09-07-2020 02:47 AM
Hello community im having an issue with port forwarding i have a local device at SITE1 local lan 10.0.0.30 9100 im forwarding to dialer1 global port 9100 which is working, i can see the port alive when i scan the wan ip address with a port scanner.
ip nat inside source static tcp 10.0.0.30 9100 interface Dialer1 9100
Now an a different location SITE 2 over the Wan i want to make that port accessible on the local LAN Cisco router 10.0.0.1 Ive never done this before, basically the reverse of site 1
ip nat outside source static tcp (site 1 ip address) 9100 10.0.0.1 9100 extendable add-route
please excuse me if i have that wrong, both local LAN routers are 10.0.0.1 both wan IP addresses are static. can the local router make that port accessible on its local IP address 10.0.0.1 9100 ?
Thank you
09-07-2020 05:07 AM
Hello,
--> ip nat outside source static tcp (site 1 ip address) 9100 10.0.0.1 9100 extendable add-route
That entry looks correct. Does that (not) work ?
09-08-2020 12:52 AM
Hi mate thanks for your reply
if i use a port scanner from site2 local lan 10.0.0.1(the routers ip address) i cant see port 9100 open only 23 telnet an 80 http are open
ill attach some of site2s router config, do i need to create an access-list for it ? or something else for that rule to work?
!
ip dns server
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source list nat-list interface Dialer1 overload
ip nat inside source static tcp 10.0.0.115 80 interface Dialer1 85
ip nat inside source static tcp 10.0.0.115 8000 interface Dialer1 8010
ip nat inside source static tcp 10.0.0.5 80 interface Dialer1 82
ip nat inside source static tcp 10.0.0.5 11102 interface Dialer1 11102
ip nat inside source static tcp 10.0.0.104 80 interface Dialer1 83
ip nat inside source static tcp 10.0.0.105 80 interface Dialer1 84
ip nat inside source static tcp 10.0.0.107 80 interface Dialer1 86
ip nat inside source static tcp 10.0.0.107 502 interface Dialer1 502
ip nat inside source static tcp 10.0.0.40 502 interface Dialer1 503
ip nat inside source static tcp 10.0.0.40 10054 interface Dialer1 10054
ip nat outside source static tcp (SITE1 IP ADD) 9100 10.0.0.1 9100 extendable add-route
ip route 0.0.0.0 0.0.0.0 Dialer1
!
dialer-list 1 protocol ip permit
!
!
access-list 1 permit 10.0.0.0 0.0.0.255
!
control-plane
!
09-08-2020 03:43 AM
Hello,
what do you see with 'debug ip nat' when you try to access the port (9100) from the outside global address (the site 1 address) ?
09-08-2020 05:08 AM
i will try that when i get to site1 in about 9 hours time, im at site 2 at the moment. thanks for all your help
im fairly sure site 2 has the issue as port 9100 is open on site 1 global address. i could give you the ip address privately somehow?
09-08-2020 05:15 AM
Hello,
you can send me a private message (click on my username).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide