Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3258
Views
0
Helpful
5
Replies

Multiple External IPs on Cisco 881

Go to solution
ACorbettSS
Level 1
Level 1

‎12-16-2013 10:18 AM - edited ‎03-07-2019 05:06 PM

Good day,

    I have a Cisco 881 router on which I'm trying to set up some NAT to allow external connections on some alternate IPs from my ISP to connect to certain ports on my internal servers.   Unfortunately, I'm not a network engineer and something seems to be not-quite-right with my configuration.

    From my ISP I have the IP address 184.183.156.98, this is assigned to the WAN port (FastEthernet4) of my Cisco 881 router, and I have that working correctly.  The Port-forwarding rules I have in place that use this IP work just fine.   Additionally, I have the small block of IPs 184.183.150.161-164.   None of the port forwarding rules set up for these seem to work at all.

    If you need the complete config file, please let me know.  This section below seems to me to be the relevant bits to my issue, the bolded entries are the port forwarding rules that I think should work, but which don't seem to.

!

interface FastEthernet4

description WAN$FW_OUTSIDE$

ip address 184.183.156.98 255.255.255.252

no ip redirects

no ip unreachables

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

ip nat inside source list 23 interface FastEthernet4 overload

ip nat inside source static tcp 192.168.10.205 1024 184.183.150.162 1024 extendable

ip nat inside source static tcp 192.168.10.205 1025 184.183.150.162 1025 extendable

ip nat inside source static tcp 192.168.10.205 1026 184.183.150.162 1026 extendable

ip nat inside source static tcp 192.168.10.205 1027 184.183.150.162 1027 extendable

ip nat inside source static tcp 192.168.10.205 3061 184.183.150.162 3061 extendable

ip nat inside source static tcp 192.168.10.205 3064 184.183.150.162 3064 extendable

ip nat inside source static tcp 192.168.10.210 888 184.183.150.163 888 extendable

ip nat inside source static tcp 192.168.10.93 1024 184.183.150.164 1024 extendable

ip nat inside source static tcp 192.168.10.93 1026 184.183.150.164 1026 extendable

ip nat inside source static tcp 192.168.10.93 1027 184.183.150.164 1027 extendable

ip nat inside source static tcp 192.168.10.93 3060 184.183.150.164 3060 extendable

ip nat inside source static tcp 192.168.10.93 6901 184.183.150.164 6901 extendable

ip nat inside source static udp 192.168.10.93 6901 184.183.150.164 6901 extendable

ip nat inside source static tcp 192.168.10.250 88 184.183.156.98 88 extendable

ip nat inside source static tcp 192.168.10.250 37777 184.183.156.98 37777 extendable

ip route 0.0.0.0 0.0.0.0 184.183.156.97

!

access-list 23 remark CCP_ACL Category=19

access-list 23 permit 192.168.10.0 0.0.0.255

access-list 23 permit 192.168.20.0 0.0.0.255

access-list 23 permit 192.168.30.0 0.0.0.255

access-list 23 permit 192.168.40.0 0.0.0.255

access-list 23 remark VPN Internet acccess

access-list 23 permit 192.168.50.0 0.0.0.255

Thank you,

    Adam Corbett

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎12-16-2013 01:42 PM

Adam

From what you have posted your config looks fine. Are you sure your ISP is routing those IPs to your outside interface ?

How are you testing this ?

Jon

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎12-16-2013 01:42 PM

Adam

From what you have posted your config looks fine. Are you sure your ISP is routing those IPs to your outside interface ?

How are you testing this ?

Jon

0 Helpful

Go to solution
ACorbettSS
Level 1
Level 1
In response to Jon Marshall

‎12-16-2013 01:55 PM

John,

     Thank you for taking a look.   I know the IPs are being routed becuase they work currently on the device the Cisco 881 will be replacing.  When I swap in the 881, the external devices stop reporting connectivity to my internal servers, and test messages return failures.

    The port forawrding rules for my primary IP (184.183.156.98) work just fine on both the older device and the new one, but the other three IPs seem to not be working despite the configuration you see above.

Thank you,

    Adam

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to ACorbettSS

‎12-16-2013 04:02 PM

Adam

I'm not aware of any issues with the 881 and this although i will have a check of the docs when i get a chance. It looks absolutely fine. Can you post a "sh ip nat translations" from the router ?

Jon

0 Helpful

Go to solution
ACorbettSS
Level 1
Level 1
In response to Jon Marshall

‎12-17-2013 07:26 AM

Jon,

The result of "sh ip nat translations" is

Pro Inside global      Inside local       Outside local      Outside global

tcp 184.183.150.164:1024 192.168.10.93:1024 ---              ---

tcp 184.183.150.164:1026 192.168.10.93:1026 ---              ---

tcp 184.183.150.164:1027 192.168.10.93:1027 ---              ---

tcp 184.183.150.164:3060 192.168.10.93:3060 ---              ---

tcp 184.183.150.164:6901 192.168.10.93:6901 107.22.184.135:45196 107.22.184.135:45196

tcp 184.183.150.164:6901 192.168.10.93:6901 107.22.184.135:47847 107.22.184.135:47847

tcp 184.183.150.164:6901 192.168.10.93:6901 107.22.184.135:50434 107.22.184.135:50434

tcp 184.183.150.164:6901 192.168.10.93:6901 ---              ---

udp 184.183.150.164:6901 192.168.10.93:6901 ---              ---

udp 184.183.156.98:58654 192.168.10.111:58654 8.8.8.8:53     8.8.8.8:53

tcp 184.183.156.98:61152 192.168.10.111:61152 74.125.224.242:443 74.125.224.242:443

tcp 184.183.156.98:61153 192.168.10.111:61153 74.125.239.2:80 74.125.239.2:80

tcp 184.183.156.98:61154 192.168.10.111:61154 173.194.79.125:5222 173.194.79.125:5222

tcp 184.183.156.98:61155 192.168.10.111:61155 74.125.224.79:443 74.125.224.79:443

tcp 184.183.156.98:61156 192.168.10.111:61156 74.125.224.172:443 74.125.224.172:443

tcp 184.183.156.98:61159 192.168.10.111:61159 74.125.239.15:443 74.125.239.15:443

tcp 184.183.156.98:61162 192.168.10.111:61162 74.125.239.5:443 74.125.239.5:443

tcp 184.183.156.98:61164 192.168.10.111:61164 74.125.239.21:443 74.125.239.21:443

tcp 184.183.156.98:61165 192.168.10.111:61165 74.125.239.12:443 74.125.239.12:443

tcp 184.183.156.98:61166 192.168.10.111:61166 74.125.239.0:443 74.125.239.0:443

tcp 184.183.156.98:61168 192.168.10.111:61168 74.125.239.26:443 74.125.239.26:443

tcp 184.183.156.98:61169 192.168.10.111:61169 74.125.129.84:443 74.125.129.84:443

tcp 184.183.156.98:61170 192.168.10.111:61170 74.125.224.107:443 74.125.224.107:443

tcp 184.183.156.98:61172 192.168.10.111:61172 74.125.239.11:443 74.125.239.11:443

tcp 184.183.156.98:61173 192.168.10.111:61173 74.125.239.10:443 74.125.239.10:443

tcp 184.183.156.98:61174 192.168.10.111:61174 74.125.224.76:443 74.125.224.76:443

tcp 184.183.156.98:61176 192.168.10.111:61176 74.125.239.29:443 74.125.239.29:443

tcp 184.183.156.98:61177 192.168.10.111:61177 173.194.42.207:443 173.194.42.207:443

tcp 184.183.156.98:61178 192.168.10.111:61178 74.125.239.3:80 74.125.239.3:80

tcp 184.183.156.98:61179 192.168.10.111:61179 74.125.239.2:80 74.125.239.2:80

tcp 184.183.156.98:61181 192.168.10.111:61181 108.160.162.111:80 108.160.162.111:80

tcp 184.183.156.98:61184 192.168.10.111:61184 108.160.162.111:80 108.160.162.111:80

tcp 184.183.156.98:61185 192.168.10.111:61185 108.160.162.111:80 108.160.162.111:80

tcp 184.183.150.162:1024 192.168.10.205:1024 ---             ---

tcp 184.183.150.162:1025 192.168.10.205:1025 ---             ---

tcp 184.183.150.162:1026 192.168.10.205:1026 ---             ---

tcp 184.183.150.162:1027 192.168.10.205:1027 ---             ---

tcp 184.183.150.162:3061 192.168.10.205:3061 ---             ---

tcp 184.183.150.162:3064 192.168.10.205:3064 ---             ---

tcp 184.183.150.163:888 192.168.10.210:888 ---               ---

tcp 184.183.156.98:88  192.168.10.250:88  ---                ---

tcp 184.183.156.98:37777 192.168.10.250:37777 66.87.70.193:33208 66.87.70.193:33208

tcp 184.183.156.98:37777 192.168.10.250:37777 66.87.70.193:44249 66.87.70.193:44249

tcp 184.183.156.98:37777 192.168.10.250:37777 66.87.70.193:60742 66.87.70.193:60742

tcp 184.183.156.98:37777 192.168.10.250:37777 66.87.70.193:63037 66.87.70.193:63037

tcp 184.183.156.98:37777 192.168.10.250:37777 ---            ---

Thank you

0 Helpful

Go to solution
ACorbettSS
Level 1
Level 1
In response to ACorbettSS

‎12-17-2013 12:38 PM

    After going over my config file again and again, consulting google, consulting this forum, and consulting Cisco TAC  all to no avail, I took a step back from the problem and realized that I had caused the issue myself.

    My old device was configured with the gateway at 192.168.10.255, but for the new configuration I went with .1.   This worked just fine for all my DHCP devices, but the static-addressed servers were understandably deprived of internet access.  So, of course, all of my tests from the external devices reported no response from the servers in my network.

Thank you for your assistance.

Best Regards

    Adam Corbett

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card