cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3279
Views
0
Helpful
8
Replies

Port forwarding HTTP Error 504

SilentHunter124
Level 1
Level 1

Hi *,

I've a little problem with my 890SFP Router, which is configured behind a Virtual DMZ.

The 192.168.178.0/24 network is the DMZ and the 192.168.0.0/24 is my network with all my devices.

The router has NAT and the inside interface is 192.168.0.1, the outside interface ist 192.168.178.253 (the other Router in the DMZ has .254).

I added (with Cisco Configuration Professional) a static NAT Rule with Original address 192.168.0.201:80 (my Webserver which needs to be accessable from outside) and translated address 192.168.178.253:8080.

When I open a Websession from outside and call the address http://my.real.outside.ip:8080 I get the HTTP Error 504.

Where can be the problem?

2 Accepted Solutions

Accepted Solutions

Hi,

can you do this:

enable

config t

ip inspect log drop-pkt

logging con 6

ip access-list extended autosec_firewall_acl

5 permit tcp any host 192.168.178.253 eq 8080

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

Hi,

try to add this

ip access-list extended autosec_firewall_acl

remark CCP_ACL Category=17

permit udp any host 192.168.178.253 eq non500-isakmp

permit udp any host 192.168.178.253 eq isakmp

permit esp any host 192.168.178.253

permit ahp any host 192.168.178.253

permit tcp any host 192.168.178.253 eq 8080

Hope it will help.

Best regards,
Abzal

View solution in original post

8 Replies 8

Abzal
Level 7
Level 7

Hi,

First of all you need Public IP address on your router to be accessible from outisde. Then you need to do a static NAT to forward to server. HTTP 504 means client send a request for connection but response never came back.

Hope it will help.

Best regards,
Abzal

Hi,

the whole traffic from my real public IP Address is redirected to the IP Address 192.168.178.253 (Interface Gi9) without being filtered. I then added the NAT Rule:

ip nat inside source static tcp 192.168.0.201 80 interface Gi9 8080

BTW I used the auto-secure command at initial configuration of the router. So I have the acl autosec_firewall_acl activated on my router.

Is this only a NAT problem or can it be a wrong ACL from the firewall?

Abzal
Level 7
Level 7

Hi,

Can you post your router's config. And network topology. Because it is still unclear.

Sent from Cisco Technical Support iPhone App

Best regards,
Abzal

Hi,

this is the running config:

-Removed-

And this is my topology:

Hi,

can you do this:

enable

config t

ip inspect log drop-pkt

logging con 6

ip access-list extended autosec_firewall_acl

5 permit tcp any host 192.168.178.253 eq 8080

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi,

try to add this

ip access-list extended autosec_firewall_acl

remark CCP_ACL Category=17

permit udp any host 192.168.178.253 eq non500-isakmp

permit udp any host 192.168.178.253 eq isakmp

permit esp any host 192.168.178.253

permit ahp any host 192.168.178.253

permit tcp any host 192.168.178.253 eq 8080

Hope it will help.

Best regards,
Abzal

Yessss, it works. Thank you very much guys.

I'm glad we helped you!

Sent from Cisco Technical Support iPhone App

Best regards,
Abzal
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: