12-16-2013 10:18 AM - edited 03-07-2019 05:06 PM
Good day,
I have a Cisco 881 router on which I'm trying to set up some NAT to allow external connections on some alternate IPs from my ISP to connect to certain ports on my internal servers. Unfortunately, I'm not a network engineer and something seems to be not-quite-right with my configuration.
From my ISP I have the IP address 184.183.156.98, this is assigned to the WAN port (FastEthernet4) of my Cisco 881 router, and I have that working correctly. The Port-forwarding rules I have in place that use this IP work just fine. Additionally, I have the small block of IPs 184.183.150.161-164. None of the port forwarding rules set up for these seem to work at all.
If you need the complete config file, please let me know. This section below seems to me to be the relevant bits to my issue, the bolded entries are the port forwarding rules that I think should work, but which don't seem to.
!
interface FastEthernet4
description WAN$FW_OUTSIDE$
ip address 184.183.156.98 255.255.255.252
no ip redirects
no ip unreachables
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
ip nat inside source list 23 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.10.205 1024 184.183.150.162 1024 extendable
ip nat inside source static tcp 192.168.10.205 1025 184.183.150.162 1025 extendable
ip nat inside source static tcp 192.168.10.205 1026 184.183.150.162 1026 extendable
ip nat inside source static tcp 192.168.10.205 1027 184.183.150.162 1027 extendable
ip nat inside source static tcp 192.168.10.205 3061 184.183.150.162 3061 extendable
ip nat inside source static tcp 192.168.10.205 3064 184.183.150.162 3064 extendable
ip nat inside source static tcp 192.168.10.210 888 184.183.150.163 888 extendable
ip nat inside source static tcp 192.168.10.93 1024 184.183.150.164 1024 extendable
ip nat inside source static tcp 192.168.10.93 1026 184.183.150.164 1026 extendable
ip nat inside source static tcp 192.168.10.93 1027 184.183.150.164 1027 extendable
ip nat inside source static tcp 192.168.10.93 3060 184.183.150.164 3060 extendable
ip nat inside source static tcp 192.168.10.93 6901 184.183.150.164 6901 extendable
ip nat inside source static udp 192.168.10.93 6901 184.183.150.164 6901 extendable
ip nat inside source static tcp 192.168.10.250 88 184.183.156.98 88 extendable
ip nat inside source static tcp 192.168.10.250 37777 184.183.156.98 37777 extendable
ip route 0.0.0.0 0.0.0.0 184.183.156.97
!
access-list 23 remark CCP_ACL Category=19
access-list 23 permit 192.168.10.0 0.0.0.255
access-list 23 permit 192.168.20.0 0.0.0.255
access-list 23 permit 192.168.30.0 0.0.0.255
access-list 23 permit 192.168.40.0 0.0.0.255
access-list 23 remark VPN Internet acccess
access-list 23 permit 192.168.50.0 0.0.0.255
Thank you,
Adam Corbett
Solved! Go to Solution.
12-16-2013 01:42 PM
Adam
From what you have posted your config looks fine. Are you sure your ISP is routing those IPs to your outside interface ?
How are you testing this ?
Jon
12-16-2013 01:42 PM
Adam
From what you have posted your config looks fine. Are you sure your ISP is routing those IPs to your outside interface ?
How are you testing this ?
Jon
12-16-2013 01:55 PM
John,
Thank you for taking a look. I know the IPs are being routed becuase they work currently on the device the Cisco 881 will be replacing. When I swap in the 881, the external devices stop reporting connectivity to my internal servers, and test messages return failures.
The port forawrding rules for my primary IP (184.183.156.98) work just fine on both the older device and the new one, but the other three IPs seem to not be working despite the configuration you see above.
Thank you,
Adam
12-16-2013 04:02 PM
Adam
I'm not aware of any issues with the 881 and this although i will have a check of the docs when i get a chance. It looks absolutely fine. Can you post a "sh ip nat translations" from the router ?
Jon
12-17-2013 07:26 AM
Jon,
The result of "sh ip nat translations" is
Pro Inside global Inside local Outside local Outside global
tcp 184.183.150.164:1024 192.168.10.93:1024 --- ---
tcp 184.183.150.164:1026 192.168.10.93:1026 --- ---
tcp 184.183.150.164:1027 192.168.10.93:1027 --- ---
tcp 184.183.150.164:3060 192.168.10.93:3060 --- ---
tcp 184.183.150.164:6901 192.168.10.93:6901 107.22.184.135:45196 107.22.184.135:45196
tcp 184.183.150.164:6901 192.168.10.93:6901 107.22.184.135:47847 107.22.184.135:47847
tcp 184.183.150.164:6901 192.168.10.93:6901 107.22.184.135:50434 107.22.184.135:50434
tcp 184.183.150.164:6901 192.168.10.93:6901 --- ---
udp 184.183.150.164:6901 192.168.10.93:6901 --- ---
udp 184.183.156.98:58654 192.168.10.111:58654 8.8.8.8:53 8.8.8.8:53
tcp 184.183.156.98:61152 192.168.10.111:61152 74.125.224.242:443 74.125.224.242:443
tcp 184.183.156.98:61153 192.168.10.111:61153 74.125.239.2:80 74.125.239.2:80
tcp 184.183.156.98:61154 192.168.10.111:61154 173.194.79.125:5222 173.194.79.125:5222
tcp 184.183.156.98:61155 192.168.10.111:61155 74.125.224.79:443 74.125.224.79:443
tcp 184.183.156.98:61156 192.168.10.111:61156 74.125.224.172:443 74.125.224.172:443
tcp 184.183.156.98:61159 192.168.10.111:61159 74.125.239.15:443 74.125.239.15:443
tcp 184.183.156.98:61162 192.168.10.111:61162 74.125.239.5:443 74.125.239.5:443
tcp 184.183.156.98:61164 192.168.10.111:61164 74.125.239.21:443 74.125.239.21:443
tcp 184.183.156.98:61165 192.168.10.111:61165 74.125.239.12:443 74.125.239.12:443
tcp 184.183.156.98:61166 192.168.10.111:61166 74.125.239.0:443 74.125.239.0:443
tcp 184.183.156.98:61168 192.168.10.111:61168 74.125.239.26:443 74.125.239.26:443
tcp 184.183.156.98:61169 192.168.10.111:61169 74.125.129.84:443 74.125.129.84:443
tcp 184.183.156.98:61170 192.168.10.111:61170 74.125.224.107:443 74.125.224.107:443
tcp 184.183.156.98:61172 192.168.10.111:61172 74.125.239.11:443 74.125.239.11:443
tcp 184.183.156.98:61173 192.168.10.111:61173 74.125.239.10:443 74.125.239.10:443
tcp 184.183.156.98:61174 192.168.10.111:61174 74.125.224.76:443 74.125.224.76:443
tcp 184.183.156.98:61176 192.168.10.111:61176 74.125.239.29:443 74.125.239.29:443
tcp 184.183.156.98:61177 192.168.10.111:61177 173.194.42.207:443 173.194.42.207:443
tcp 184.183.156.98:61178 192.168.10.111:61178 74.125.239.3:80 74.125.239.3:80
tcp 184.183.156.98:61179 192.168.10.111:61179 74.125.239.2:80 74.125.239.2:80
tcp 184.183.156.98:61181 192.168.10.111:61181 108.160.162.111:80 108.160.162.111:80
tcp 184.183.156.98:61184 192.168.10.111:61184 108.160.162.111:80 108.160.162.111:80
tcp 184.183.156.98:61185 192.168.10.111:61185 108.160.162.111:80 108.160.162.111:80
tcp 184.183.150.162:1024 192.168.10.205:1024 --- ---
tcp 184.183.150.162:1025 192.168.10.205:1025 --- ---
tcp 184.183.150.162:1026 192.168.10.205:1026 --- ---
tcp 184.183.150.162:1027 192.168.10.205:1027 --- ---
tcp 184.183.150.162:3061 192.168.10.205:3061 --- ---
tcp 184.183.150.162:3064 192.168.10.205:3064 --- ---
tcp 184.183.150.163:888 192.168.10.210:888 --- ---
tcp 184.183.156.98:88 192.168.10.250:88 --- ---
tcp 184.183.156.98:37777 192.168.10.250:37777 66.87.70.193:33208 66.87.70.193:33208
tcp 184.183.156.98:37777 192.168.10.250:37777 66.87.70.193:44249 66.87.70.193:44249
tcp 184.183.156.98:37777 192.168.10.250:37777 66.87.70.193:60742 66.87.70.193:60742
tcp 184.183.156.98:37777 192.168.10.250:37777 66.87.70.193:63037 66.87.70.193:63037
tcp 184.183.156.98:37777 192.168.10.250:37777 --- ---
Thank you
12-17-2013 12:38 PM
After going over my config file again and again, consulting google, consulting this forum, and consulting Cisco TAC all to no avail, I took a step back from the problem and realized that I had caused the issue myself.
My old device was configured with the gateway at 192.168.10.255, but for the new configuration I went with .1. This worked just fine for all my DHCP devices, but the static-addressed servers were understandably deprived of internet access. So, of course, all of my tests from the external devices reported no response from the servers in my network.
Thank you for your assistance.
Best Regards
Adam Corbett
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide