nammari
asked on
Port Forwarding and Vitrual Server in Cisco 800 Series
Hi All,
I have CISCO 800 Series Router that connects me to the internet thru a ADSL connection (with Fixed IP address). After that router I have my firewall to filter and monitor all the incoming and outgoing calls.
I have a webserver sitting behind that firewall and I need to be able to get to that web server from outside (internet). I did that with Non Cisco provider, but with CISCO it seems that I am having hard time.
Ive tried to useip nat inside source static <local address> <my global IP address>
but that didn't help!
Please find a copy of the Cisco configuration:
Current configuration : 4219 bytes
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname JCC
!
no logging buffered
enable secret 5 $1$pP3N$1.qVEuTStdyymHSb8F K06/
!
username adm password 7 09464D0A18011A1B054D
aaa new-model
!
!
aaa session-id common
ip subnet-zero
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool CLIENT
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
lease 0 2
!
ip dhcp pool LAN
import all
default-router 10.10.10.1
domain-name palnet.com
lease 0 2
!
ip dhcp pool LAN2
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
domain-name palnet.com
lease 0 2
!
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
description link to LAN
ip address 10.10.10.1 255.255.255.0 secondary
ip address 192.168.168.1 255.255.255.0
ip nat inside
ip tcp adjust-mss 1452
hold-queue 100 out
!
interface ATM0
no ip address
atm vc-per-vp 64
no atm ilmi-keepalive
pvc 8/35
pppoe-client dial-pool-number 1
!
dsl operating-mode auto
!
interface Dialer0
no ip address
!
interface Dialer1
ip address negotiated
ip access-group 111 in
ip mtu 1492
ip nat outside
ip inspect myfw out
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer remote-name redback
dialer-group 1
ppp authentication pap callin
ppp pap sent-username username@globalnet.ca password 7 08731E195040524045
ppp ipcp dns request
ppp ipcp wins request
!
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static tcp 192.168.168.2 5004 82.205.120.109 5004 extendabl
e
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
!
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 23 permit 217.66.226.0 0.0.0.255
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 23 permit 192.116.17.0 0.0.0.255
access-list 23 permit 192.168.168.0 0.0.0.255
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip 192.168.168.0 0.0.0.255 any
access-list 111 permit icmp any any administratively-prohibite d
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
access-list 111 permit tcp any any eq telnet
access-list 111 deny ip any any
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 120 0
password 7 12130614130F010D246A
length 0
!
scheduler max-task-time 5000
!
end
In my firewall, I defined a Vitrual IP that redirect all the incoming call from the Router IP on 5004 to the local lan for that webserver!!!
IP address of the adsl cisco router (LAN interface): 192.168.168.1
IP address of the firewall 192.168.168.2 (WAN interface)
Please help
I have CISCO 800 Series Router that connects me to the internet thru a ADSL connection (with Fixed IP address). After that router I have my firewall to filter and monitor all the incoming and outgoing calls.
I have a webserver sitting behind that firewall and I need to be able to get to that web server from outside (internet). I did that with Non Cisco provider, but with CISCO it seems that I am having hard time.
Ive tried to useip nat inside source static <local address> <my global IP address>
but that didn't help!
Please find a copy of the Cisco configuration:
Current configuration : 4219 bytes
!
version 12.3
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname JCC
!
no logging buffered
enable secret 5 $1$pP3N$1.qVEuTStdyymHSb8F
!
username adm password 7 09464D0A18011A1B054D
aaa new-model
!
!
aaa session-id common
ip subnet-zero
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool CLIENT
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
lease 0 2
!
ip dhcp pool LAN
import all
default-router 10.10.10.1
domain-name palnet.com
lease 0 2
!
ip dhcp pool LAN2
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
domain-name palnet.com
lease 0 2
!
!
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw smtp timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
description link to LAN
ip address 10.10.10.1 255.255.255.0 secondary
ip address 192.168.168.1 255.255.255.0
ip nat inside
ip tcp adjust-mss 1452
hold-queue 100 out
!
interface ATM0
no ip address
atm vc-per-vp 64
no atm ilmi-keepalive
pvc 8/35
pppoe-client dial-pool-number 1
!
dsl operating-mode auto
!
interface Dialer0
no ip address
!
interface Dialer1
ip address negotiated
ip access-group 111 in
ip mtu 1492
ip nat outside
ip inspect myfw out
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer remote-name redback
dialer-group 1
ppp authentication pap callin
ppp pap sent-username username@globalnet.ca password 7 08731E195040524045
ppp ipcp dns request
ppp ipcp wins request
!
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static tcp 192.168.168.2 5004 82.205.120.109 5004 extendabl
e
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
!
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 23 permit 217.66.226.0 0.0.0.255
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 23 permit 192.116.17.0 0.0.0.255
access-list 23 permit 192.168.168.0 0.0.0.255
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip 192.168.168.0 0.0.0.255 any
access-list 111 permit icmp any any administratively-prohibite
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
access-list 111 permit icmp any any packet-too-big
access-list 111 permit icmp any any time-exceeded
access-list 111 permit icmp any any traceroute
access-list 111 permit udp any eq bootps any eq bootps
access-list 111 permit udp any eq domain any
access-list 111 permit esp any any
access-list 111 permit udp any any eq isakmp
access-list 111 permit udp any any eq 10000
access-list 111 permit tcp any any eq 1723
access-list 111 permit tcp any any eq 139
access-list 111 permit udp any any eq netbios-ns
access-list 111 permit udp any any eq netbios-dgm
access-list 111 permit gre any any
access-list 111 permit tcp any any eq telnet
access-list 111 deny ip any any
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 120 0
no modem enable
stopbits 1
line aux 0
line vty 0 4
access-class 23 in
exec-timeout 120 0
password 7 12130614130F010D246A
length 0
!
scheduler max-task-time 5000
!
end
In my firewall, I defined a Vitrual IP that redirect all the incoming call from the Router IP on 5004 to the local lan for that webserver!!!
IP address of the adsl cisco router (LAN interface): 192.168.168.1
IP address of the firewall 192.168.168.2 (WAN interface)
Please help
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.