Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
374
Views
10
Helpful
5
Replies

Ports not showing up as "open"

johnny_5
Level 1
Level 1

‎09-04-2014 11:46 AM - edited ‎03-04-2019 11:41 PM

We have a server in our network that has to be accessed from a public IP address.

We have set up the nat statements on the router but we are unable to connect using the IP address and port number. I did  "show control-plane host open-ports" and it doesn't show any of the ports I specified -  Below are the NAT statements showing what ports I tried to open

ip nat inside source static tcp 10.10.0.221 80 199.4x.xxx.xx 80 extendable
ip nat inside source static tcp 10.10.0.221 443 199.4x.xxx.xxx 443 extendable
ip nat inside source static tcp 10.10.0.221 5494 199.4x.xxx.xx 5494 extendable

 

I can post the whole config if need's be.

 

Labels:
0 Helpful
5 Replies 5

michael o'nan
Level 4
Level 4

‎09-04-2014 11:57 AM

telnet to your outside address using the port numbers specified and see if it denies your connection. If so then either NAT is not set up correctly or your server is not listening on those ports. If you would like someone to review your config feel free to post it.

johnny_5
Level 1
Level 1
In response to michael o'nan

‎09-04-2014 12:55 PM

I tried what you asked but no luck!

The servers I'm trying to hit are the in red below.

I have included my scrubbed config for review, thanks again guys.

 

sh version
Cisco IOS Software, 2801 Software (C2801-IPBASE-M), Version 15.0(1)M5, RELEASE S              OFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2011 by Cisco Systems, Inc.
Compiled Wed 23-Feb-11 15:16 by prod_rel_team

ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)

#sh run
Building configuration...

Current configuration : 4664 bytes
!
! Last configuration change at 20:07:28 UTC Fri Aug 29 2014
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
no aaa new-model
ip source-route
!
!
!
!
ip cef
multilink bundle-name authenticated
!
!
!
license udi pid CISCO2801 sn FTX15208002
vtp mode transparent

!
!
interface Tunnel1
 ip address 172.17.1.1 255.255.255.0
 ip mtu 1400
 ip tcp adjust-mss 1360
 tunnel source 12.21x.xxx.xx
 tunnel destination 12.16.xxx.xx
!
interface Tunnel2
 ip address 172.17.2.5 255.255.255.0
 ip mtu 1400
 ip tcp adjust-mss 1360
 tunnel source 19.4x.xxx.x26
 tunnel destination 12.1.xxx.xxx
!
interface Tunnel3
 ip address 172.17.3.5 255.255.255.0
 ip mtu 1400
 ip tcp adjust-mss 1360
 tunnel source 19.4x.xxx.x26
 tunnel destination 12.16.xxx.xx
!
interface Tunnel4
 ip address 172.17.0.5 255.255.255.0
 ip mtu 1400
 ip tcp adjust-mss 1360
 tunnel source 19.4x.xxx.x26
 tunnel destination 12.21x.xxx.xx
!
interface Tunnel5
 ip address 172.17.5.5 255.255.255.0
 ip mtu 1400
 ip flow ingress
 ip flow egress
 ip tcp adjust-mss 1360
 tunnel source 19.4x.xxx.x26
 tunnel destination 12.1xx.xxx.xx
!
interface FastEthernet0/0
 ip address 10.10.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 speed auto
 full-duplex
 no mop enabled
!
interface FastEthernet0/0.200
!
interface FastEthernet0/1
 ip address 19.4x.xxx.x26 255.255.255.240
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Serial0/3/0
 no ip address
 shutdown
!
ip forward-protocol nd
!
ip flow-top-talkers
 top 20
 sort-by bytes
!
ip http server
ip nat inside source list 1 interface FastEthernet0/1 overload
ip nat inside source static tcp 10.10.0.109 21 19.4x.xxx.x26 21 extendable
ip nat inside source static tcp 10.10.0.104 515 19.4x.xxx.x26 515 extendable
ip nat inside source static tcp 10.10.0.104 631 19.4x.xxx.x26 631 extendable
ip nat inside source static udp 10.10.0.104 631 19.4x.xxx.x26 631 extendable
ip nat inside source static tcp 10.10.0.111 80 19.4x.xxx.x28 80 extendable
ip nat inside source static tcp 10.10.0.221 80 19.4x.xxx.x36 80 extendable
ip nat inside source static tcp 10.10.0.221 443 19.4x.xxx.x36 443 extendable
ip nat inside source static tcp 10.10.0.221 5494 19.4x.xxx.x36 5494 extendable
ip nat inside source static tcp 10.10.0.220 80 19.4x.xxx.x37 80 extendable
ip nat inside source static tcp 10.10.0.220 443 19.4x.xxx.x37 443 extendable
ip nat inside source static tcp 10.10.0.220 5494 19.4x.xxx.x37 5494 extendable
ip nat inside source static tcp 10.10.0.220 5495 19.4x.xxx.x37 5495 extendable


ip route 0.0.0.0 0.0.0.0 19.4x.xxx.x25
ip route 10.5.1.0 255.255.255.0 172.17.0.1
ip route 10.5.5.0 255.255.255.0 172.17.0.1
ip route 10.10.200.0 255.255.255.0 10.10.0.2
ip route 10.14.0.0 255.255.0.0 172.17.3.2
ip route 10.27.129.0 255.255.255.0 172.17.5.4
ip route 10.27.130.0 255.255.255.0 172.17.2.3
ip route 10.27.131.0 255.255.255.0 172.17.3.2
ip route 10.27.231.0 255.255.255.0 172.17.3.2
ip route 10.28.129.0 255.255.255.0 172.17.5.4
ip route 192.168.1.0 255.255.255.0 172.17.0.1
ip route 192.168.2.0 255.255.254.0 172.17.0.1
ip route 192.168.99.0 255.255.255.0 172.17.0.1
ip route 192.168.102.0 255.255.255.0 172.17.0.1
!
access-list 1 permit 10.10.0.0 0.0.0.255
access-list 1 permit 10.5.5.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.1.255
access-list 1 permit 10.27.129.0 0.0.0.255
access-list 1 permit 172.17.5.0 0.0.0.255
access-list 1 permit 10.27.130.0 0.0.0.255
access-list 1 permit 10.27.131.0 0.0.0.255
access-list 101 permit ip 172.17.0.0 0.0.0.255 any
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
access-list 101 permit ip 172.17.3.0 0.0.0.255 any
access-list 101 permit ip 10.27.131.0 0.0.0.255 any
access-list 101 permit ip 10.27.130.0 0.0.0.255 any
access-list 101 permit ip 172.17.2.0 0.0.0.255 any
access-list 101 permit ip 10.5.5.0 0.0.0.255 any
access-list 101 permit ip 10.10.200.0 0.0.0.255 any
access-list 101 permit ip 10.27.129.0 0.0.0.255 any
access-list 101 permit ip 172.17.5.0 0.0.0.255 any
access-list 101 permit ip 192.168.2.0 0.0.1.255 any
!
snmp-server community public RO
!
control-plane
!

 

 

 

 

0 Helpful

Rajeev Sharma
Cisco Employee
Cisco Employee
In response to johnny_5

‎09-04-2014 01:40 PM

Also post 'sh ip nat translations'

Regards,

RS.

0 Helpful

michael o'nan
Level 4
Level 4
In response to johnny_5

‎09-04-2014 01:42 PM

You may consider removing one of your NAT statements and entering it without the word extendable on the end. My working NAT statements look like this

 

ip nat inside source static tcp 10.254.254.254 7001 interface GigabitEthernet0/1 7001
ip nat inside source static tcp 10.254.254.254 7002 1x.x.x.x 7002

 

0 Helpful

Rajeev Sharma
Cisco Employee
Cisco Employee

‎09-04-2014 12:02 PM

What is the router model number and running IOS on the box, also share the inside and outside interface configuration.

Regards,

RS.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card