
ppp ipcp dns request
ppp ipcp wins request
hold-queue 224 in
!
interface BVI1
description $ES_LAN$
ip address 172.16.0.1 255.255.0.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 172.16.0.3 12000 interface Dialer0 12000
ip nat inside source static udp 172.16.0.3 12000 interface Dialer0 12000
ip nat inside source static 172.16.0.3 interface Dialer0
!
access-list 1 permit 172.16.0.0 0.0.0.255
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
no modem enable
line aux 0
line vty 0 4
password XXXXXX
login local
04-09-2013 12:43 PM
Hello Neil,
Delete this line:
ip nat inside source static 172.16.0.3 interface Dialer0
You can forward just particular UDP/TCP ports, you can not configure static NAT 1:1. Try your configuration without mentioned line if it will work.
Best Regards
Please rate all helpful posts and close solved questions
04-09-2013 01:13 PM
I have removed the line but i still can not get internet access to my internal device
04-09-2013 01:57 PM
OK, I can not see any routing configuration in your post, so probably you receive default route via DHCP from your ISP, can you confirm this?
Or can you post output of #show ip route
Also can you confirm that from 172.16.0.3 device you can reach IP address of internet device from which you are trying to connect to 172.16.0.3 device => I hope this sentence make sense
Can you see NAT translation on router?
#show ip nat trans
Best Regards
Please rate all helpful posts and close solved questions
04-09-2013 02:20 PM
Thanks fr the reply,
My routing is
ip route 0.0.0.0 0.0.0.0 Dialer0
I have a routing table with a candidate route in there too to dialer 0, if you mean can I get on the net from from the 0.3 device, the answer is yes, I am getting nat translations but I can not give to you right now as I out of home right now.
04-09-2013 11:49 PM
Neil, as you wrote you have no problem to communicate with "0.3" device to internet, configuration is very basic, there is nothing else to do. I would say that problem will be on "0.3" device. Is it PC or server, can you check that communication is no filtered there with some firewall or something else.
If you can capture traffic on NIC you can verify if some packets from internet arrive when you try to connect there.
Best Regards
Please rate all helpful posts and close solved questions
04-10-2013 01:40 AM
Hello
Is there a reason are you trying to perform static pat on port 12000?
How are you trying to connect to this internal pc ?
Does the internal pc have any software firewall enabled - if so are the designated ports open?
Even though you have a default route to the dialer interface ( maybe try and ask your ISP as to what to configure for the default gateway.
Try using the public ip instead of the dialer interface
ip nat inside source static tcp 172.16.0.3 xx (use public allocated ip) xx extendable
res
Paul
Please don't forget to rate any posts that have been helpful.
Thanks.
04-10-2013 02:20 AM
I took out the line you said and it never worked, but I figured it out my dns was not updating, stupid mistake on my part but all sorted out now, just need to configure ddns on the router now. Thanks for your help
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide