Cisco 826 Web to server

Hi,

I have a Cisco 826 and i just use it to go on the internet. Now i have my personal website. The configuration at the moment allows only to go from my pc to the internet but not from the internet to my pc
So is it possible to open port 80 sow the can acces my website??

This is my configuration at the moment.

!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname azerty
!
enable password azerty
!
username azerty password azerty
!
!
!
!
ip subnet-zero
ip name-server 195.238.2.21
ip name-server 195.238.2.22
!
!
!
!
interface Ethernet0
 ip address 192.168.1.5 255.255.255.0
 no ip directed-broadcast
 ip nat inside
 no ip mroute-cache
 load-interval 30
 no keepalive
!
interface ATM0
 no ip address
 no ip directed-broadcast
 load-interval 30
 no atm ilmi-keepalive
 bundle-enable
 hold-queue 224 in
!
interface ATM0.1 point-to-point
 description Cisco 826 TurboLine OFFICE
 ip address 217.136.220.210 255.255.255.192
 no ip directed-broadcast
 ip nat outside
 pvc 0/35
 !
!
ip default-gateway 217.136.220.193
ip nat inside source list 2 interface ATM0.1 overload
ip nat inside source static tcp 192.168.1.2 25 interface ATM0.1 25
ip nat inside source static tcp 192.168.1.2 21 interface ATM0.1 21
ip nat inside source static tcp 192.168.1.2 80 interface ATM0.1 80
ip classless
ip route 0.0.0.0 0.0.0.0 217.136.220.193
no ip http server
!
!
vc-class atm Office
  inarp 30
  vbr-nrt 128 128 32
  inarp 30
  oam-pvc manage 30
  oam retry 6 2 10
  encapsulation aal5snap
access-list 1 permit 213.35.60.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
!
line con 0
 logging synchronous
 transport input none
 ip netmask-format decimal
 stopbits 1
line vty 0 4
 access-class 1 in
 exec-timeout 15 0
 login local
 ip netmask-format decimal
!
scheduler max-task-time 5000
end
jansorAsked:
Who is Participating?
 
JFrederick29Connect With a Mentor Commented:
I believe I've provided the correct configuration...

You can award me the points or otherwise, delete without refunding points.
0
 
JFrederick29Commented:
Is your web server running on 192.168.1.2?  If so, your static NAT looks good.  You are trying to connect to the Web server using the 217.136.220.210 IP address from outside your network right?
0
 
jansorAuthor Commented:
in my webserver are 2 network cards one intern and another for the internet
My intern network is ip 192.168.0.10
My network card for the internet 192.168.1.2 (this is the card where the cisco router is on)
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
JFrederick29Commented:
Okay, the following line "ip nat inside source static tcp 192.168.1.2 80 interface ATM0.1 80" is forwarding HTTP traffic destined to 217.136.220.210 to your web server (192.168.1.2).  This looks good.  From the outside you are using "http://217.136.220.210" right?

Remove the command, ip default-gateway 217.136.220.193:

en
conf t
no ip default-gateway 217.136.220.193

It is not necessary as you have IP routing enabled on the router.  
0
 
jansorAuthor Commented:
Yes i am using "http://217.136.220.210" to enter the website (i hope)
so now at the moment my config is as following:

!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname azerty
!
enable password azerty
!
username azerty password azerty
!
!
!
!
ip subnet-zero
ip name-server 195.238.2.21
ip name-server 195.238.2.22
!
!
!
!
interface Ethernet0
 ip address 192.168.1.5 255.255.255.0
 no ip directed-broadcast
 ip nat inside
 no ip mroute-cache
 load-interval 30
 no keepalive
!
interface ATM0
 no ip address
 no ip directed-broadcast
 load-interval 30
 no atm ilmi-keepalive
 bundle-enable
 hold-queue 224 in
!
interface ATM0.1 point-to-point
 description Cisco 826 TurboLine OFFICE
 ip address 217.136.220.210 255.255.255.192
 no ip directed-broadcast
 ip nat outside
 pvc 0/35
 !
!
no ip default-gateway 217.136.220.193
ip nat inside source list 2 interface ATM0.1 overload
ip nat inside source static tcp 192.168.1.2 25 interface ATM0.1 25
ip nat inside source static tcp 192.168.1.2 21 interface ATM0.1 21
ip nat inside source static tcp 192.168.1.2 80 interface ATM0.1 80
ip classless
ip route 0.0.0.0 0.0.0.0 217.136.220.193
no ip http server
!
!
vc-class atm Office
  inarp 30
  vbr-nrt 128 128 32
  inarp 30
  oam-pvc manage 30
  oam retry 6 2 10
  encapsulation aal5snap
access-list 1 permit 213.35.60.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
!
line con 0
 logging synchronous
 transport input none
 ip netmask-format decimal
 stopbits 1
line vty 0 4
 access-class 1 in
 exec-timeout 15 0
 login local
 ip netmask-format decimal
!
scheduler max-task-time 5000
end
0
 
JFrederick29Commented:
You might also want to try adding an access-list inbound on your ISP connection explicitly permitting web traffic.  For example:

access-list 101 permit udp any eq 53 any  <--- permit DNS lookups
access-list 101 permit tcp any any established  <--- permit TCP sessions initiated from the inside
access-list 101 permit tcp any any eq 80  <--- permit HTTP traffic to your web server
access-list 101 permit tcp any any eq 25  <--- permit SMTP traffic to your mail server
access-list 101 permit tcp any any eq 21  <--- permit FTP traffic to your FTP server
access-list 101 permit icmp any any echo-reply  <--- permit ICMP return packets

Apply it inbound on your ATM0.1 interface:

interface ATM0.1
ip access-group 101 in
0
 
jansorAuthor Commented:
Ok i am goiing to test it but it wil be for tomorow
But this is the script then right ??
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname azerty
!
enable password azerty
!
username azerty password azerty
!
!
!
!
ip subnet-zero
ip name-server 195.238.2.21
ip name-server 195.238.2.22
!
!
!
!
interface Ethernet0
 ip address 192.168.1.5 255.255.255.0
 no ip directed-broadcast
 ip nat inside
 no ip mroute-cache
 load-interval 30
 no keepalive
!
interface ATM0
 no ip address
 no ip directed-broadcast
 load-interval 30
 no atm ilmi-keepalive
 bundle-enable
 hold-queue 224 in
!
interface ATM0.1 point-to-point
 description Cisco 826 TurboLine OFFICE
 ip address 217.136.220.210 255.255.255.192
 ip access-group 101 in
 no ip directed-broadcast
 ip nat outside
 pvc 0/35
 !
!
no ip default-gateway 217.136.220.193
ip nat inside source list 2 interface ATM0.1 overload
ip nat inside source static tcp 192.168.1.2 25 interface ATM0.1 25
ip nat inside source static tcp 192.168.1.2 21 interface ATM0.1 21
ip nat inside source static tcp 192.168.1.2 80 interface ATM0.1 80
ip classless
ip route 0.0.0.0 0.0.0.0 217.136.220.193
no ip http server
!
!
vc-class atm Office
  inarp 30
  vbr-nrt 128 128 32
  inarp 30
  oam-pvc manage 30
  oam retry 6 2 10
  encapsulation aal5snap
access-list 1 permit 213.35.60.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 101 permit udp any eq 53 any  
access-list 101 permit tcp any any established
access-list 101 permit tcp any any eq 80  
access-list 101 permit tcp any any eq 25
access-list 101 permit tcp any any eq 21
access-list 101 permit icmp any any echo-reply
!
line con 0
 logging synchronous
 transport input none
 ip netmask-format decimal
 stopbits 1
line vty 0 4
 access-class 1 in
 exec-timeout 15 0
 login local
 ip netmask-format decimal
!
scheduler max-task-time 5000
end
0
 
JFrederick29Commented:
Yes, looks good.
0
 
jansorAuthor Commented:
Hello,

there is stil a problem when i ping this ip i get the following fault.
Pingen naar 217.136.220.210 met 32 bytes aan gegevens:

Antwoord van 217.136.220.210: Het doelnetwerk is niet bereikbaar.
Antwoord van 217.136.220.210: Het doelnetwerk is niet bereikbaar.
Antwoord van 217.136.220.210: Het doelnetwerk is niet bereikbaar.
Antwoord van 217.136.220.210: Het doelnetwerk is niet bereikbaar.

Ping-statistieken voor 217.136.220.210:
    Pakketten: verzonden = 4, ontvangen = 4, verloren = 0
    (0% verlies).

De gemiddelde tijd voor het uitvoeren van één bewerking in milliseconden:
    Minimum = 0ms, Maximum = 0ms, Gemiddelde = 0ms

also When i try to use IE http://217.136.220.210
i get a time out error or a DNS Fault??
0
 
JFrederick29Commented:
You won't be able to ping the address from the outside as you are denying it via the access-list.

Could your ISP possibly be denying inbound HTTP?  Some ISP's don't allow you to run web or other servers.  You may want to check with them as your configuration looks fine.  Does inbound SMTP and FTP work (the other ports you are forwarding)?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.