Solved: Port forwarding HTTP Error 504

SilentHunter124 · ‎12-23-2012

Hi *,

I've a little problem with my 890SFP Router, which is configured behind a Virtual DMZ.

The 192.168.178.0/24 network is the DMZ and the 192.168.0.0/24 is my network with all my devices.

The router has NAT and the inside interface is 192.168.0.1, the outside interface ist 192.168.178.253 (the other Router in the DMZ has .254).

I added (with Cisco Configuration Professional) a static NAT Rule with Original address 192.168.0.201:80 (my Webserver which needs to be accessable from outside) and translated address 192.168.178.253:8080.

When I open a Websession from outside and call the address http://my.real.outside.ip:8080 I get the HTTP Error 504.

Where can be the problem?

cadet alain · ‎12-23-2012

Hi,

can you do this:

enable

config t

ip inspect log drop-pkt

logging con 6

ip access-list extended autosec_firewall_acl

5 permit tcp any host 192.168.178.253 eq 8080

Regards.

Alain

Don't forget to rate helpful posts.

View solution in original post

Abzal · ‎12-23-2012

Hi,

try to add this

ip access-list extended autosec_firewall_acl

remark CCP_ACL Category=17

permit udp any host 192.168.178.253 eq non500-isakmp

permit udp any host 192.168.178.253 eq isakmp

permit esp any host 192.168.178.253

permit ahp any host 192.168.178.253

permit tcp any host 192.168.178.253 eq 8080

Hope it will help.

Best regards,
Abzal

View solution in original post

Abzal · ‎12-23-2012

Hi,

First of all you need Public IP address on your router to be accessible from outisde. Then you need to do a static NAT to forward to server. HTTP 504 means client send a request for connection but response never came back.

Hope it will help.

Best regards,
Abzal

SilentHunter124 · ‎12-23-2012

Hi,

the whole traffic from my real public IP Address is redirected to the IP Address 192.168.178.253 (Interface Gi9) without being filtered. I then added the NAT Rule:

ip nat inside source static tcp 192.168.0.201 80 interface Gi9 8080

BTW I used the auto-secure command at initial configuration of the router. So I have the acl autosec_firewall_acl activated on my router.

Is this only a NAT problem or can it be a wrong ACL from the firewall?

Abzal · ‎12-23-2012

Hi,

Can you post your router's config. And network topology. Because it is still unclear.

Sent from Cisco Technical Support iPhone App

Best regards,
Abzal

SilentHunter124 · ‎12-23-2012

Hi,

this is the running config:

-Removed-

And this is my topology:

cadet alain · ‎12-23-2012

Hi,

can you do this:

enable

config t

ip inspect log drop-pkt

logging con 6

ip access-list extended autosec_firewall_acl

5 permit tcp any host 192.168.178.253 eq 8080

Regards.

Alain

Don't forget to rate helpful posts.

Abzal · ‎12-23-2012

Hi,

try to add this

ip access-list extended autosec_firewall_acl

remark CCP_ACL Category=17

permit udp any host 192.168.178.253 eq non500-isakmp

permit udp any host 192.168.178.253 eq isakmp

permit esp any host 192.168.178.253

permit ahp any host 192.168.178.253

permit tcp any host 192.168.178.253 eq 8080

Hope it will help.

Best regards,
Abzal

SilentHunter124 · ‎12-23-2012

Yessss, it works. Thank you very much guys.

Abzal · ‎12-23-2012

I'm glad we helped you!

Sent from Cisco Technical Support iPhone App

Best regards,
Abzal