Re: Port forwarding on cisco 1841 don't work

cyberburn07 · ‎05-10-2011

Hi,

I'm trying to setup port forwarding to a citrix server but,

it seems not to be working, can someone please tel me what I'm doing wrong

As you can see I'm using dyndns an I have verified its working by pinging the host ...

Building configuration...

Current configuration : 1998 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname **********
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
dot11 syslog
ip source-route
!
!
!
!
ip cef
ip name-server 208.67.220.220
ip name-server 208.67.222.222
ip ddns update method DYNDNS
HTTP
add http:/**************@members.dyndns.org/nic/updatesystem=dyndns&hostname=<h>&myip=<a>
interval maximum 0 2 0 0
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
username *********** privilege 15 password 0 ***************
archive
log config
hidekeys
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description INTERNAL_INTERFACE
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface ATM0/0/0
description ADSL_INTERFACE
no ip address
ip mask-reply
ip directed-broadcast
ip flow ingress
no atm ilmi-keepalive
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface ATM0/1/0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Dialer0
ip ddns update hostname *****************.dyndns.biz
ip ddns update DYNDNS
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname *************************
ppp chap password 0 ****************
ppp pap sent-username **************** password 0 *******************
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
ip http authentication local
no ip http secure-server
!
!
ip nat inside source list INTERNET interface Dialer0 overload
ip nat inside source static tcp 192.168.0.247 443 interface Dialer0 443
!
ip access-list extended INTERNET
permit ip any any
!
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end

Thotsaphon Lueangwattanaphong · ‎05-10-2011

Hi,

Your configuration looks good to me. Please post the output of "show ip nat transalation | include 192.168.0.247" when you're connecting from the internet to this server. I just wanna make sure how NAT works for this entry. Can you connect this server within Lan segment while testing?

Just note for you : You should get a problem when trying to manage this router from the internet. I'd change the ACL below:

!

ip access-list extended INTERNET
no permit ip any any

permit ip 192.168.0.0 0.0.0.255 any
!

HTH,

Toshi

cyberburn07 · ‎05-10-2011

We do have a netgear router configured and that works...I can connect from the internal lan though.

I will post the results tomorrow.

Thanks for the reply

Thotsaphon Lueangwattanaphong · ‎05-10-2011

Hi,

I think you might need the following command to get Citrix work.

Please try this:

!

interface Dialer0

ip tcp adjust-mss 1380

!

HTH,

Toshi

cyberburn07 · ‎05-10-2011

Thanks I'll give that a go...