Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
417
Views
0
Helpful
1
Replies

What is missing for nat translation port to open?

malarivi
Cisco Employee
Cisco Employee

‎08-07-2015 02:33 PM - edited ‎03-05-2019 02:01 AM

I am running an absolutely barebones nat inside/outside-dhcp config with my local net as 10.0.0.2/24.

Inside being vlan 1 using an ehwic 8-port switch and Gi0/0 shutdown and not in use.

 

I want to open my wan dhcp interface Gi0/1 51413 to inside 10.0.0.2 51413. After much research the tried and true way is:

ip nat inside source static tcp 10.0.0.2 51413 int Gi0/1 51413
ip nat inside source static udp 10.0.0.2 51413 int Gi0/1 51413

...

This is the only access rule and list:

...

ip http access-class 1
access-list 1 permit 10.0.0.0 0.0.0.255

...

 

The ip nat inside command alone does not appear to open the wan port.

 

I am on IOS 15, what is missing?

Labels:
0 Helpful
1 Reply 1

malarivi
Cisco Employee
Cisco Employee

‎08-07-2015 02:46 PM 

LAR#telnet 107.15.163.46 51413 /source-interface gi0/1
Trying 107.15.163.46, 51413 ...
% Connection timed out; remote host not responding

 

LAR#sh run
Building configuration...

Current configuration : 5230 bytes
!
! Last configuration change at 20:53:00 UTC Fri Aug 7 2015 by mlar
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LAR
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
service-module wlan-ap 0 bootimage autonomous
!
!
!
!
!

!
ip dhcp excluded-address 10.0.0.1
ip dhcp excluded-address 10.0.0.1 10.0.0.64
!
ip dhcp pool LAR
 import all
 network 10.0.0.0 255.255.255.0
 default-router 10.0.0.1
 dns-server 10.0.0.2
!
!
!
ip domain name lariv
ip host itxfiler 10.0.0.2
ip name-server 10.0.0.2
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-1720572887
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1720572887
 revocation-check none
 rsakeypair TP-self-signed-1720572887
!
!
crypto pki certificate chain TP-self-signed-1720572887
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31373230 35373238 3837301E 170D3135 30383035 30303234
  32385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37323035
  37323838 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100CBA2 7E3D2F89 1A8551BE AD355A61 49EDCEDB 7E4A7D20 3E0B3D42 0D3DDA00
  9EBD9126 E7B19204 A319EB8C 081BE105 60D29D9A 0F4A8D5B BDC9E52C 64E82D62
  984586A5 02A80FF4 4ACB2C29 2A951B67 2EF8D554 D4768B2D 51E3E7CA 92EC8662
  6D784F9E FA7950BC 034542BF 6E690949 3B390209 32488C9A F3CE0B5F 459C104F
  34A10203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 1432CAD4 FC4FF319 7CD9B746 8023375E F7E6A501 DC301D06
  03551D0E 04160414 32CAD4FC 4FF3197C D9B74680 23375EF7 E6A501DC 300D0609
  2A864886 F70D0101 05050003 81810056 3183CDC5 602B146A 2B3C53F0 A85EC6CB
  BE517238 37474E65 6B07C881 73EB389B 78650CF9 DC71F3E2 C2A12739 4FE17215
  05D65A12 5E530BAD 09D0D3DE 65B426A7 3275B011 0C582B66 42EFD4C9 494190D9
  F0EA28C3 32D00D26 9B4D0C9F 52CEACD0 3260167D 30715226 3A43CC07 09E8C786
  63F6BAE3 8CA8BD06 79D60923 9ABCA6
      quit
license udi pid CISCO1941W-A/K9 sn FTX163181AF
license accept end user agreement
license boot module c1900 technology-package securityk9
license boot module c1900 technology-package datak9
hw-module ism 0
!
!
!
username mlar privilege 15 secret 5 $1$XKKv$lSc5x/nHd5jMWou8/5pr0.
!
redundancy
!
!
!
!
!
!
!
!         
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description " *** LAN ACCESS PORT *** "
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface wlan-ap0
 description " *** AP MGMT *** "
 ip address 10.0.1.1 255.255.255.0
 arp timeout 0
 no mop enabled
 no mop sysid
!
interface GigabitEthernet0/1
 description PrimaryWANDesc_
 ip address dhcp hostname lar
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface Wlan-GigabitEthernet0/0
 description " *** BUILTIN 3502 AP *** "
 switchport mode trunk
 no ip address
!
interface GigabitEthernet0/1/0
 description " *** LAN ACCESS PORT *** "
 no ip address
!
interface GigabitEthernet0/1/1
 description " *** LAN ACCESS PORT *** "
 no ip address
!
interface GigabitEthernet0/1/2
 description " *** LAN ACCESS PORT *** "
 no ip address
!
interface GigabitEthernet0/1/3
 description " *** LAN ACCESS PORT *** "
 no ip address
!
interface GigabitEthernet0/1/4
 description " *** LAN ACCESS PORT *** "
 no ip address
!
interface GigabitEthernet0/1/5
 description " *** LAN ACCESS PORT *** "
 no ip address
!
interface GigabitEthernet0/1/6
 description " *** NAS 2x GE LACP *** "
 switchport mode trunk
 no ip address
!
interface GigabitEthernet0/1/7
 description " *** NAS 2x GE LACP *** "
 switchport mode trunk
 no ip address
!
interface Vlan1
 ip address 10.0.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
ip forward-protocol nd
!
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip nat inside source static tcp 10.0.0.2 51413 interface GigabitEthernet0/1 51413
ip nat inside source static udp 10.0.0.2 51413 interface GigabitEthernet0/1 51413
ip nat outside source list user-51413 pool LAR
!
ip access-list extended user-51413
 remark allow 51413 in to 10.0.0.2
 permit tcp any host 10.0.0.2 eq 51413
!         
!
!
access-list 1 permit 10.0.0.0 0.0.0.255
!
control-plane
!
!
!
line con 0
 login local
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line 67
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
 access-class 1 in
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 access-class 1 in
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card