ā11-05-2021 08:51 AM
i have a web application server which i am trying to access on the internet
private Ip : 192.168.1.x
public ip : 42.11.100.x ( this is one of the subnet ip of public IP)
Performed quick configuration wizard on my sonicwall firewall to create a web server.
and then i have performed IP nat on my cisco router
ip nat inside source 192.168.1.x 42.11.100.x extendable
int fe0/1 - ip nat inside (lan)
int fe0/2 ip nat outside (wan)
after this when trying to access the subnetted Ip 42.11.100.x outside, No result.
but on my LAN network, if i use this public IP , i can access the web App.
Can anyone please help , how i can make it work globally.
Note: I have sonicwall firwall behind the cisco router.
ā11-05-2021 08:54 AM
Hi,
if you can access same public access means, your NAT should work well. better check sonicwall policies for allowed traffic from outside to inside.
rate and mark as an answer, if this helped
ā11-05-2021 08:59 AM
enable debug and check is the traffic coming ?
#sh ip nat trans - check is the translation working ?
ā11-05-2021 09:30 AM
When i check the Nat Translations it does show the Outside network IP trying to connect with Public IP
gre 42.11.100.x:0 192.168.1.10:0 1.32.122.34:0 1.32.122.34:0
gre 42.11.100.x:0 192.168.1.10:0 115.95.122.8:0 115.95.122.8:0
gre 342.11.100.x:0 192.168.1.10:0 219.167.88.77:0 219.167.88.77:0
icmp 42.11.100.x:17 192.168.1.10:17 140.179.224.124:17 140.179.224.124:17
tcp 42.11.100.x:23 192.168.1.10:23 106.14.132.230:63187 106.14.132.230:63187
tcp 42.11.100.x:80 192.168.1.10:80 46.152.100.97:63517 46.152.100.97:63517
tcp 42.11.100.x:80 192.168.1.10:80 46.152.100.97:63518 46.152.100.97:63518
tcp 42.11.100.x:80 192.168.1.10:80 46.152.100.97:63520 46.152.100.97:63520
tcp 42.11.100.x:80 192.168.1.10:80 46.152.100.97:63526 46.152.100.97:63526
tcp 42.11.100.x:80 192.168.1.10:80 46.152.100.97:63527 46.152.100.97:63527
tcp 42.11.100.x:80 192.168.1.10:80 46.152.100.97:63529 46.152.100.97:63529
tcp 42.11.100.x:443 192.168.1.10:443 209.141.62.185:60257 209.141.62.185:60257
udp 42.11.100.x:5050 192.168.1.10:5050 45.134.144.41:5062 45.134.144.41:5062
udp 42.11.100.x:5060 192.168.1.10:5060 162.245.236.90:5197 162.245.236.90:5197
tcp 42.11.100.x:8100 192.168.1.10:8100 46.152.100.97:63519 46.152.100.97:63519
tcp 42.11.100.x:8100 192.168.1.10:8100 46.152.100.97:63528 46.152.100.97:63528
ā11-05-2021 09:44 AM
from your 192.168.1.X network are you able to reach snoicwall port 80 ?
ā11-05-2021 10:54 PM
Yes, i can reach my sonicwall by using local IP internally
and also from outside as sonicwall also has public IP from subnet range.
Do you think the configuration on cisco is ok and i should check on the sonicwall ?
ā11-06-2021 01:09 AM
Do you have a small diagram which we can understand, as it confuses, cisco router also Public IP, SonicWall also have Public IP, how these connections in the network?
where is that port 80 serving the traffic ?
ā11-06-2021 02:15 AM - edited ā11-06-2021 02:15 AM
we have DIA from ISP and the router is from them with a Public IP 42.11.100.60/29 ( we have range of IPs 42.11.100.57 - 60)
and the Soncwall WAN configured as IP : 42.11.100.59 - GW : 42.11.100.60
and our LAN IP on sonicwall is 192.168.1.1.
Hope this makes some clearity?
ā11-06-2021 02:22 AM
I am more looking at how these are connected?
ISP---(WAN)cisco router(LAN)---SONICWALL ?
ā11-06-2021 02:29 AM - edited ā11-06-2021 02:30 AM
its like this
ISP WAN(cisco Router) 42.11.100.60 - YES LAN SONICWALL
|
-----Sonicwall (X0) WAN IP 42.11.100.59 Gateway 42.11.100.60
Sonicwall (X1) LAN IP 192.168.1.1
ā11-06-2021 02:40 AM
As per the information In this situation, you do not need to do anything on the Cisco router side since Public IP already exposed to the Internet
You need most config on Sonicwall.(that is where NAT happens).
ā11-06-2021 03:05 AM
Yeah First i am doing port forwarding on IP 42.11.100.57 on sonicwall and then i was doing port forwarding on cisco.
On sonicwall i have used the Quick Configuration to create port forwarding.
and used Local server IP and Port 443 translating to 42.11.100.57 but still not working.
do i need to select port 80 as well?
ā11-06-2021 03:26 AM
Lets Look the Traffic Flow here ?
From outside Internet to inside
user from Internet http:// or https://42.11.100.59 so below it happens.
If the ISP routed that block your Cisco router
---User request from the Internet--ISP--Cisco Router ---(Sonicwall (X0) WAN IP 42.11.100.59 ) -this is where NAT Take place - to your Local IP address (192.168.1.X)
If you did static NAT IP to IP all the ports are translated.
check on the Sonicwall Logs, when somebody initiate the connectionhttps://42.11.100.59 (is that reaching to Sonicwall)
ā11-06-2021 03:35 AM
Yes - IP 42.11.100.59 is accessible as we are using this for managing firewall over HTTP and HTTPS from outside
but after port forwarding local IP on public IP 42.11.100.57 , i can't access from internet, it says Error connection refused.
ā11-06-2021 12:55 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide