Port forwarding not working on 2900 router

hirani89 · ‎02-13-2021

Please find my config below:

hostname R1

boot-start-marker
boot-end-marker

no aaa new-model

ip cef

ip dhcp excluded-address 192.168.0.1 192.168.0.100
ip dhcp excluded-address 192.168.3.1

ip dhcp pool HOME
 network 192.168.0.0 255.255.255.0
 default-router 192.168.0.1
 dns-server 1.1.1.1 1.0.0.1

ip dhcp pool WIN
 host 192.168.0.22 255.255.255.0
 client-identifier 01d4.3d7e.18d9.ce

ip dhcp pool PC
 host 192.168.0.247 255.255.255.0
 client-identifier 0108.0027.3bd7.70

ip dhcp pool Solar
 host 192.168.0.253 255.255.255.0
 client-identifier 01c8.9346.3250.e8

ip dhcp pool Tank-Level
 host 192.168.0.243 255.255.255.0
 client-identifier 018c.aab5.8b8e.40

ip dhcp pool PIP
 host 192.168.0.229 255.255.255.0
 client-identifier 01dc.a632.2ce3.8c

ip domain name somedomain
no ipv6 cef

multilink bundle-name authenticated

license udi pid CISCO2921/K9 sn FGL1813118M

username admin privilege 15 secret 4 GRTVBsdfv/1VtTta/OeXqUIqQROubxT/D40OGFs0c

redundancy

ip ssh version 2

interface Embedded-Service-Engine0/0
 no ip address
 shutdown

interface GigabitEthernet0/0
 description -Ethernet WAN-
 ip address dhcp
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto

interface GigabitEthernet0/1
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto

interface GigabitEthernet0/1.1
 encapsulation dot1Q 101
 ip address 192.168.1.1 255.255.255.0
 ip pim dense-mode
 ip nat inside
 ip virtual-reassembly in
 ip cgmp

interface GigabitEthernet0/2
 ip address 192.168.3.1 255.255.255.0
 duplex auto
 speed auto

ip forward-protocol nd

no ip http server
no ip http secure-server

ip dns server
ip nat inside source list IoT interface GigabitEthernet0/2 overload
ip nat inside source list NAT interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.0.222 3389 interface GigabitEthernet0/0 13389
ip nat inside source static udp 192.168.0.222 3389 interface GigabitEthernet0/0 13389
ip route 192.168.2.0 255.255.255.0 192.168.3.2
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp

ip access-list standard IoT
 permit 192.168.2.0 0.0.0.255
ip access-list standard NAT
 permit 192.168.0.0 0.0.0.255

control-plane

line con 0
 logging synchronous
 login local
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 exec-timeout 5 0
 login local
 transport input ssh

scheduler allocate 20000 1000

end

I want to forward port 13389 coming through my public ip to 192.168.0.222:3389

balaji.bandi · ‎02-13-2021

Can you please why here 2 NAT to different interface ?

interface GigabitEthernet0/2
 ip address 192.168.3.1 255.255.255.0
 duplex auto
 speed auto

ip nat inside source list IoT interface GigabitEthernet0/2 overload
ip nat inside source list NAT interface GigabitEthernet0/0 overload
ip nat inside source static tcp 192.168.0.222 3389 interface GigabitEthernet0/0 13389
ip nat inside source static udp 192.168.0.222 3389 interface GigabitEthernet0/0 13389
ip route 192.168.2.0 255.255.255.0 192.168.3.2
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp

ip access-list standard IoT
 permit 192.168.2.0 0.0.0.255
ip access-list standard NAT
 permit 192.168.0.0 0.0.0.255

is your out going NAT working?

I do not see anything wrong in your port-forwarding - try to remove that RED one and check and advise.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

hirani89 · ‎02-13-2021

The reason for having 2 NATs is that I have another router connected to G0/2. It's all explained here.

Yes outgoing NAT is working I do have access to the outside world.