Re: PPPoE and Natting on TCP Ports

eng.shadi · ‎04-28-2010

Dears;

i configured Cisco 2911 router with DSL link and it is working properly but the natting for some services that i want to do to publish it to the internet was not working and there is no firewalls in my side as follow:

i want users from the internet to access my server 172.18.11.3 on port 3391 in inside network.
i want users from the internet to access my server 172.18.11.8 on port 3393 in inside network.
i want users from the internet to access my server 172.18.11.9 on port 3390 in inside network.

i got the public IP address dynamically from the ISP but the IP is assigned to us permenantly. the public IP is 212.70.55.55 on the Dialer 1 interface. the configuration is below:

HQ-R1#sh ip int brief
Interface IP-Address OK? Method Status Prot
ocol
GigabitEthernet0/0 172.18.11.101 YES NVRAM up up

GigabitEthernet0/1 unassigned YES NVRAM up up

GigabitEthernet0/2 unassigned YES NVRAM administratively down down

NVI0 172.18.11.101 YES unset up up

Virtual-Access1 unassigned YES unset up up

Virtual-Access2 unassigned YES unset up up

Dialer1 212.70.55.55 YES IPCP up up

vpdn enable
!
!interface GigabitEthernet0/0
description Connected to LAN
ip address 172.18.11.101 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/1
description connected to the modem (ISP)
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp chap refuse
ppp ms-chap refuse
ppp pap sent-username xxxx password yyyy
no cdp enable
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface Dialer1 overload

ip nat inside source static tcp 172.18.11.3 3391 interface Dialer1 3391
ip nat inside source static tcp 172.18.11.8 3393 interface Dialer1 3393
ip nat inside source static tcp 172.18.11.9 3390 interface Dialer1 3390
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 1 permit any
dialer-list 1 protocol ip permit

-------------------------------------------------------------------------------------------------------------------------------------------------------

please i need your assistance in the natting configuration, and also i tried the access lists with natting ans it didnt work.

Regards,

Shadi

Federico Coto Fajardo · ‎04-28-2010

Shadi,

Do you get the same results if instead of having the NAT like this:

ip nat inside source static tcp 172.18.11.3 3391 interface Dialer1 3391
ip nat inside source static tcp 172.18.11.8 3393 interface Dialer1 3393
ip nat inside source static tcp 172.18.11.9 3390 interface Dialer1 3390

You use the IP?

ip nat inside source static tcp 172.18.11.3 3391 212.70.55.55 3391
ip nat inside source static tcp 172.18.11.8 3393 212.70.55.55 3393
ip nat inside source static tcp 172.18.11.9 3390 212.70.55.55 3390

Anyway, the IP is not going to change right?

Give it a try just to check.

Federico.

eng.shadi · ‎04-29-2010

Hi Federico;

i tried but it didnt work.

thanks;

Shadi

phausner · ‎04-29-2010

Hi Sahdi,

I have a simllar config running on 2851 and it works perfect. I cna not see any difference to your config. HAve you checked the server? Maybe the default getway is an issue and packetes are not sent back. Maybe also usefull to do a debug on nat translations. Also a point to check is if the server is Windows machine if the windows firewall has been activated and pohibits the service.

Regards

PHilipp

eng.shadi · ‎04-29-2010

Dears;

thanks for your efforts, the issue is solved, as always the admin gave me wrong ports and the gateway was wrong in the servers.

thanks;

Shadi