12-24-2013 01:47 AM - edited 03-04-2019 09:56 PM
Hello all,
I have a router 2621. I configured it for port forwarding. I need to forward the public ip 115.115.123.xxx 8086 to 192.168.1.130 8086. But I cant connect. Please shed a light on this.
Here i shows the output of my show run command
Building configuration...
Current configuration : 1451 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname RouterA
!
enable secret 5 $1$l/ko$sibpgYNMefNJLRWO477l70
enable password cisco12$
!
ip subnet-zero
!
!
ip name-server 192.168.1.1
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip name-server 192.168.1.10
ip dhcp excluded-address 192.168.1.10 192.168.1.254
!
ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
!
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description WAN
ip address 115.115.123.xxx 255.255.255.252
ip nat outside
duplex auto
speed auto
no cdp enable
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
description LAN
ip address 192.168.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
!
ip nat pool mjsoft 115.115.123.xxx 115.115.123.xxx netmask 255.255.255.252
ip nat inside source list 1 pool mjsoft overload
ip nat inside source static tcp 192.168.1.130 8086 interface FastEthernet0/0 8086
ip classless
ip route 0.0.0.0 0.0.0.0 115.115.123.xxx - gateway
ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
snmp-server community public RO
snmp-server enable traps tty
!
dial-peer cor custom
!
!
!
!
!
line con 0
password cisco
login
line aux 0
line vty 0 4
exec-timeout 30 0
password cisco
logging synchronous
login
transport input telnet ssh
line vty 5 15
password cisco
login
!
end
Thanks in advance
Solved! Go to Solution.
12-26-2013 02:47 AM
Hi Sooraj,
You didn't tell us how you are testing your static PAT, from where are you trying to connect to this server ?
Can you verify that the server knows how to reply by pinging 8.8.8.8 on the server
what did you do before issuing the sh ip nat translation command ?
Can you redo telnet 192.168.1.130 8086 with following debug: debug ip tcp transaction and post the debug output
Regards
Alain
Don't forget to rate helpful posts.
12-27-2013 02:51 AM
Hi,
In this case if you can connect from Outside world it means your static PAT is working correctly.
if you try from the router itself then there will be no NAT involved and as there is no process listening on this protocol/port on the router it will not respond.
Regards
Alain
Don't forget to rate helpful posts.
12-24-2013 02:55 AM
Hi,
Could you try:
ip nat inside source static tcp 192.168.1.130 8086 115.115.123.x 8086
Add another line for UDP if the above doesn't work.
Sent from Cisco Technical Support iPhone App
12-24-2013 03:16 AM
Same issue. Its not working
please help me
12-24-2013 03:24 AM
Hi,
Can you ping 192.168.1.130 and an external IP, i.e. 8.8.8.8?
Sent from Cisco Technical Support iPhone App
12-24-2013 03:30 AM
Yes i can ping 192.168.1.130 and my public IP 115.115.123.xxx
12-24-2013 03:42 AM
Ok. How about ping to ISP next hop IP or 8.8.8.8?
Could you post output of 'telnet 192.168.1.130 8086' and 'show ip nat translations' commands from 2621?
Sent from Cisco Technical Support iPhone App
12-25-2013 09:06 PM
Hello,
The output of Telnet 192.168.1.130 8086 is
RouterA#telnet 192.168.1.130 8086
Trying 192.168.1.130, 8086 ... Open
[Connection to 192.168.1.130 closed by foreign host]
The output of show ip nat translation is
tcp 115.115.123.202:2479 192.168.1.124:2479 108.160.162.36:80 108.160.162.36:80
tcp 115.115.123.202:51289 192.168.1.208:51289 74.125.236.53:443 74.125.236.53:443
udp 115.115.123.202:55677 192.168.1.100:55677 208.67.222.222:53 208.67.222.222:53
tcp 115.115.123.202:50330 192.168.1.207:50330 74.125.200.18:443 74.125.200.18:443
tcp 115.115.123.202:2173 192.168.1.124:2173 74.125.236.53:443 74.125.236.53:443
tcp 115.115.123.202:60165 192.168.1.205:60165 54.230.158.185:80 54.230.158.185:80
tcp 115.115.123.202:60166 192.168.1.205:60166 54.230.158.185:80 54.230.158.185:80
tcp 115.115.123.202:60167 192.168.1.205:60167 54.230.158.185:80 54.230.158.185:80
tcp 115.115.123.202:60168 192.168.1.205:60168 54.230.158.185:80 54.230.158.185:80
tcp 115.115.123.202:60169 192.168.1.205:60169 54.230.158.185:80 54.230.158.185:80
tcp 115.115.123.202:60170 192.168.1.205:60170 54.230.158.185:80 54.230.158.185:80
tcp 115.115.123.202:60179 192.168.1.205:60179 54.230.158.185:80 54.230.158.185:80
tcp 115.115.123.202:1598 192.168.1.100:1598 23.41.65.227:443 23.41.65.227:443
tcp 115.115.123.202:1599 192.168.1.100:1599 23.41.65.227:443 23.41.65.227:443
tcp 115.115.123.202:60501 192.168.1.205:60501 74.125.200.132:443 74.125.200.132:443
icmp 115.115.123.202:60501 192.168.1.205:60501 74.125.200.132:443 74.125.200.132:443
tcp 115.115.123.202:54477 192.168.1.204:54477 5.79.83.18:1002 5.79.83.18:1002
tcp 115.115.123.202:60201 192.168.1.205:60201 54.230.158.185:80 54.230.158.185:80
tcp 115.115.123.202:54479 192.168.1.204:54479 5.79.83.18:1002 5.79.83.18:1002
tcp 115.115.123.202:1597 192.168.1.100:1597 74.125.200.17:80 74.125.200.17:80
tcp 115.115.123.202:54483 192.168.1.204:54483 5.79.83.18:1002 5.79.83.18:1002
tcp 115.115.123.202:54484 192.168.1.204:54484 5.79.83.18:1002 5.79.83.18:1002
tcp 115.115.123.202:1604 192.168.1.100:1604 74.125.200.17:80 74.125.200.17:80
tcp 115.115.123.202:54487 192.168.1.204:54487 5.79.83.18:1002 5.79.83.18:1002
tcp 115.115.123.202:60683 192.168.1.205:60683 199.38.164.165:80 199.38.164.165:80
tcp 115.115.123.202:54493 192.168.1.204:54493 5.79.83.18:1002 5.79.83.18:1002
tcp 115.115.123.202:54495 192.168.1.204:54495 5.79.83.18:1002 5.79.83.18:1002
tcp 115.115.123.202:54501 192.168.1.204:54501 5.79.83.18:1002 5.79.83.18:1002
tcp 115.115.123.202:49911 192.168.1.202:49911 98.139.235.96:80 98.139.235.96:80
tcp 115.115.123.202:54504 192.168.1.204:54504 5.79.83.18:1002 5.79.83.18:1002
tcp 115.115.123.202:54506 192.168.1.204:54506 5.79.83.18:1002 5.79.83.18:1002
tcp 115.115.123.202:53758 192.168.1.204:53758 149.174.97.86:80 149.174.97.86:80
udp 115.115.123.202:51089 192.168.1.10:51089 192.150.16.247:53 192.150.16.247:53
udp 115.115.123.202:50012 192.168.1.202:50012 12.127.17.71:53 12.127.17.71:53
tcp 115.115.123.202:60295 192.168.1.205:60295 54.230.158.153:80 54.230.158.153:80
tcp 115.115.123.202:60602 192.168.1.205:60602 67.215.80.135:80 67.215.80.135:80
tcp 115.115.123.202:60603 192.168.1.205:60603 67.215.80.135:80 67.215.80.135:80
tcp 115.115.123.202:60525 192.168.1.205:60525 96.7.100.174:80 96.7.100.174:80
tcp 115.115.123.202:60527 192.168.1.205:60527 96.7.100.174:80 96.7.100.174:80
tcp 115.115.123.202:60294 192.168.1.205:60294 54.230.158.185:80 54.230.158.185:80
tcp 115.115.123.202:49910 192.168.1.202:49910 98.139.243.168:80 98.139.243.168:80
udp 115.115.123.202:52956 192.168.1.10:52956 98.124.192.1:53 98.124.192.1:53
tcp 115.115.123.202:50428 192.168.1.160:50428 74.125.200.94:443 74.125.200.94:443
tcp 115.115.123.202:49739 192.168.1.90:49739 108.160.162.101:80 108.160.162.101:80
tcp 115.115.123.202:49741 192.168.1.90:49741 108.160.162.101:80 108.160.162.101:80
tcp 115.115.123.202:49743 192.168.1.90:49743 108.160.162.101:80 108.160.162.101:80
tcp 115.115.123.202:60644 192.168.1.205:60644 74.125.200.155:443 74.125.200.155:443
udp 115.115.123.202:51641 192.168.1.10:51641 217.17.46.189:53 217.17.46.189:53
tcp 115.115.123.202:49902 192.168.1.202:49902 176.32.100.249:443 176.32.100.249:443
tcp 115.115.123.202:49903 192.168.1.202:49903 176.32.100.249:443 176.32.100.249:443
tcp 115.115.123.202:49904 192.168.1.202:49904 176.32.100.249:443 176.32.100.249:443
tcp 115.115.123.202:49905 192.168.1.202:49905 176.32.100.249:443 176.32.100.249:443
tcp 115.115.123.202:49906 192.168.1.202:49906 176.32.100.249:443 176.32.100.249:443
tcp 115.115.123.202:49907 192.168.1.202:49907 176.32.100.249:443 176.32.100.249:443
12-24-2013 07:19 AM
Hi,
How are you testing your static PAT config ?
did you verify the server is listening on this port ?
Is there any firewall on this machine prohibiting access from some IPs ?
Is your NAT statement working ---> sh ip nat translation | i 192.168.1.130
Regards
Alain
Don't forget to rate helpful posts.
12-25-2013 09:00 PM
Hello Cadet Alain,
The output of sh ip nat translation | i 192.168.1.130
RouterA#show ip nat translations | i 192.168.1.130
tcp 115.115.123.xxx:8086 192.168.1.130:8086 --- ---
Also I disabled firewall in 192.168.1.130 machine
Please shed a light on this
Thanks in advance
Sooraj N
12-26-2013 02:47 AM
Hi Sooraj,
You didn't tell us how you are testing your static PAT, from where are you trying to connect to this server ?
Can you verify that the server knows how to reply by pinging 8.8.8.8 on the server
what did you do before issuing the sh ip nat translation command ?
Can you redo telnet 192.168.1.130 8086 with following debug: debug ip tcp transaction and post the debug output
Regards
Alain
Don't forget to rate helpful posts.
12-26-2013 03:05 AM
Hello cadet alain,
I am trying to connect to this server under the router itself. But when I am trying to connect to the server from outside world, its working fine
Thanks alot.
12-27-2013 02:51 AM
Hi,
In this case if you can connect from Outside world it means your static PAT is working correctly.
if you try from the router itself then there will be no NAT involved and as there is no process listening on this protocol/port on the router it will not respond.
Regards
Alain
Don't forget to rate helpful posts.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide