09-04-2014 11:46 AM - edited 03-04-2019 11:41 PM
We have a server in our network that has to be accessed from a public IP address.
We have set up the nat statements on the router but we are unable to connect using the IP address and port number. I did "show control-plane host open-ports" and it doesn't show any of the ports I specified - Below are the NAT statements showing what ports I tried to open
ip nat inside source static tcp 10.10.0.221 80 199.4x.xxx.xx 80 extendable
ip nat inside source static tcp 10.10.0.221 443 199.4x.xxx.xxx 443 extendable
ip nat inside source static tcp 10.10.0.221 5494 199.4x.xxx.xx 5494 extendable
I can post the whole config if need's be.
09-04-2014 11:57 AM
telnet to your outside address using the port numbers specified and see if it denies your connection. If so then either NAT is not set up correctly or your server is not listening on those ports. If you would like someone to review your config feel free to post it.
09-04-2014 12:55 PM
I tried what you asked but no luck!
The servers I'm trying to hit are the in red below.
I have included my scrubbed config for review, thanks again guys.
sh version
Cisco IOS Software, 2801 Software (C2801-IPBASE-M), Version 15.0(1)M5, RELEASE S OFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Wed 23-Feb-11 15:16 by prod_rel_team
ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
#sh run
Building configuration...
Current configuration : 4664 bytes
!
! Last configuration change at 20:07:28 UTC Fri Aug 29 2014
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
no aaa new-model
ip source-route
!
!
!
!
ip cef
multilink bundle-name authenticated
!
!
!
license udi pid CISCO2801 sn FTX15208002
vtp mode transparent
!
!
interface Tunnel1
ip address 172.17.1.1 255.255.255.0
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source 12.21x.xxx.xx
tunnel destination 12.16.xxx.xx
!
interface Tunnel2
ip address 172.17.2.5 255.255.255.0
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source 19.4x.xxx.x26
tunnel destination 12.1.xxx.xxx
!
interface Tunnel3
ip address 172.17.3.5 255.255.255.0
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source 19.4x.xxx.x26
tunnel destination 12.16.xxx.xx
!
interface Tunnel4
ip address 172.17.0.5 255.255.255.0
ip mtu 1400
ip tcp adjust-mss 1360
tunnel source 19.4x.xxx.x26
tunnel destination 12.21x.xxx.xx
!
interface Tunnel5
ip address 172.17.5.5 255.255.255.0
ip mtu 1400
ip flow ingress
ip flow egress
ip tcp adjust-mss 1360
tunnel source 19.4x.xxx.x26
tunnel destination 12.1xx.xxx.xx
!
interface FastEthernet0/0
ip address 10.10.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
speed auto
full-duplex
no mop enabled
!
interface FastEthernet0/0.200
!
interface FastEthernet0/1
ip address 19.4x.xxx.x26 255.255.255.240
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/3/0
no ip address
shutdown
!
ip forward-protocol nd
!
ip flow-top-talkers
top 20
sort-by bytes
!
ip http server
ip nat inside source list 1 interface FastEthernet0/1 overload
ip nat inside source static tcp 10.10.0.109 21 19.4x.xxx.x26 21 extendable
ip nat inside source static tcp 10.10.0.104 515 19.4x.xxx.x26 515 extendable
ip nat inside source static tcp 10.10.0.104 631 19.4x.xxx.x26 631 extendable
ip nat inside source static udp 10.10.0.104 631 19.4x.xxx.x26 631 extendable
ip nat inside source static tcp 10.10.0.111 80 19.4x.xxx.x28 80 extendable
ip nat inside source static tcp 10.10.0.221 80 19.4x.xxx.x36 80 extendable
ip nat inside source static tcp 10.10.0.221 443 19.4x.xxx.x36 443 extendable
ip nat inside source static tcp 10.10.0.221 5494 19.4x.xxx.x36 5494 extendable
ip nat inside source static tcp 10.10.0.220 80 19.4x.xxx.x37 80 extendable
ip nat inside source static tcp 10.10.0.220 443 19.4x.xxx.x37 443 extendable
ip nat inside source static tcp 10.10.0.220 5494 19.4x.xxx.x37 5494 extendable
ip nat inside source static tcp 10.10.0.220 5495 19.4x.xxx.x37 5495 extendable
ip route 0.0.0.0 0.0.0.0 19.4x.xxx.x25
ip route 10.5.1.0 255.255.255.0 172.17.0.1
ip route 10.5.5.0 255.255.255.0 172.17.0.1
ip route 10.10.200.0 255.255.255.0 10.10.0.2
ip route 10.14.0.0 255.255.0.0 172.17.3.2
ip route 10.27.129.0 255.255.255.0 172.17.5.4
ip route 10.27.130.0 255.255.255.0 172.17.2.3
ip route 10.27.131.0 255.255.255.0 172.17.3.2
ip route 10.27.231.0 255.255.255.0 172.17.3.2
ip route 10.28.129.0 255.255.255.0 172.17.5.4
ip route 192.168.1.0 255.255.255.0 172.17.0.1
ip route 192.168.2.0 255.255.254.0 172.17.0.1
ip route 192.168.99.0 255.255.255.0 172.17.0.1
ip route 192.168.102.0 255.255.255.0 172.17.0.1
!
access-list 1 permit 10.10.0.0 0.0.0.255
access-list 1 permit 10.5.5.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.1.255
access-list 1 permit 10.27.129.0 0.0.0.255
access-list 1 permit 172.17.5.0 0.0.0.255
access-list 1 permit 10.27.130.0 0.0.0.255
access-list 1 permit 10.27.131.0 0.0.0.255
access-list 101 permit ip 172.17.0.0 0.0.0.255 any
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
access-list 101 permit ip 172.17.3.0 0.0.0.255 any
access-list 101 permit ip 10.27.131.0 0.0.0.255 any
access-list 101 permit ip 10.27.130.0 0.0.0.255 any
access-list 101 permit ip 172.17.2.0 0.0.0.255 any
access-list 101 permit ip 10.5.5.0 0.0.0.255 any
access-list 101 permit ip 10.10.200.0 0.0.0.255 any
access-list 101 permit ip 10.27.129.0 0.0.0.255 any
access-list 101 permit ip 172.17.5.0 0.0.0.255 any
access-list 101 permit ip 192.168.2.0 0.0.1.255 any
!
snmp-server community public RO
!
control-plane
!
09-04-2014 01:40 PM
Also post 'sh ip nat translations'
Regards,
RS.
09-04-2014 01:42 PM
You may consider removing one of your NAT statements and entering it without the word extendable on the end. My working NAT statements look like this
ip nat inside source static tcp 10.254.254.254 7001 interface GigabitEthernet0/1 7001
ip nat inside source static tcp 10.254.254.254 7002 1x.x.x.x 7002
09-04-2014 12:02 PM
What is the router model number and running IOS on the box, also share the inside and outside interface configuration.
Regards,
RS.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide