04-19-2012 11:19 AM - edited 03-07-2019 06:14 AM
I need help getting access to my http server. I have a host name that I configured to point to my IPS IP address. Port 80 is enabled on my server, but I can't seem to get access it from my web address (www.jkkcc.com)
Here is my config for my router:
3745-Internet#show run
Building configuration...
Current configuration : 2331 bytes
!
version 12.4
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 3745-Internet
!
boot-start-marker
boot system flash:
boot-end-marker
!
no logging buffered
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
memory-size iomem 25
no network-clock-participate slot 2
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.1 192.168.2.150
!
ip dhcp pool HOME-Network
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 192.168.2.127 192.168.1.128
!
ip dhcp pool home-network
!
!
ip domain name www.jkkcc.com
ip name-server 192.168.2.127
!
multilink bundle-name authenticated
parameter-map type regex sdm-regex-nonascii
pattern [^\x00-\x80]
!
!
!
!
!
!
!
username woodjl1650 privilege 15 password 0 henry999
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0/0
description $FW_OUTSIDE$
ip address dhcp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface FastEthernet0/0.1
!
interface Serial0/0
description $FW_INSIDE$
ip address 10.0.1.9 255.255.255.248
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/1
description $FW_INSIDE$
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
!
interface Serial0/1
description $FW_INSIDE$
ip address 10.0.1.5 255.255.255.248
ip nat inside
ip virtual-reassembly
!
router eigrp 1
network 10.0.0.0
network 192.168.2.0
network 192.168.3.0
network 192.168.4.0
network 192.168.6.0
network 192.168.10.0
network 192.168.11.0
no auto-summary
!
ip route 192.168.4.0 255.255.255.0 192.168.3.5
!
!
no ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 15 interface FastEthernet0/0 overload
!
access-list 15 permit 192.168.2.0 0.0.0.255
access-list 15 permit 192.168.3.0 0.0.0.255
access-list 15 permit 192.168.4.0 0.0.0.255
access-list 15 permit 10.0.1.0 0.0.0.7
access-list 15 permit 10.0.1.8 0.0.0.7
snmp-server community public RO
snmp-server community private RW
snmp-server enable traps tty
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
transport input telnet
!
!
webvpn cef
!
end
Solved! Go to Solution.
04-22-2012 07:11 PM
Jonathan,
is this a continuation of one of your older posts?
https://supportforums.cisco.com/thread/2135614
I see no PAT in your config above that forwards port 80 on your outbound interface to the ip address of your web server.
add
ip nat inside source static tcp 192.168.2.x 80 interface FastEthernet0/0 80 (where 192.168.2.x, is the IP address of your web server).
also you might want to create an inbound access list on fa0/0 to allow traffic on port 80 to be allowed through.
let me know if you need more details
04-22-2012 07:11 PM
Jonathan,
is this a continuation of one of your older posts?
https://supportforums.cisco.com/thread/2135614
I see no PAT in your config above that forwards port 80 on your outbound interface to the ip address of your web server.
add
ip nat inside source static tcp 192.168.2.x 80 interface FastEthernet0/0 80 (where 192.168.2.x, is the IP address of your web server).
also you might want to create an inbound access list on fa0/0 to allow traffic on port 80 to be allowed through.
let me know if you need more details
04-30-2012 12:12 PM
would the access list look like?
access list 15 fa0/0 80
04-30-2012 06:14 PM
would you please be able to help me with the access list config?
05-01-2012 03:24 AM
Dear Jonath,
You just need to enter the following command at the configuration prompt:
"access-list 104 permit ip any any"
This command allows all ip traffic. But I dont think that you need an acl here in the suggestion above.
BTW: If the above config(as suggested by minkdennis) does not work, you can go for below commands:
Int fa0/0 ---------Interface where your server is connected.
ip nat inside
Int fa0/1 ------------ Interface that is connecting your router to wan
ip nat outside
exit
ip nat inside source list 104 int fa0/1 overload
access-list 104 permit ip any any
ip nat inside source static tcp 192.x.x.x 80 int 11.x.x.x 80 ---- where 192.x.x.x is the server ip and 11.x.x.x is your wan ip.
Please revert if I can do something for you !!
--
Parvesh
05-01-2012 07:05 AM
Does my web server need to be plugged directly to the router? Right now f0/1 is connected to my switch where my web server is connect as well.
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide