asked on
Cisco 837 router -- can't see servers on external address from internal network
Hi,
I have a Cisco 837 ADSL router which I'm just finishing setup on. I have a set of 5 static IPs from my ISP and have static NATs setup for two of them. I use these to publish web and email services.
The problem that I have is that these services (port 80, port 25, port 143) are open and properly routed so that from a client out in the internet somewhere, these servers can be accessed in the expected way -- send email to my email server, access my web server, etc..
From my internal network, I get a connection refused error message trying to access any of these services on the external (public) address. If I use the internal address, everything is fine. I'd like to get my network setup such that I can use either the internal or external address from any client on my internal network.
What am I missing here?
Thanks for the help... my current config is attached below.
Kevin
==========================
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname rwc-1
!
logging buffered 10240 debugging
enable secret 5 $1$.48J$mNUuDQC0FIUV9USBYK
!
clock timezone pdt -8
no aaa new-model
ip subnet-zero
no ip domain lookup
ip dhcp excluded-address 192.168.11.1 192.168.11.99
!
ip dhcp pool dhcp-1
network 192.168.11.0 255.255.255.0
default-router 192.168.11.1
dns-server 192.168.11.10 206.13.28.12 206.13.29.12
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
bridge irb
!
!
interface Ethernet0
ip address 192.168.11.1 255.255.255.0
ip nat inside
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/35
encapsulation aal5snap
!
dsl operating-mode auto
bridge-group 1
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface BVI1
ip address 67.xxx.xxx.zzz 255.255.255.248
ip nat outside
!
ip nat inside source list 1 interface BVI1 overload
ip nat inside source static tcp 192.168.11.10 25 67.xxx.xxx.xxx 25 extendable
ip nat inside source static tcp 192.168.11.10 80 67.xxx.xxx.xxx 80 extendable
ip nat inside source static tcp 192.168.11.10 143 67.xxx.xxx.xxx 143 extendable
ip nat inside source static tcp 192.168.11.30 80 67.xxx.xxx.yyy 80 extendable
ip nat inside source static tcp 192.168.11.11 3389 67.xxx.xxx.yyy 3389 extendable
ip nat inside source static tcp 192.168.11.10 443 67.xxx.xxx.xxx 443 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 67.xxx.xxx.www
ip http server
no ip http secure-server
!
logging 192.168.11.10
access-list 1 permit 192.168.11.0 0.0.0.255
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
no modem enable
line aux 0
line vty 0 4
password ********
login
!
scheduler max-task-time 5000
!
end
I have a Cisco 837 ADSL router which I'm just finishing setup on. I have a set of 5 static IPs from my ISP and have static NATs setup for two of them. I use these to publish web and email services.
The problem that I have is that these services (port 80, port 25, port 143) are open and properly routed so that from a client out in the internet somewhere, these servers can be accessed in the expected way -- send email to my email server, access my web server, etc..
From my internal network, I get a connection refused error message trying to access any of these services on the external (public) address. If I use the internal address, everything is fine. I'd like to get my network setup such that I can use either the internal or external address from any client on my internal network.
What am I missing here?
Thanks for the help... my current config is attached below.
Kevin
==========================
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname rwc-1
!
logging buffered 10240 debugging
enable secret 5 $1$.48J$mNUuDQC0FIUV9USBYK
!
clock timezone pdt -8
no aaa new-model
ip subnet-zero
no ip domain lookup
ip dhcp excluded-address 192.168.11.1 192.168.11.99
!
ip dhcp pool dhcp-1
network 192.168.11.0 255.255.255.0
default-router 192.168.11.1
dns-server 192.168.11.10 206.13.28.12 206.13.29.12
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
bridge irb
!
!
interface Ethernet0
ip address 192.168.11.1 255.255.255.0
ip nat inside
hold-queue 100 out
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/35
encapsulation aal5snap
!
dsl operating-mode auto
bridge-group 1
!
interface FastEthernet1
no ip address
duplex auto
speed auto
!
interface FastEthernet2
no ip address
duplex auto
speed auto
!
interface FastEthernet3
no ip address
duplex auto
speed auto
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface BVI1
ip address 67.xxx.xxx.zzz 255.255.255.248
ip nat outside
!
ip nat inside source list 1 interface BVI1 overload
ip nat inside source static tcp 192.168.11.10 25 67.xxx.xxx.xxx 25 extendable
ip nat inside source static tcp 192.168.11.10 80 67.xxx.xxx.xxx 80 extendable
ip nat inside source static tcp 192.168.11.10 143 67.xxx.xxx.xxx 143 extendable
ip nat inside source static tcp 192.168.11.30 80 67.xxx.xxx.yyy 80 extendable
ip nat inside source static tcp 192.168.11.11 3389 67.xxx.xxx.yyy 3389 extendable
ip nat inside source static tcp 192.168.11.10 443 67.xxx.xxx.xxx 443 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 67.xxx.xxx.www
ip http server
no ip http secure-server
!
logging 192.168.11.10
access-list 1 permit 192.168.11.0 0.0.0.255
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
no modem enable
line aux 0
line vty 0 4
password ********
login
!
scheduler max-task-time 5000
!
end
Broadband
Last Comment
grblades