Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
733
Views
0
Helpful
5
Replies

Port fowarding between routers over the internet

davidc_86
Level 1
Level 1

‎09-07-2020 02:47 AM

Hello community im having an issue with port forwarding i have a local device at SITE1 local lan 10.0.0.30 9100 im forwarding to dialer1 global port 9100 which is working, i can see the port alive when i scan the wan ip address with a port scanner.

ip nat inside source static tcp 10.0.0.30 9100 interface Dialer1 9100

 

Now an a different location SITE 2 over the Wan i want to make that port accessible on the local LAN Cisco router 10.0.0.1 Ive never done this before, basically the reverse of site 1

 

ip nat outside source static tcp (site 1 ip address) 9100 10.0.0.1 9100 extendable add-route

please excuse me if i have that wrong, both local LAN routers are 10.0.0.1 both wan IP addresses are static. can the local router make that port accessible on its local IP address 10.0.0.1 9100  ?

Thank you

Labels:
0 Helpful
5 Replies 5

Georg Pauwen
VIP
VIP

‎09-07-2020 05:07 AM

Hello,

 

--> ip nat outside source static tcp (site 1 ip address) 9100 10.0.0.1 9100 extendable add-route

 

That entry looks correct. Does that (not) work ?

0 Helpful

davidc_86
Level 1
Level 1
In response to Georg Pauwen

‎09-08-2020 12:52 AM

Hi mate thanks for your reply

 

if i use a port scanner from site2 local lan 10.0.0.1(the routers ip address) i cant see port 9100 open only 23 telnet an 80 http are open

ill attach some of site2s router config, do i need to create an access-list for it ? or something else for that rule to work?

!
ip dns server
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source list nat-list interface Dialer1 overload
ip nat inside source static tcp 10.0.0.115 80 interface Dialer1 85
ip nat inside source static tcp 10.0.0.115 8000 interface Dialer1 8010
ip nat inside source static tcp 10.0.0.5 80 interface Dialer1 82
ip nat inside source static tcp 10.0.0.5 11102 interface Dialer1 11102
ip nat inside source static tcp 10.0.0.104 80 interface Dialer1 83
ip nat inside source static tcp 10.0.0.105 80 interface Dialer1 84
ip nat inside source static tcp 10.0.0.107 80 interface Dialer1 86
ip nat inside source static tcp 10.0.0.107 502 interface Dialer1 502
ip nat inside source static tcp 10.0.0.40 502 interface Dialer1 503
ip nat inside source static tcp 10.0.0.40 10054 interface Dialer1 10054
ip nat outside source static tcp (SITE1 IP ADD) 9100 10.0.0.1 9100 extendable add-route
ip route 0.0.0.0 0.0.0.0 Dialer1
!
dialer-list 1 protocol ip permit
!
!
access-list 1 permit 10.0.0.0 0.0.0.255
!
control-plane
!

0 Helpful

Georg Pauwen
VIP
VIP
In response to davidc_86

‎09-08-2020 03:43 AM

Hello,

 

what do you see with 'debug ip nat' when you try to access the port (9100) from the outside global address (the site 1 address) ?

0 Helpful

davidc_86
Level 1
Level 1
In response to Georg Pauwen

‎09-08-2020 05:08 AM

i will try that when i get to site1 in about 9 hours time, im at site 2 at the moment. thanks for all your help

im fairly sure site 2 has the issue as port 9100 is open on site 1 global address. i could give you the ip address privately somehow?

0 Helpful

Georg Pauwen
VIP
VIP
In response to davidc_86

‎09-08-2020 05:15 AM

Hello,

 

you can send me a private message (click on my username).

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card