troubleshooting Question

Cisco router to allow access to internal web and mail servers

Avatar of lewylupo
lewylupo asked on
Routers
3 Comments1 Solution1263 ViewsLast Modified:
I am trying to configure my cisco 1811 router to allow public internet users to access my internal web and mail servers.  My network is currently illustrated below:

Business Cable Modem=> Cisco Router=> Internal LAN

Public IP address of cable modem is 74.95.83.214.  The insides inside interface of the cable modem is 192.168.1.1.
 
The cisco router Fastethernet 0 interface is 192.168.1.2.  

My current LAN is using 10.10.10.1 subnet PAT'ing to the 192.168.1.2 on the cisco router.

My web server is 10.10.10.12 and mail is 10.10.10.10.  

Do i create a static map like ip nat inside source static tcp 10.10.10.12 80 192.168.1.2 80 extendable?  I actually tried this but i still couldn't see my website.
Not sure where to go from here....
My config is below.  Any help would be great.  Thanks.




Current configuration : 11083 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname  XXXXX
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login userauthen local
aaa authorization network groupauthor local
!
aaa session-id common
!
resource policy!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.10
ip dhcp excluded-address 10.10.10.11
ip dhcp excluded-address 10.10.10.12
ip dhcp excluded-address 10.10.10.13
ip dhcp excluded-address 10.10.10.14
ip dhcp excluded-address 10.10.10.15
ip dhcp excluded-address 10.10.10.16
ip dhcp excluded-address 10.10.10.17
ip dhcp excluded-address 10.10.10.18
ip dhcp excluded-address 10.10.10.19
ip dhcp excluded-address 10.10.10.20
ip dhcp excluded-address 10.10.10.129
ip dhcp excluded-address 10.10.10.160
ip dhcp excluded-address 10.10.10.161
ip dhcp excluded-address 10.10.10.162
ip dhcp excluded-address 10.10.10.163
ip dhcp excluded-address 10.10.10.164
ip dhcp excluded-address 10.10.10.165
ip dhcp excluded-address 10.10.10.166
ip dhcp excluded-address 10.10.10.167
ip dhcp excluded-address 10.10.10.168
ip dhcp excluded-address 10.10.10.169
ip dhcp excluded-address 10.10.10.170
!
ip dhcp pool sdm-pool
   import all
   network 10.10.10.0 255.255.255.248
   default-router 10.10.10.1
   lease 0 2
!
ip dhcp pool 1800-ISR
   import all
   network 10.10.10.128 255.255.255.128
   default-router 10.10.10.1
   dns-server 68.87.71.226
!
!
ip domain name nextblueprint.com
ip name-server 68.87.73.242
ip name-server 68.87.71.226
ip inspect log drop-pkt
ip inspect name SDM_HIGH appfw SDM_HIGH
ip inspect name SDM_HIGH icmp
ip inspect name SDM_HIGH dns
ip inspect name SDM_HIGH esmtp
ip inspect name SDM_HIGH https
ip inspect name SDM_HIGH imap reset
ip inspect name SDM_HIGH pop3 reset
ip inspect name SDM_HIGH tcp
ip inspect name SDM_HIGH udp
!
crypto pki trustpoint TP-self-signed-2450939490
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2450939490
 revocation-check none
 rsakeypair TP-self-signed-2450939490
!
username ironbridge privilege 15 secret 5 $1$ff9D$Lo.vVL88uLrbgz3k8Be6m.
username XXXXXXX password 0 XXXXXX
!

crypto isakmp policy 3
 encr aes
 authentication pre-share
 group 2
!
crypto isakmp client configuration group XXXXXXX
 key XXXXXX
 dns 10.10.10.10 68.87.73.242
 wins 10.10.10.10
 domain nextblueprint.com
 pool ippool
!
!
crypto ipsec transform-set ironbridgeset esp-aes esp-sha-hmac
!
crypto dynamic-map dynmap 10
 set transform-set ironbridgeset
!
!
crypto map clientmap client authentication list userauthen
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
!
bridge irb
!
!
!
interface FastEthernet0
 description $FW_INSIDE$$ETH-LAN$
 ip address 192.168.1.2 255.255.255.128
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 crypto map clientmap
!
interface FastEthernet1
 description $FW_OUTSIDE$$ETH-LAN$
 no ip address
 ip verify unicast reverse-path
 ip nbar protocol-discovery
 ip inspect SDM_HIGH out
 shutdown
 duplex auto
 speed auto
 service-policy input sdmappfwp2p_SDM_HIGH
 service-policy output sdmappfwp2p_SDM_HIGH
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Dot11Radio0
 no ip address
 !
 encryption vlan 1 key 1 size 40bit 0 XXXXXXX transmit-key
 encryption vlan 1 mode wep mandatory
 !
 ssid ironbridge
    vlan 1
    authentication open
    guest-mode
 !
 speed basic-1.0 basic-2.0 basic-5.5 basic-6.0 basic-9.0 basic-11.0 basic-12.0 b
asic-18.0 basic-24.0 basic-36.0 basic-48.0 basic-54.0
 station-role root
 no dot11 extension aironet
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no snmp trap link-status
 no cdp enable
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
 no ip address
 shutdown
 !
 encryption vlan 1 key 1 size 40bit 0 XXXXXX transmit-key
 encryption vlan 1 mode wep mandatory
 !
 ssid ironbridge
    vlan 1
    authentication open
    guest-mode
 !
 speed basic-6.0 basic-9.0 basic-12.0 basic-18.0 basic-24.0 basic-36.0 basic-48.
0 basic-54.0
 station-role root
 no dot11 extension aironet
!
interface Dot11Radio1.1
 encapsulation dot1Q 1 native
 no snmp trap link-status
 no cdp enable
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$FW_INSIDE$
 ip address 10.10.10.1 255.255.255.128
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface Async1
 no ip address
 encapsulation slip
!
interface BVI1
 ip address 10.10.10.129 255.255.255.128
 ip nat inside
 ip virtual-reassembly
!
ip local pool ippool 10.10.0.1 10.10.0.10
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool pool1 192.168.1.3 192.168.1.100 netmask 255.255.255.0
ip nat pool pool2 192.168.1.101 192.168.1.200 netmask 255.255.255.0
ip nat inside source list 1 pool pool1 overload
ip nat inside source list 2 pool pool2 overload
ip nat inside source static tcp 10.10.10.12 8080 192.168.1.2 8080 extendable
!
logging trap warnings
logging 10.10.10.10
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 0.0.0.0 255.255.255.0
access-list 2 remark SDM_ACL Category=2
access-list 2 permit 10.10.10.128 0.0.0.127
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
line vty 0 4
 transport input telnet ssh
line vty 5 15
 transport input telnet ssh
!
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end

Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 3 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros