Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3439
Views
0
Helpful
15
Replies

Inside web Server on 2811

kirilkoltchakov
Community Member

‎10-04-2006 08:34 AM

Hello,

I configured this router to use NAT overloaded to get access for any computer on the LAN to Internet.

I configured (I thnik) a static routes to get in the LAN WebServer from outside, but there is no effect, I can't reach the server. Could help please:

********* cut **********

show config

Using 1842 out of 245752 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

!

no aaa new-model

!

resource policy

!

clock timezone Paris 1

clock summer-time Paris date Mar 30 2003 2:00 Oct 26 2003 3:00

!

!

ip cef

!

no ip domain lookup

ip name-server 194.x.x.100

ip name-server 194.x.x.101

!

!

crypto pki trustpoint TP-self-signed-1487781583

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1487781583

revocation-check none

rsakeypair TP-self-signed-1487781583

!

!

crypto pki certificate chain TP-self-signed-1487781583

certificate self-signed 01 nvram:IOS-Self-Sig#3301.cer

username MyUser privilege 15 password 0 MyPassword

!

!

!

!

interface FastEthernet0/0

description LAN Plainsa Cuenca$ETH-LAN$

ip address 192.168.0.2 255.255.255.0

ip nat inside

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface ATM0/0/0

no ip address

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0/0/0.2 point-to-point

ip address "My Public IP" 255.255.255.192

ip nat outside

no snmp trap link-status

pvc 8/32

encapsulation aal5snap

!

ip route 0.0.0.0 0.0.0.0 ATM0/0/0.2

!

ip http server

ip http authentication local

ip http secure-server

ip nat inside source list 1 interface ATM0/0/0.2 overload

ip nat inside source static tcp 192.168.0.3 21 interface ATM0/0/0.2 21

ip nat inside source static tcp 192.168.0.19 80 interface ATM0/0/0.2 81

ip nat inside source static tcp 192.168.0.3 3389 interface ATM0/0/0.2 3389

!

access-list 1 permit 192.168.0.0 0.0.0.255

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet ssh

!

scheduler allocate 20000 1000

!

end

******** end cut *******

this is the debug info of "debug ip nat detailed" (the address 217.x.x.217 is not the real address, I change it in this letter only):

*Oct 4 17:29:20.631: NAT*: o: tcp (83.34.16.82, 12200) -> (217.217.217.217, 81) [53017]

*Oct 4 17:29:20.631: NAT*: o: tcp (83.34.16.82, 12200) -> (217.217.217.217, 81) [53017]

*Oct 4 17:29:20.631: NAT*: TCP s=12200, d=81->80

*Oct 4 17:29:20.631: NAT*: s=83.34.16.82, d=217.217.217.217->192.168.0.19 [53017]

*Oct 4 17:29:23.599: NAT*: o: tcp (83.34.16.82, 12200) -> (217.217.217.217, 81) [53020]

*Oct 4 17:29:23.599: NAT*: TCP s=12200, d=81->80

*Oct 4 17:29:23.603: NAT*: s=83.34.16.82, d=217.217.217.217->192.168.0.19 [53020]

*Oct 4 17:29:29.607: NAT*: o: tcp (83.34.16.82, 12200) -> (217.217.217.217, 81) [53022]

*Oct 4 17:29:29.607: NAT*: TCP s=12200, d=81->80

*Oct 4 17:29:29.607: NAT*: s=83.34.16.82, d=217.217.217.217->192.168.0.19 [53022]

*Oct 4 17:30:29.775: NAT: expiring 217.217.217.217 (192.168.0.19) tcp 81 (80)

Router#show ip nat translations

Pro Inside global Inside local Outside local Outside global

tcp 217.217.217.217:21 192.168.0.3:21 --- ---

tcp 217.217.217.217:3389 192.168.0.3:3389 --- ---

tcp 217.217.217.217:81 192.168.0.19:80 83.34.16.82:12202 83.34.16.82:12202

tcp 217.217.217.217:81 192.168.0.19:80 --- ---

Thank you in advance!

Labels:
0 Helpful
15 Replies 15

kirilkoltchakov
Community Member

‎11-16-2006 10:33 AM

Hello,

Resolved!

I put this for future information for who has similar problem:

finaly I resolved this problem. The problem was not the configuration of the 2811.

The problem was the default gateway of the web-server computer. In my case I have two routers - 192.168.0.1 and 192.168.0.2. The default gateway of the web-server is 192.168.0.1 but the access to it is true 192.168.0.2 (inside lan address). Then when the remote client try to connect via router X.X.X.X - 192.168.0.2 the web-server try to respond via 192.168.0.1 but there is not tcp connection this way. The connection is opened by remote cliente via 192.168.0.2.

When I put the default gateway to 192.168.0.2 everythink works fine.

Thanks everybody who's try to help!!!

Regards, Kiril.

0 Helpful
Customers Also Viewed These Support Documents