cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
617
Views
5
Helpful
13
Replies

My web server ip address is not on list in "sh ip nat trans | i 80"

cool01
Beginner
Beginner

Good day all,

 

We would like ask something for my issues regarding port forwarding, currently I'm configuring this (below ip nat inside) my web dbase has responsed successfully unfortunately the login page encountered error even the programming side has no error. 103.225.36.242 is my IP Address for my router but the given IP Address for web server is 103.225.37.141.  

 

ip nat inside source static tcp 192.168.20.23 22 103.225.37.141 22 extendable
ip nat inside source static tcp 192.168.20.23 80 103.225.37.141 80 extendable
ip nat inside source static tcp 192.168.20.23 443 103.225.37.141 443 extendable
ip nat inside source static 192.168.20.23 103.225.37.141 extendable

 

 

Thank you, newbie here..

1 Accepted Solution

Accepted Solutions

Hi cool01,

 

You should probably refer back to the original design document and network diagram for this work to confirm how you're supposed to be configuring this then.

 

At a guess, the 103.225.36.242 address is for your WAN connection to the ISP and 103.225.37.130 /27 is for use by yourself internally, so it will be configured as a subnet on the inside of the router.

 

Luke

View solution in original post

13 Replies 13

Mohammed al Baqari
VIP Advisor VIP Advisor
VIP Advisor
What port is used for authentication? If its 80 or 443, then it will work
fine

Thank you for your response, i'm just using 80 however I includes 443 in my codes because i saw in my research.

My public ip address for WAN is different for web server ip address but is also provided by our ISP.

sludge3000
Beginner
Beginner

Hi cool01,

It looks like the public IP for your web server is not in the range provided by your ISP, so it won't work. You need to use an IP address that is in the range provided by your ISP for it to be routable over the internet.

What is the range provided by your ISP?

sludge

Ok sir thank you for this information.

Deepak Kumar
Advocate
Advocate

Hi,

There is some confusion for you and router also. You applied destination nat on port number 22,80,443, and on all ports.

Please remove the last line, if not required.

ip nat inside source static 192.168.20.23 103.225.37.141 extendable

 

Your port forwarding is working fine. Please check with your server team, are they allowed HTTP & https servers for all IPs means 0.0.0.0.  My team was faced the same issue a few months ago. Then we found this service is not allowed from the public domain. 

 

Regards,

Deepak Kumar

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

paul driver
VIP Expert VIP Expert
VIP Expert

Hello

Just try a basic static nat statement

ip nat inside source static 192.168.20.23 103.225.37.141

Also suggest to negate it from any access-list being used for default nat

example:
access-list 100 deny ip host 192.168.20.23 any
access-list 100 permit ip 192.168.20.0 0.0.0.255 any

 

res
Paul

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Many thanks sir for this information.

Regarding this matter, our ISP advise us to use "Static Route" for 103.225.37.141(public) so we can use it for port forwarding and point it to WAN IP Address(103.225.36.242) Unfortunately while configuring "ip route" my result is %Inconsistent address and mask.

 

Router(config)# ip route 103.225.37.141 255.255.255.224 103.225.36.242

My result: %Inconsistent address and mask

 

 

 

Hi cool01,

Your ISP should have provided you the subnet mask. Id they have not provided you with the IP address and subnet mask for your connections in documentation when you signed up for the service, I would strongly recommend cancelling immediately and finding another ISP.

They sound like they're not very good.

They provided us IP address with subnet mask for WAN sir, the

IP-103.225.36.242

SM- 255.255.255.252

GW -103.225.36.36.241

 

they also provided this for static ip for individual pc.

IP-103.225.37.130 /27

SM-255.255.255.224

GW-103.225.37.129

 

User Access Verification

 Building configuration...

 Current configuration : 1449 bytes

!

version 12.4

!

ip name-server 103.225.36.238

ip name-server 103.225.36.226

ip name-server 8.8.8.8

!

interface FastEthernet0/0

 description Link_to_Radius$ETH-LAN$

 ip address 103.225.36.242 255.255.255.252

 speed 100

 full-duplex

!

interface FastEthernet0/1

description Link_to_LAN$ETH-LAN$$ES_LAN$

 ip address 103.225.36.249 255.255.255.252 secondary

 ip address 103.225.37.129 255.255.255.224

 ip nbar protocol-discovery

 speed 100

 full-duplex

 service-policy output DROP

!

interface Serial0/0/0

 no ip address

 shutdown

 clock rate 2000000

!

ip classless

ip route 0.0.0.0 0.0.0.0 103.225.36.241

Hi cool01,

 

You should probably refer back to the original design document and network diagram for this work to confirm how you're supposed to be configuring this then.

 

At a guess, the 103.225.36.242 address is for your WAN connection to the ISP and 103.225.37.130 /27 is for use by yourself internally, so it will be configured as a subnet on the inside of the router.

 

Luke

Yes sir, the /27 also provided by ISP so they recommend to use static route to point the 103.225.37.141 to WAN IP Address which is 103.225.36.242.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers