Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1346
Views
4
Helpful
7
Replies

NAT issues

Go to solution
tonymctony
Level 1
Level 1

‎05-01-2016 09:35 AM - edited ‎03-08-2019 05:34 AM

Greetings,

I have the following issue:

I've got a 2821 router configured for NAT. It's supposed to grant access to a webserver on the local network at address 192.168.1.46, port 8080 from the outside network. The network address translation is working, I can see it with this command:

master#sh ip nat statistics
Total active translations: 4 (0 static, 4 dynamic; 4 extended)
Peak translations: 8, occurred 00:19:28 ago
Outside interfaces:
 GigabitEthernet0/1
Inside interfaces:
 GigabitEthernet0/0
Hits: 54 Misses: 0
CEF Translated packets: 54, CEF Punted packets: 0
Expired translations: 15
Dynamic mappings:
-- Inside Source
Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0

However, the web server is still unreachable - no traffic is coming from it when I try to access it from the outside. Please help troubleshoot this, I am at a loss here.

Here is my router's config:

master#sh running-config
Building configuration...
version 15.1
service config
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname master
!
boot-start-marker
boot system flash:c2800nm-adventerprisek9-mz.151-4.M10.bin
boot-end-marker
!
!
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
archive
 log config
 hidekeys
!
redundancy
!
interface GigabitEthernet0/0
 description LAN
 ip address 192.168.1.3 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
 no mop enabled
!
interface GigabitEthernet0/1
 description WAN
 ip address <Public IP address given by ISP> 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source static tcp 192.168.1.46 8080 interface GigabitEthernet0/1 8080
ip nat inside source list 100 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 <ISP's gateway>
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
!
!
control-plane
!
!
mgcp profile default
!
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to tonymctony

‎05-01-2016 01:25 PM

Is the Web server reachable (pingable) from outside and does it resolve to 192.168.2.46 correctly? What is the output of "sh ip nat translation"?

HTH

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎05-01-2016 10:00 AM

Hi,

Can you test using the actual IP address of the service provider?

ip nat inside source list 100 interface GigabitEthernet0/1 overload
ip nat inside source static tcp 192.168.1.46 8080 <ip address of the provider> 8080 extendable

HTH
0 Helpful

Go to solution
tonymctony
Level 1
Level 1
In response to Reza Sharifi

‎05-01-2016 12:55 PM

Thank you for the suggestion,  but no change.

Here's what I've done: I've removed the previous line like this:

no ip nat inside source static tcp 192.168.1.46 8080 GigabitEthernet0/1 8080

and added yours:

ip nat inside source static tcp 192.168.1.46 8080 <ip address of the provider> 8080 extendable

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to tonymctony

‎05-01-2016 01:25 PM

Is the Web server reachable (pingable) from outside and does it resolve to 192.168.2.46 correctly? What is the output of "sh ip nat translation"?

HTH

0 Helpful

Go to solution
tonymctony
Level 1
Level 1
In response to Reza Sharifi

‎05-01-2016 02:27 PM

I cannot ping it from outside, as I have said before: the connection is not established.

However, I see that NAT is working:

master#sh ip nat translations 
Pro Inside global         Inside local          Outside local         Outside global
tcp <gateway public IP>:8080   192.168.1.46:8080     <gateway public IP>:50456  <gateway public IP>:50456
tcp <gateway public IP>:8080   192.168.1.46:8080     ---                   ---
0 Helpful

Go to solution
milan.kulik
Level 10
Level 10
In response to tonymctony

‎05-02-2016 01:26 AM

Hi,

your NAT looks OK.

Are you sure your web server is really working on port 8080?

BR,

Milan

0 Helpful

Go to solution
tonymctony
Level 1
Level 1
In response to milan.kulik

‎05-02-2016 01:47 AM

Absolutely:

master#telnet 192.168.1.46 8080
Trying 192.168.1.46, 8080 ... Open 
GET /index.html
<?xml version="1.0" encoding="ISO-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"                 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">                                                                         <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><title>Apache Tomcat</title></head><body>                                                              <h1>It works !</h1><p>If you're seeing this page via a web browser, it means you've setup Tomcat successfully. Congratulations!</p>
0 Helpful

Go to solution
tonymctony
Level 1
Level 1
In response to tonymctony

‎05-02-2016 03:35 PM

The solution was trivial, as most of them are - the local web server did not have a proper default gateway set. Changing that to the router that I am configuring fixed the issue. Thank you everyone, you've led me to the right solution.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card