Solved: My web server ip address is not on list in "sh ip nat trans | i 80"

cool01 · ‎01-30-2018

Good day all,

We would like ask something for my issues regarding port forwarding, currently I'm configuring this (below ip nat inside) my web dbase has responsed successfully unfortunately the login page encountered error even the programming side has no error. 103.225.36.242 is my IP Address for my router but the given IP Address for web server is 103.225.37.141.

ip nat inside source static tcp 192.168.20.23 22 103.225.37.141 22 extendable
ip nat inside source static tcp 192.168.20.23 80 103.225.37.141 80 extendable
ip nat inside source static tcp 192.168.20.23 443 103.225.37.141 443 extendable
ip nat inside source static 192.168.20.23 103.225.37.141 extendable

Thank you, newbie here..

sludge3000 · ‎02-05-2018

Hi cool01,

You should probably refer back to the original design document and network diagram for this work to confirm how you're supposed to be configuring this then.

At a guess, the 103.225.36.242 address is for your WAN connection to the ISP and 103.225.37.130 /27 is for use by yourself internally, so it will be configured as a subnet on the inside of the router.

Luke

View solution in original post

Mohammed al Baqari · ‎01-30-2018

What port is used for authentication? If its 80 or 443, then it will work
fine

cool01 · ‎01-30-2018

Thank you for your response, i'm just using 80 however I includes 443 in my codes because i saw in my research.

cool01 · ‎01-30-2018

My public ip address for WAN is different for web server ip address but is also provided by our ISP.

sludge3000 · ‎01-31-2018

Hi cool01,

It looks like the public IP for your web server is not in the range provided by your ISP, so it won't work. You need to use an IP address that is in the range provided by your ISP for it to be routable over the internet.

What is the range provided by your ISP?

sludge

cool01 · ‎01-31-2018

Ok sir thank you for this information.

Deepak Kumar · ‎01-31-2018

Hi,

There is some confusion for you and router also. You applied destination nat on port number 22,80,443, and on all ports.

Please remove the last line, if not required.

ip nat inside source static 192.168.20.23 103.225.37.141 extendable

Your port forwarding is working fine. Please check with your server team, are they allowed HTTP & https servers for all IPs means 0.0.0.0. My team was faced the same issue a few months ago. Then we found this service is not allowed from the public domain.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

paul driver · ‎02-01-2018

Hello

Just try a basic static nat statement

ip nat inside source static 192.168.20.23 103.225.37.141

Also suggest to negate it from any access-list being used for default nat

example:
access-list 100 deny ip host 192.168.20.23 any
access-list 100 permit ip 192.168.20.0 0.0.0.255 any

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

cool01 · ‎02-04-2018

Many thanks sir for this information.

cool01 · ‎02-05-2018

Regarding this matter, our ISP advise us to use "Static Route" for 103.225.37.141(public) so we can use it for port forwarding and point it to WAN IP Address(103.225.36.242) Unfortunately while configuring "ip route" my result is %Inconsistent address and mask.

Router(config)# ip route 103.225.37.141 255.255.255.224 103.225.36.242

My result: %Inconsistent address and mask

sludge3000 · ‎02-05-2018

Hi cool01,

Your ISP should have provided you the subnet mask. Id they have not provided you with the IP address and subnet mask for your connections in documentation when you signed up for the service, I would strongly recommend cancelling immediately and finding another ISP.

They sound like they're not very good.

cool01 · ‎02-05-2018

They provided us IP address with subnet mask for WAN sir, the

IP-103.225.36.242

SM- 255.255.255.252

GW -103.225.36.36.241

they also provided this for static ip for individual pc.

IP-103.225.37.130 /27

SM-255.255.255.224

GW-103.225.37.129

User Access Verification

Building configuration...

Current configuration : 1449 bytes

!

version 12.4

!

ip name-server 103.225.36.238

ip name-server 103.225.36.226

ip name-server 8.8.8.8

!

interface FastEthernet0/0

description Link_to_Radius$ETH-LAN$

ip address 103.225.36.242 255.255.255.252

speed 100

full-duplex

!

interface FastEthernet0/1

description Link_to_LAN$ETH-LAN$$ES_LAN$

ip address 103.225.36.249 255.255.255.252 secondary

ip address 103.225.37.129 255.255.255.224

ip nbar protocol-discovery

speed 100

full-duplex

service-policy output DROP

!

interface Serial0/0/0

no ip address

shutdown

clock rate 2000000

!

ip classless

ip route 0.0.0.0 0.0.0.0 103.225.36.241

sludge3000 · ‎02-05-2018

Hi cool01,

You should probably refer back to the original design document and network diagram for this work to confirm how you're supposed to be configuring this then.

At a guess, the 103.225.36.242 address is for your WAN connection to the ISP and 103.225.37.130 /27 is for use by yourself internally, so it will be configured as a subnet on the inside of the router.

Luke

cool01 · ‎02-05-2018

Yes sir, the /27 also provided by ISP so they recommend to use static route to point the 103.225.37.141 to WAN IP Address which is 103.225.36.242.