12-15-2020 10:59 PM
appreciate your support as we have a case that WAN connection is 4G transmedia, HW is Cisco Router 1921 +4G HWIC) we need to configure port forwarding between cellular interface (WAN) and Gig interface (LAN), configuration is not working, however, port forwarding is working normally between G0/0 and G0/1 on the same Router. is the 4G HWIC has a special command line for port forwarding? , or it is not supported on the cellular interface.
12-15-2020 11:35 PM
Hello,
the commands should be the same for the Cellular as for the GigabitEthernet interfaces. What exactly are you trying to do (static NAT, dynamic NAT) ? Post the running config of your 1921...
12-16-2020 01:58 AM
in general it should work as expected any interface coming from outside to inside (as long as provider allowing incoming traffic) - most of them do, but some provider block.
you can check on router when you telenet to that port, as this packet arriving at router, before you translate.
here is example. this is already added i guess - for port 80 example
ip nat inside source static tcp 192.168.1.10 80 interface XXXX 80
still not working please post full configuration for our review and suggestion.
12-17-2020 01:23 AM - edited 12-17-2020 02:57 AM
thanks for your reply the full configuration is as below
Router#sh run
controller Cellular 0/0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!
!
!
!
!
interface Loopback10
ip address 5.120.26.200 255.255.255.255
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.11.1 255.255.255.0 secondary
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 172.16.18.2 255.255.255.252
duplex auto
speed auto
!
interface Cellular0/0/0
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation slip
dialer in-band
dialer string lte
dialer-group 1
async mode interactive
!
interface Cellular0/0/1
no ip address
encapsulation slip
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat pool XYZ10.88.0.4 10.88.0.4 netmask 255.255.255.252
ip nat inside source list 1 interface Cellular0/0/0 overload
ip nat inside source static 192.168.1.100 10.88.0.4
ip route 0.0.0.0 0.0.0.0 172.17.111.5
ip route 0.0.0.0 0.0.0.0 172.16.18.1
ip route 0.0.0.0 0.0.0.0 172.17.139.181 150
ip route 1.1.1.0 255.255.255.252 172.16.18.1
ip route 10.107.158.194 255.255.255.255 Cellular0/0/0
!
dialer-list 1 protocol ip permit
!
!
snmp-server community ciscoread RO 80
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 80 permit 1.1.1.1
!
control-plane
!
!
!
line con 0
login local
line aux 0
login local
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 0/0/0
exec-timeout 0 0
script startup lte
script dialer lte
script reset lte
script activation lte
modem InOut
no exec
line 0/0/1
no exec
line vty 0 4
login local
transport input all
!
scheduler allocate 20000 1000
event manager applet ping
event timer cron cron-entry "* * * * * "
action 1.0 cli command "enable"
action 1.1 cli command "ping 10.107.158.194 "
!
end
12-17-2020 01:24 AM
done thanks
12-17-2020 03:49 AM
Still this is valid for your NAT - ip nat inside source static tcp 192.168.1.10 80 interface XXXX 80
you may need to remove not required static route make it simple to test and advise what is not working ? with new config.
12-16-2020 05:23 AM
Hello
port forwarding (port address translation- PAT) should be applicable on your rtr
Can you share your nat/pat statements please in a file and attach to your post
sh run | in nat
sh ip access-list
sh ip route
12-17-2020 01:23 AM - edited 12-17-2020 02:59 AM
done Paul
Router#sh run
Building configuration...
C
controller Cellular 0/0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!
!
!
!
!
interface Loopback10
ip address 5.120.26.200 255.255.255.255
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.11.1 255.255.255.0 secondary
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 172.16.18.2 255.255.255.252
duplex auto
speed auto
!
interface Cellular0/0/0
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation slip
dialer in-band
dialer string lte
dialer-group 1
async mode interactive
!
interface Cellular0/0/1
no ip address
encapsulation slip
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat pool XYZ10.88.0.4 10.88.0.4 netmask 255.255.255.252
ip nat inside source list 1 interface Cellular0/0/0 overload
ip nat inside source static 192.168.1.100 10.88.0.4
ip route 0.0.0.0 0.0.0.0 172.17.111.5
ip route 0.0.0.0 0.0.0.0 172.16.18.1
ip route 0.0.0.0 0.0.0.0 172.17.139.181 150
ip route 1.1.1.0 255.255.255.252 172.16.18.1
ip route 10.107.158.194 255.255.255.255 Cellular0/0/0
!
dialer-list 1 protocol ip permit
!
!
snmp-server community ciscoread RO 80
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 80 permit 1.1.1.1
!
control-plane
!
!
!
line con 0
login local
line aux 0
login local
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 0/0/0
exec-timeout 0 0
script startup lte
script dialer lte
script reset lte
script activation lte
modem InOut
no exec
line 0/0/1
no exec
line vty 0 4
login local
transport input all
!
scheduler allocate 20000 1000
event manager applet ping
event timer cron cron-entry "* * * * * "
action 1.0 cli command "enable"
action 1.1 cli command "ping 10.107.158.194 "
!
end
12-17-2020 02:48 AM - edited 12-17-2020 03:06 AM
Hello
You are specifying a static nat translation to an 10.x.x.x address which isnt a routeable internet address, Also you have multiple default static routes which isnt correct.
Apply the following please and confirm the addressing regards your nat.
no ip nat pool tedata 10.88.0.4 10.88.0.4 netmask 255.255.255.252
no ip route 0.0.0.0 0.0.0.0 172.17.111.5
no ip route 0.0.0.0 0.0.0.0 172.16.18.1
no ip route 0.0.0.0 0.0.0.0 172.17.139.181 150
access-list 1 permit 192.168.11.0 0.0.0.255
ip route 0.0.0.0 0.0.0.0 Cellular0/0/0
As for you static nat/pat statement, expect for you to use either static nat or pat
static nat example
ip nat inside source static 192,168.100.1 x.x.x.x < routable ip address or ip address exisiting on cellular interface
static pat example:
ip nat inside source static tcp 192,168.100.1 80 interface fa0/0 80 interface Cellular0/0/0 < specifys tcp/udp port
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide