Solved

Cisco 826 Web to server

Posted on 2004-08-11
11
383 Views
Last Modified: 2013-12-14
Hi,

I have a Cisco 826 and i just use it to go on the internet. Now i have my personal website. The configuration at the moment allows only to go from my pc to the internet but not from the internet to my pc
So is it possible to open port 80 sow the can acces my website??

This is my configuration at the moment.

!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname azerty
!
enable password azerty
!
username azerty password azerty
!
!
!
!
ip subnet-zero
ip name-server 195.238.2.21
ip name-server 195.238.2.22
!
!
!
!
interface Ethernet0
 ip address 192.168.1.5 255.255.255.0
 no ip directed-broadcast
 ip nat inside
 no ip mroute-cache
 load-interval 30
 no keepalive
!
interface ATM0
 no ip address
 no ip directed-broadcast
 load-interval 30
 no atm ilmi-keepalive
 bundle-enable
 hold-queue 224 in
!
interface ATM0.1 point-to-point
 description Cisco 826 TurboLine OFFICE
 ip address 217.136.220.210 255.255.255.192
 no ip directed-broadcast
 ip nat outside
 pvc 0/35
 !
!
ip default-gateway 217.136.220.193
ip nat inside source list 2 interface ATM0.1 overload
ip nat inside source static tcp 192.168.1.2 25 interface ATM0.1 25
ip nat inside source static tcp 192.168.1.2 21 interface ATM0.1 21
ip nat inside source static tcp 192.168.1.2 80 interface ATM0.1 80
ip classless
ip route 0.0.0.0 0.0.0.0 217.136.220.193
no ip http server
!
!
vc-class atm Office
  inarp 30
  vbr-nrt 128 128 32
  inarp 30
  oam-pvc manage 30
  oam retry 6 2 10
  encapsulation aal5snap
access-list 1 permit 213.35.60.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
!
line con 0
 logging synchronous
 transport input none
 ip netmask-format decimal
 stopbits 1
line vty 0 4
 access-class 1 in
 exec-timeout 15 0
 login local
 ip netmask-format decimal
!
scheduler max-task-time 5000
end
0
Comment
Question by:jansor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
11 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 11771892
Is your web server running on 192.168.1.2?  If so, your static NAT looks good.  You are trying to connect to the Web server using the 217.136.220.210 IP address from outside your network right?
0
 

Author Comment

by:jansor
ID: 11772207
in my webserver are 2 network cards one intern and another for the internet
My intern network is ip 192.168.0.10
My network card for the internet 192.168.1.2 (this is the card where the cisco router is on)
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 11772799
Okay, the following line "ip nat inside source static tcp 192.168.1.2 80 interface ATM0.1 80" is forwarding HTTP traffic destined to 217.136.220.210 to your web server (192.168.1.2).  This looks good.  From the outside you are using "http://217.136.220.210" right?

Remove the command, ip default-gateway 217.136.220.193:

en
conf t
no ip default-gateway 217.136.220.193

It is not necessary as you have IP routing enabled on the router.  
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:jansor
ID: 11773488
Yes i am using "http://217.136.220.210" to enter the website (i hope)
so now at the moment my config is as following:

!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname azerty
!
enable password azerty
!
username azerty password azerty
!
!
!
!
ip subnet-zero
ip name-server 195.238.2.21
ip name-server 195.238.2.22
!
!
!
!
interface Ethernet0
 ip address 192.168.1.5 255.255.255.0
 no ip directed-broadcast
 ip nat inside
 no ip mroute-cache
 load-interval 30
 no keepalive
!
interface ATM0
 no ip address
 no ip directed-broadcast
 load-interval 30
 no atm ilmi-keepalive
 bundle-enable
 hold-queue 224 in
!
interface ATM0.1 point-to-point
 description Cisco 826 TurboLine OFFICE
 ip address 217.136.220.210 255.255.255.192
 no ip directed-broadcast
 ip nat outside
 pvc 0/35
 !
!
no ip default-gateway 217.136.220.193
ip nat inside source list 2 interface ATM0.1 overload
ip nat inside source static tcp 192.168.1.2 25 interface ATM0.1 25
ip nat inside source static tcp 192.168.1.2 21 interface ATM0.1 21
ip nat inside source static tcp 192.168.1.2 80 interface ATM0.1 80
ip classless
ip route 0.0.0.0 0.0.0.0 217.136.220.193
no ip http server
!
!
vc-class atm Office
  inarp 30
  vbr-nrt 128 128 32
  inarp 30
  oam-pvc manage 30
  oam retry 6 2 10
  encapsulation aal5snap
access-list 1 permit 213.35.60.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
!
line con 0
 logging synchronous
 transport input none
 ip netmask-format decimal
 stopbits 1
line vty 0 4
 access-class 1 in
 exec-timeout 15 0
 login local
 ip netmask-format decimal
!
scheduler max-task-time 5000
end
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 11773673
You might also want to try adding an access-list inbound on your ISP connection explicitly permitting web traffic.  For example:

access-list 101 permit udp any eq 53 any  <--- permit DNS lookups
access-list 101 permit tcp any any established  <--- permit TCP sessions initiated from the inside
access-list 101 permit tcp any any eq 80  <--- permit HTTP traffic to your web server
access-list 101 permit tcp any any eq 25  <--- permit SMTP traffic to your mail server
access-list 101 permit tcp any any eq 21  <--- permit FTP traffic to your FTP server
access-list 101 permit icmp any any echo-reply  <--- permit ICMP return packets

Apply it inbound on your ATM0.1 interface:

interface ATM0.1
ip access-group 101 in
0
 

Author Comment

by:jansor
ID: 11773988
Ok i am goiing to test it but it wil be for tomorow
But this is the script then right ??
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname azerty
!
enable password azerty
!
username azerty password azerty
!
!
!
!
ip subnet-zero
ip name-server 195.238.2.21
ip name-server 195.238.2.22
!
!
!
!
interface Ethernet0
 ip address 192.168.1.5 255.255.255.0
 no ip directed-broadcast
 ip nat inside
 no ip mroute-cache
 load-interval 30
 no keepalive
!
interface ATM0
 no ip address
 no ip directed-broadcast
 load-interval 30
 no atm ilmi-keepalive
 bundle-enable
 hold-queue 224 in
!
interface ATM0.1 point-to-point
 description Cisco 826 TurboLine OFFICE
 ip address 217.136.220.210 255.255.255.192
 ip access-group 101 in
 no ip directed-broadcast
 ip nat outside
 pvc 0/35
 !
!
no ip default-gateway 217.136.220.193
ip nat inside source list 2 interface ATM0.1 overload
ip nat inside source static tcp 192.168.1.2 25 interface ATM0.1 25
ip nat inside source static tcp 192.168.1.2 21 interface ATM0.1 21
ip nat inside source static tcp 192.168.1.2 80 interface ATM0.1 80
ip classless
ip route 0.0.0.0 0.0.0.0 217.136.220.193
no ip http server
!
!
vc-class atm Office
  inarp 30
  vbr-nrt 128 128 32
  inarp 30
  oam-pvc manage 30
  oam retry 6 2 10
  encapsulation aal5snap
access-list 1 permit 213.35.60.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 101 permit udp any eq 53 any  
access-list 101 permit tcp any any established
access-list 101 permit tcp any any eq 80  
access-list 101 permit tcp any any eq 25
access-list 101 permit tcp any any eq 21
access-list 101 permit icmp any any echo-reply
!
line con 0
 logging synchronous
 transport input none
 ip netmask-format decimal
 stopbits 1
line vty 0 4
 access-class 1 in
 exec-timeout 15 0
 login local
 ip netmask-format decimal
!
scheduler max-task-time 5000
end
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 11774058
Yes, looks good.
0
 

Author Comment

by:jansor
ID: 11784154
Hello,

there is stil a problem when i ping this ip i get the following fault.
Pingen naar 217.136.220.210 met 32 bytes aan gegevens:

Antwoord van 217.136.220.210: Het doelnetwerk is niet bereikbaar.
Antwoord van 217.136.220.210: Het doelnetwerk is niet bereikbaar.
Antwoord van 217.136.220.210: Het doelnetwerk is niet bereikbaar.
Antwoord van 217.136.220.210: Het doelnetwerk is niet bereikbaar.

Ping-statistieken voor 217.136.220.210:
    Pakketten: verzonden = 4, ontvangen = 4, verloren = 0
    (0% verlies).

De gemiddelde tijd voor het uitvoeren van één bewerking in milliseconden:
    Minimum = 0ms, Maximum = 0ms, Gemiddelde = 0ms

also When i try to use IE http://217.136.220.210
i get a time out error or a DNS Fault??
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 11784390
You won't be able to ping the address from the outside as you are denying it via the access-list.

Could your ISP possibly be denying inbound HTTP?  Some ISP's don't allow you to run web or other servers.  You may want to check with them as your configuration looks fine.  Does inbound SMTP and FTP work (the other ports you are forwarding)?
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 12075818
I believe I've provided the correct configuration...

You can award me the points or otherwise, delete without refunding points.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
cable internet & rain- connection between them. 8 141
Internet redundancy 11 92
comcast router experience... 3 77
Sonicwall tz215 internet speed slow  help 56 1,358
    Over the past few years, small business and home owners have become so dependent on internet that a need for redundancy has arisen.    What happens when your small business or home / home office loses its internet connection?  The results c…
Cable Modem Provisioning from DPoE compliant server  This Article is to support CMTS administrators to provide an overview of DOCSIS compliance configuration file, and to provision a cable modem located at customer place from a Back office serve…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question