cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

19
Views
0
Helpful
0
Replies
Beginner

Port Forwarding ceased working

Hi everyone.

We have 2 ADSL services connected to an an HWIC-2FE in an 1841 router.  It has been running consistently for 12 months until last week.

One of the ADSL services is for our browsing, email, support, FTP etc and I have port forwarding configured on it.  The other is for our clients to connect; we host, via RDP, some software for them so I have  RDP/RDS and PPTP VPN forwarded to different servers internally.

Last Wednesday port forwarding on the RDP/PPTP ADSL service ceased working, our mail/browsing/support service continues to work as intended.

History: Our clients ADSL ports faulted at 3:45 in the morning then, both ADSL interfaces bounced an hour or so afterwards.  The ISP rebuilt the port but I have still not been able to get port forwarding working.  I have reconfigured the primary service and reconfigured DNS so our clients can still connect but I would like to get their ADSL service working again.

I have tested the RDP/PPTP ADSL service with an alternate modem and a laptop - it appears to work as expected which leads me back to the 1841.

I have included the config I am using (trimmed and edited), apologies, it has been some time since I did the CCNA course and my IOS is a bit rusty, and my methodology may be a bit rudimentary/crude, but it works.  I have scoured it over and over and cannot see where I may have inadvertently changed something.  I haven't made any changes to it for several weeks (mostly access lists as clients come and go).

Hoping someone has a keen eye and can spot my error.

BTW, I swapped/reconfigured the Fa0/0/1 port with Fa0/1 port and the issue persisted (I hope I did it right).

interface FastEthernet0/0
 description Internal
 no ip address
 duplex auto
 speed auto
 no cdp enable
!
interface FastEthernet0/0.1
 description Default VLAN
 encapsulation dot1Q 1 native
 ip address w.x.y.z 255.255.255.0
 ip access-group 101 in
 ip flow monitor cisco-RX-01 input
 ip nat inside
 ip virtual-reassembly
 no cdp enable
!
interface FastEthernet0/0.10
 description Management VLAN
 encapsulation dot1Q 10
 ip address a.b.c.d 255.255.255.0
 ip flow monitor cisco-RX-01 input
 ip nat inside
 ip virtual-reassembly
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/0/0
 description Physical interface for Dialer0
 no ip address
 ip virtual-reassembly
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 2
 no cdp enable
!
interface FastEthernet0/0/1
 description Physical interface for Dialer1
 no ip address
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
 no cdp enable
!
interface Dialer0
 description Logical ADSL interface for mail/browse/support
 ip address negotiated
 ip mtu 1492
 ip flow monitor cisco-RX-01 input
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 2
 dialer-group 2
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname ADSLusername
 ppp chap password 7 ADSLPassword
 ppp pap sent-username ADSLusername password 7 ADSLpassword
!
interface Dialer1
 description Logical ADSL interface for vpn/RDP
 ip address negotiated
 ip access-group 120 in
 ip mtu 1492
 ip flow monitor cisco-RX-01 input
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap callin
 ppp chap hostname ADSLusername
 ppp chap password 7 ADSLpassword
 ppp pap sent-username ADSLusername password 7 ADSLpassword
!
ip default-gateway c.d.e.f
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
!
ip nat inside source list NAT_mail interface Dialer0 overload
ip nat inside source static tcp rdpserver 3389 interface Dialer1 3389
ip nat inside source static tcp vpnserver 1723 interface Dialer1 1723
ip nat inside source static tcp mailserver 25 interface Dialer0 25
ip nat inside source static tcp httpsserver 443 interface Dialer0 443
ip nat inside source static tcp httpserver 80 interface Dialer0 80
ip nat inside source static tcp rwwserver 4125 interface Dialer0 4125
ip nat inside source list NAT_vpn interface Dialer1 overload
ip nat inside source static tcp supportserver 8040 interface Dialer0 8040
ip nat inside source static tcp supportserver 8041 interface Dialer0 8041
ip nat inside source static tcp ftpserver 20 interface Dialer0 20
ip nat inside source static tcp ftpserver 21 interface Dialer0 21
!
ip access-list extended NAT_mail
 remark IP addresses allowed out Dialer0
 permit ip w.x.y.z 0.0.0.255 any
 permit ip a.b.c.d 0.0.0.255 any
ip access-list extended NAT_vpn
 remark IP addresses allowed out Dialer1
 permit ip a.b.c.d 0.0.0.255 any
 permit ip w.x.y.z 0.0.0.255 any
!
access-list 101 remark ------------------
access-list 101 remark To be used on FA0/0.1 IN - the VLAN
access-list 101 remark Allow mailserver to send email
access-list 101 permit tcp host a.b.c.d any eq smtp
access-list 101 permit tcp host w.x.y.z any eq smtp
access-list 101 remark Prevent other hosts from any VLAN from sending email
access-list 101 deny   tcp w.x.y.z 0.0.0.255 any eq smtp
access-list 101 remark Prevent TELNET to router IP this VLAN address
access-list 101 deny   tcp any host w.x.y.z eq telnet
access-list 101 remark Allow SSH through to management VLAN
access-list 101 permit tcp any host a.b.c.d eq 22
access-list 101 permit tcp any any
access-list 101 permit udp any any
access-list 101 permit gre any any
access-list 101 permit icmp any any
access-list 110 remark ------------------
access-list 110 remark To be used on FA0/0.10 IN - the Management VLAN
access-list 110 permit gre any any
access-list 110 remark Check hosts from VLAN 10 to send email
access-list 110 permit tcp host a.b.c.d any eq smtp
access-list 110 deny   tcp a.b.c.e 0.0.0.255 any eq smtp
access-list 110 remark Allow SSH to router management VLAN interface
access-list 110 permit tcp any host a.b.c.d eq 22
access-list 110 permit tcp any any established
access-list 110 permit udp any any
access-list 120 remark ------------------
access-list 120 remark Direct RDP users - for use on Dialer1 IN
access-list 120 remark Allow in GRE
access-list 120 permit gre any any
access-list 120 remark Allow in PPTP
access-list 120 permit tcp any host dialer1 eq 1723
access-list 120 remark RDP for Clientx
access-list 120 permit tcp host clientIP host DestIP eq 3389
access-list 120 remark RDP for Clientx2
access-list 120 permit tcp host ClientIP host DestIP eq 3389
.
.
.
access-list 120 remark RDP for Clientn
access-list 120 permit tcp host ClientIP host DestIP eq 3389
dialer-list 1 protocol ip permit

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards