03-28-2014 11:05 AM - edited 03-07-2019 06:54 PM
Hi,
I am relativly new to Cisco (So excuse any dodgy config please) and am struggling to get my port forwarding working on my Cisco 887VA, ultimately it will be for PPTP VPN's but using a online port checker it is not showing the port as open.
It works if in the NAT statment I use my external IP address, however since I have a dynamic one from my ISP this is not pratical.
I therefore tried to use an interface (As below) however this does not work... for me at least.
My config for internal and external interfaces is below.
interface Vlan1
description LAN
ip address 10.199.0.1 255.255.255.0
ip flow ingress
ip nat inside
no ip virtual-reassembly in
ip route-cache policy
ip tcp adjust-mss 1452
!
interface Dialer1
description Dialer interface for VDSL
mtu 1492
ip address negotiated
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname *************
ppp chap password 0 ********
ppp pap sent-username *********password 0 **********
ppp ipcp dns request
ppp ipcp route default
ppp ipcp address accept
no cdp enable
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip dns server
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 10.199.0.7 1723 interface Dialer1 1723
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.200.0.0 255.255.255.0 10.199.0.2
!
access-list 1 remark Inside_Access
access-list 1 permit 10.199.0.0 0.0.0.255
dialer-list 1 protocol ip permit
Hopefully it is something obvious I am doing wrong.
Thanks
Alexander
03-31-2014 06:34 PM
Hi Alex,
I try and keep the IP address off the dialer interface and insteda use Loopback interfaces where possible. try this code
interface Loopback0
ip address negotiated
ip nat outside
interface Vlan1
ip nat inside
interface Dialer0
ip unnumbered Loopback0
ip nat inside source list 101 interface Loopback0 overload
ip nat inside source static tcp 10.199.0.7 1723 interface Loopback0 1723
ip route 0.0.0.0 0.0.0.0 Dialer0
access-list 101 permit ip 10.199.0.0 0.0.255.255 any
(internal LAN subnet)
04-01-2014 05:00 AM
Hello
Your current NAT statements are apllicable, no need to change them.
If your WAN IP changes it wont effect your connectivity.
res
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide