cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1505
Views
35
Helpful
21
Replies

Port Forwarding Web server

yarafat2010
Level 1
Level 1

i have a web application server which i am trying to access on the internet

private Ip : 192.168.1.x

public ip : 42.11.100.x ( this is one of the subnet ip of public IP)

Performed quick configuration wizard on my sonicwall firewall to create a web server.

and then i have performed IP nat on my cisco router

ip nat inside source 192.168.1.x 42.11.100.x extendable

int fe0/1 - ip nat inside (lan)

int fe0/2 ip nat outside (wan)

after this when trying to access the subnetted Ip 42.11.100.x outside, No result.

but on my LAN network, if i use this public IP , i can access the web App.

Can anyone please help , how i can make it work globally.

Note: I have sonicwall firwall behind the cisco router.

21 Replies 21

Hi,

if you can access same public access means, your NAT should work well. better check sonicwall policies for allowed traffic from outside to inside.

 

rate and mark as an answer, if this helped

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

balaji.bandi
Hall of Fame
Hall of Fame

enable debug and check is the traffic coming ?

 

#sh ip nat trans   - check is the translation working ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

When i check the Nat Translations it does show the Outside network IP trying to connect with Public IP 

gre 42.11.100.x:0 192.168.1.10:0 1.32.122.34:0 1.32.122.34:0
gre 42.11.100.x:0 192.168.1.10:0 115.95.122.8:0 115.95.122.8:0
gre 342.11.100.x:0 192.168.1.10:0 219.167.88.77:0 219.167.88.77:0
icmp 42.11.100.x:17 192.168.1.10:17 140.179.224.124:17 140.179.224.124:17
tcp 42.11.100.x:23 192.168.1.10:23 106.14.132.230:63187 106.14.132.230:63187
tcp 42.11.100.x:80 192.168.1.10:80 46.152.100.97:63517 46.152.100.97:63517
tcp 42.11.100.x:80 192.168.1.10:80 46.152.100.97:63518 46.152.100.97:63518
tcp 42.11.100.x:80 192.168.1.10:80 46.152.100.97:63520 46.152.100.97:63520
tcp 42.11.100.x:80 192.168.1.10:80 46.152.100.97:63526 46.152.100.97:63526
tcp 42.11.100.x:80 192.168.1.10:80 46.152.100.97:63527 46.152.100.97:63527
tcp 42.11.100.x:80 192.168.1.10:80 46.152.100.97:63529 46.152.100.97:63529
tcp 42.11.100.x:443 192.168.1.10:443 209.141.62.185:60257 209.141.62.185:60257
udp 42.11.100.x:5050 192.168.1.10:5050 45.134.144.41:5062 45.134.144.41:5062
udp 42.11.100.x:5060 192.168.1.10:5060 162.245.236.90:5197 162.245.236.90:5197
tcp 42.11.100.x:8100 192.168.1.10:8100 46.152.100.97:63519 46.152.100.97:63519
tcp 42.11.100.x:8100 192.168.1.10:8100 46.152.100.97:63528 46.152.100.97:63528

from your 192.168.1.X network are you able to reach snoicwall port 80 ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Yes, i can reach my sonicwall by using local IP internally

and also from outside as sonicwall also has public IP from subnet range.

Do you think the configuration on cisco is ok and i should check on the sonicwall  ?

 

Do you have a small diagram which we can understand, as it confuses, cisco router also Public IP, SonicWall also have Public IP, how these connections in the network?

 

where is that port 80 serving the traffic ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

we have DIA from ISP and the router is from them with a Public IP 42.11.100.60/29  ( we have range of IPs 42.11.100.57 - 60)

and the Soncwall WAN configured as IP : 42.11.100.59    -  GW : 42.11.100.60 

and our LAN IP on sonicwall is 192.168.1.1.

 

Hope this makes some clearity?

I am more looking at how these are connected?

 

ISP---(WAN)cisco router(LAN)---SONICWALL ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

its like this 

ISP WAN(cisco Router) 42.11.100.60  -  YES LAN SONICWALL

    |  

     -----Sonicwall (X0) WAN IP 42.11.100.59 Gateway 42.11.100.60

             Sonicwall (X1) LAN IP 192.168.1.1

As per the information In this situation, you do not need to do anything on the Cisco router side since Public IP already exposed to the Internet

You need most config on Sonicwall.(that is where NAT happens).

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Yeah First i am doing port forwarding on IP 42.11.100.57 on sonicwall and then i was doing port forwarding on cisco.

On sonicwall i have used the Quick Configuration to create port forwarding.

and used Local server IP and Port 443 translating to 42.11.100.57 but still not working.

do i need to select port 80 as well?

Lets Look the Traffic Flow here ?

 

From outside  Internet to inside 

 

user from Internet http:// or https://42.11.100.59  so below it happens.

 

If the ISP routed that block your Cisco router

 

---User request from the Internet--ISP--Cisco Router ---(Sonicwall (X0) WAN IP 42.11.100.59 ) -this is where NAT Take place - to your Local IP address (192.168.1.X)

 

If you did static NAT IP to IP all the ports are translated.

 

check on the Sonicwall Logs, when somebody initiate the connectionhttps://42.11.100.59  (is that reaching to Sonicwall)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Yes - IP 42.11.100.59 is accessible as we are using this for managing firewall over HTTP and HTTPS from outside

but after port forwarding local IP on public IP 42.11.100.57 , i can't access from internet, it says Error connection refused.

Just want to ask you, as i am using one ip from the public ip range which
is not configure anywhere and using for port forwarding. So do i need to
add anything specific on firewall like access rules or something.
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: