cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2733
Views
0
Helpful
9
Replies

Port forwarding not working

HI,

am trying to run a webserver, port 80 works, but 443 not working.This is my config.

 

ispocab-nxn#show run
Building configuration...

Current configuration : 4362 bytes
!
version 15.2
service nagle
no service pad
service tcp-keepalives-in
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname ispocab-nxn
!
boot-start-marker
boot-end-marker
!
!
logging buffered 65535
enable secret 5 $1$6KA7$fktSrez8TC/dxyp3SSDhA0
!
aaa new-model
!
!
aaa authentication login default local-case enable
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
memory-size iomem 10
service-module wlan-ap 0 bootimage autonomous
!
!
no ip source-route
no ip gratuitous-arps
ip cef
!
!
!
!


!
no ip dhcp use vrf connected
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.150 192.168.1.254
!
ip dhcp pool ispocab-nxn
network 192.168.1.0 255.255.255.0
dns-server 196.216.48.10 196.216.52.10
default-router 192.168.1.254
!
!
!
ip domain name cust.maxnet.ao
ip name-server 196.216.48.10
ip name-server 196.216.52.10
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid C881W-A-K9 sn FJC1948E1T9
!
!
archive
log config
hidekeys
!
spanning-tree portfast bpduguard
vtp mode transparent
username coadmin secret 5 $1$nNdu$bS.dR5i/6L/P.cpvO6eWq1
username admin-isp privilege 15 password 7 030D481B095E731F1A5C39
!
!
!
!
!
vlan 1149
name net
!
vlan 1150
name voice
!
ip ssh time-out 30
ip ssh version 2
!
class-map match-all voip
match access-group 100
class-map match-all control
match access-group 101
!
policy-map INTERT_10M
class class-default
police cir 10240000
conform-action transmit
exceed-action drop
policy-map QoS-VOIP
class voip
set ip precedence 5
class control
set ip precedence 5
class class-default
set ip precedence 0
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface FastEthernet0
description TRUNK TO IDU ITA
switchport mode trunk
no ip address
!
interface FastEthernet1
description [CONECT-ROTER-CLIENTE]
no ip address
!
interface FastEthernet2
description PBX YEASTAR S50 | ITA
switchport access vlan 1150
no ip address
service-policy input QoS-VOIP
service-policy output QoS-VOIP
!
interface FastEthernet3
description [CONECT-SERVER-CLIENTE]
no ip address
!
interface FastEthernet4
description NOT IN USE
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
duplex auto
speed auto
no snmp trap link-status
no cdp enable
service-policy input QoS-VOIP
service-policy output QoS-VOIP
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
no ip address
!
interface wlan-ap0
description Embedded Service module interface to manage the embedded AP
no ip address
!
interface Vlan1
description [internal,network]
ip address 192.168.1.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Vlan1149
description ispocab-nxn-net
ip address 41.218.115.54 255.255.255.252
ip nat outside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 10 interface Vlan1149 overload
ip nat inside source static tcp 192.168.1.200 80 41.218.115.54 80 extendable
ip nat inside source static udp 192.168.1.200 80 41.218.115.54 80 extendable
ip nat inside source static tcp 192.168.1.200 443 41.218.115.54 443 extendable
ip nat inside source static udp 192.168.1.200 443 41.218.115.54 443 extendable
ip route 0.0.0.0 0.0.0.0 41.218.115.53 name default-internet
!
access-list 10 permit 192.168.0.0 0.0.255.255
access-list 60 permit 196.216.48.0 0.0.0.255
access-list 60 permit 192.168.0.0 0.0.255.255
no cdp run
!
!
!
!
control-plane
!
!
banner motd ^CC
======================================================
MAXNET - ISPOCAB NXN

 

UNAUTHORISED ACCESS PROHIBITED
For support call tel. +244- 225 286 000
======================================================
^C
!
line con 0
logging synchronous
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line vty 0 4
access-class 60 in
exec-timeout 30 0
logging synchronous
transport preferred none
transport input telnet ssh
transport output all
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
!
end

 

I want to allow https traffic

 

And how can i enable GUI on this router?

Thanks,

 

Carlos

 

1 Accepted Solution

Accepted Solutions

Hello


@carlosAlmeida80737 wrote:
The problem is when i test port forwarding it says its closed!
Port 80 its open and forwarding ok, but 443 not forwarding at all.
On my webserver its open, but the problem seems its on router!

Can yo access this web server via port 443 internally?

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

9 Replies 9

omz
VIP Alumni
VIP Alumni

Hi

To access the GUI you need to enable http/https on the router.

! HTTP server
ip HTTP server
! HTTPS server
ip http secure-server

To disabled - 

no ip http server
no ip http secure-server

Reza Sharifi
Hall of Fame
Hall of Fame

Hi Carlos,

 

It maybe that the server is not configured to support https. Also, if you want to access the switch/router via GUI, ip http server or  ip http-secure server for https should be used.

HTH

Ok. But Reza, i test to check if the port its open and still closed, port 80 its open but 443 still not open.
Did i have something wrong on router config?

As per understand the post, you want to portfoward port 80 to 443 , is this the IP you portwarding Switch ?

 

if you forwarding to web server, make sure Server Listing port 80 and 443 ports

 

you can test locally same network and confirm 80 and 443 working, before you test from outside network.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hello,

 

not sure if it makes a difference, but you don't need the 'extendable' keyword, since you are not translating the inside address to two different outside address. Try and configure the static NAT entries as below:

 

ip nat inside source static tcp 192.168.1.200 80 41.218.115.54 80
ip nat inside source static udp 192.168.1.200 80 41.218.115.54 80
ip nat inside source static tcp 192.168.1.200 443 41.218.115.54 443
ip nat inside source static udp 192.168.1.200 443 41.218.115.54 443

Hello
Your rtr configuration looks okay, no need to enable/disable web services on ther rtr itself unless you wish to manage it via HTTP(s).

@Reza Sharifi  suggested you need to make sure your internal web server is open for secure http (443) and you are not negating 443 access via any access-list you may have applied to your network


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

The problem is when i test port forwarding it says its closed!
Port 80 its open and forwarding ok, but 443 not forwarding at all.
On my webserver its open, but the problem seems its on router!

What kind of Web Server is this ? So you mean internally you able to connect https connection to that server ?

 

can you post taht information for us, to confirm server able to listen that port ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hello


@carlosAlmeida80737 wrote:
The problem is when i test port forwarding it says its closed!
Port 80 its open and forwarding ok, but 443 not forwarding at all.
On my webserver its open, but the problem seems its on router!

Can yo access this web server via port 443 internally?

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Review Cisco Networking for a $25 gift card