Link to home
Create AccountLog in
Avatar of vikrantambhore
vikrantambhoreFlag for India

asked on

NAT Issue

Hello All Experts,

We have Cisco 877 w router, I plugged Polycom video Conferencing unit  into Cisco, & gave Static IP 10.10.10.2,  I am able to access this unit on browser by http://10.10.10.2, we have Public Ip address 203.X.X.X as soon someone dial that IP using their VC unit it should rich our internal IP address 10.10.10.2  also should we be able to get to that when we type203.X.X.X,
from out of office, I think issue is in NAT, but I can't understand

Can anyone help me ?

Regards
comteam#sh run
Building configuration...

Current configuration : 7986 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname comteam
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-814900924
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-814900924
 revocation-check none
 rsakeypair TP-self-signed-814900924
!
!
crypto pki certificate chain TP-self-signed-814900924
 certificate self-signed 01
  3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 38313439 30303932 34301E17 0D313031 32313230 38323934
  395A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3831 34393030
  39323430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  E9EF51C3 C77CA2DA 2C06B1DD 4099F308 CBBAA8CB 963E1531 E74C5260 DD9ED17E
  7C1FF7F7 624D3C8A 75894902 BBF2B7CF BE3D8386 B8655693 DCA7E7CB C282D672
  8FC4360C EE032BA2 B685627D DE4DFC39 F39F8D65 23EE720D F5BE2297 96BBF6E4
  65F8947A FFBCDEC9 17772266 0105B4D5 1A81796C 10836ADC F6272826 271C29E3
  02030100 01A37630 74300F06 03551D13 0101FF04 05300301 01FF3021 0603551D
  11041A30 18821663 6F6D7465 616D2E79 6F757264 6F6D6169 6E2E636F 6D301F06
  03551D23 04183016 8014F899 77021298 0AD7AB9E 668987B0 2D2810EF BC93301D
  0603551D 0E041604 14F89977 0212980A D7AB9E66 8987B02D 2810EFBC 93300D06
  092A8648 86F70D01 01040500 03818100 2006DF1D 4379C8C3 9A36A316 79A98E01
  B4474F4F 435A0BE2 3B7014D8 6E78176C 2FC623D0 8AD528B3 193ED349 6CC844DD
  DD82F74C D60A0E6B FF7CCA37 DBE7E8FA 32385098 3A94F2B2 BBA04F6C C3AFCA2C
  38CA6741 7E2690D5 BCD31E58 1D7B8638 0007545E 9F11EB3B 72AE0044 A26AC50E
  8D2DF0D3 35EE4C48 B18533C9 3A643261
        quit
dot11 syslog
!
dot11 ssid comteam
   vlan 1
   authentication open
   authentication key-management wpa
   guest-mode
   wpa-psk ascii 7 XXXXXXXXX
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.2
!
ip dhcp pool sdm-pool
   import all
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
   dns-server 10.10.10.1
   lease 0 2
!
!
ip domain name yourdomain.com
ip name-server 203.0.178.191
ip name-server 203.215.29.191
!
!
!
username XXXXXXXXX privilege 15 password XXXXXXXXX
!
!
archive
 log config
  hidekeys
!
!
!
class-map match-all Streaming-Video
 match access-group 103
class-map match-all video-conf
 match access-group 102
class-map match-all Video-Conf
 match access-group 102
!
!
policy-map qos-policy
 class video-conf
  bandwidth 512
 class class-default
  fair-queue
!
!
bridge irb
!
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.1 point-to-point
 pvc 8/35
  pppoe-client dial-pool-number 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
 no ip address
 ip nat inside
 ip virtual-reassembly
 !
 encryption vlan 1 mode ciphers tkip
 !
 ssid comteam
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
 54.0
 station-role root
!
interface Dot11Radio0.1
 encapsulation dot1Q 1 native
 no cdp enable
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Vlan1
 no ip address
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1412
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface Dialer0
 mtu 1454
 ip address negotiated
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 ip tcp adjust-mss 1360
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap callin
 ppp chap refuse
 ppp pap sent-username computerteam password 7 030E71051F0B74696F18
!
interface BVI1
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 0.0.0.0 0.0.0.0 ATM0
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source list ToNAT interface Dialer0 overload
ip nat inside source static tcp 10.10.10.2 80 interface Dialer0 80
ip nat inside source static tcp 10.10.10.2 389 interface Dialer0 389
ip nat inside source static tcp 10.10.10.2 1503 interface Dialer0 1503
ip nat inside source static tcp 10.10.10.2 1720 interface Dialer0 1720
ip nat inside source static udp 10.10.10.2 80 interface Dialer0 80
ip nat inside source static udp 10.10.10.2 389 interface Dialer0 389
ip nat inside source static udp 10.10.10.2 1503 interface Dialer0 1503
ip nat inside source static udp 10.10.10.2 1720 interface Dialer0 1720
ip nat inside source static tcp 10.10.10.2 3230 interface Dialer0 3230
ip nat inside source static tcp 10.10.10.2 3231 interface Dialer0 3231
ip nat inside source static tcp 10.10.10.2 3232 interface Dialer0 3232
ip nat inside source static tcp 10.10.10.2 3233 interface Dialer0 3233
ip nat inside source static tcp 10.10.10.2 3234 interface Dialer0 3234
ip nat inside source static tcp 10.10.10.2 3235 interface Dialer0 3235
ip nat inside source static udp 10.10.10.2 3230 interface Dialer0 3230
ip nat inside source static udp 10.10.10.2 3231 interface Dialer0 3231
ip nat inside source static udp 10.10.10.2 3232 interface Dialer0 3232
ip nat inside source static udp 10.10.10.2 3233 interface Dialer0 3233
ip nat inside source static udp 10.10.10.2 3234 interface Dialer0 3234
ip nat inside source static udp 10.10.10.2 3235 interface Dialer0 3235
!
ip access-list extended ToNAT
 permit ip 10.10.10.0 0.0.0.255 any
!
no cdp run
!
!
!
control-plane
!
bridge 1 route ip

!
line con 0
 password 7 011009094B1E120A33584B08145346445A
 login local
 no modem enable
line aux 0
 password 7 011009094B1E120A33584B08145346445A
 login local
line vty 0 4
 access-class 23 in
 privilege level 15
 password 7 011009094B1E120A33584B08145346445A
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
end

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of lost_enigma
lost_enigma

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of vikrantambhore

ASKER

Hello,

My customer said he required it, he want to access VC through Static IP,

don't know why
Anyone is there to help me, we need to access Polycom from Outside
Avatar of lost_enigma
lost_enigma

wait, NAT is looks correct.
What is the question?
I gave you full specify about other ports. some of them is not opened at your firewall/NAT.
Did you make NAT rules for other ports necessary for h323?
I know dear, NAT is looks correct, then why I am unable to access Polycom from Outside
I am using below fixed ports for video & Audio in Polycom, all ports are working fine exclude Port 80

ip nat inside source list ToNAT interface Dialer0 overload
ip nat inside source static tcp 10.10.10.2 80 interface Dialer0 80
ip nat inside source static tcp 10.10.10.2 389 interface Dialer0 389
ip nat inside source static tcp 10.10.10.2 1503 interface Dialer0 1503
ip nat inside source static tcp 10.10.10.2 1720 interface Dialer0 1720
ip nat inside source static udp 10.10.10.2 80 interface Dialer0 80
ip nat inside source static udp 10.10.10.2 389 interface Dialer0 389
ip nat inside source static udp 10.10.10.2 1503 interface Dialer0 1503
ip nat inside source static udp 10.10.10.2 1720 interface Dialer0 1720
ip nat inside source static tcp 10.10.10.2 3230 interface Dialer0 3230
ip nat inside source static tcp 10.10.10.2 3231 interface Dialer0 3231
ip nat inside source static tcp 10.10.10.2 3232 interface Dialer0 3232
ip nat inside source static tcp 10.10.10.2 3233 interface Dialer0 3233
ip nat inside source static tcp 10.10.10.2 3234 interface Dialer0 3234
ip nat inside source static tcp 10.10.10.2 3235 interface Dialer0 3235
ip nat inside source static udp 10.10.10.2 3230 interface Dialer0 3230
ip nat inside source static udp 10.10.10.2 3231 interface Dialer0 3231
ip nat inside source static udp 10.10.10.2 3232 interface Dialer0 3232
ip nat inside source static udp 10.10.10.2 3233 interface Dialer0 3233
ip nat inside source static udp 10.10.10.2 3234 interface Dialer0 3234
ip nat inside source static udp 10.10.10.2 3235 interface Dialer0 3235
so, cant access - you mean by web only?

Calls are making correctly?

I think easiest way try to view nat translations or try to debug nat rules (if it is working)

try to change the web publishing rule like this
ip nat inside source static tcp 10.10.10.2 80 interface Dialer0 80 extendable

If not help - i think you should check your device settings, i mean polycom. possibly some web restrictions or misconfiguration are there.
Hi bro,

I can Access this untit perfectly in LAN by http://10.10.10.2
I can make Call correctly
I need to access this unit through Outside
SOLUTION
Avatar of ArneLovius
ArneLovius
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
just requesting a delete without any reason ?
Issue has been solved by my own level ?

Thank for giving time to help
If you post the solution it would be appreciated.
No prob,

Issue has been fix only by ip nat sourse static tcp 10.10.10.2 80 interface Dialer 0 8080
 
anyway thanks for your Help ArneLovius, Sorry I can't accept ur solution in this comment
Your "solution" is not valid
Can u explain why it's not Valid, My issue has been solved by entering above command now I'm able  to access VC unti by http://203.X.X.X:8080 from Out side,

I know My issue is fix so please  can't say Your "solution" is not valid
 anyway i posted my solution on ur request
It does't answer the original question, it only answers a later additional question...
Please read carefully on end of my orignal question (should we be able to get to that when we type203.X.X.X, from out of office ) I mean I was unable to access VC unit from outside even after open POrt 80 on Cisco, Now I am able That's all

If I was wrong while post question then Sorry for that
wait, did i tell u to check configuration settings of your device?

@@@If not help - i think you should check your device settings, i mean polycom. possibly some web restrictions or misconfiguration are there.@@@
wait, did i tell u to check configuration settings of your device?

@@@If not help - i think you should check your device settings, i mean polycom. possibly some web restrictions or misconfiguration are there.@@@
Hi lost_enigma,

I need to know,
Can u please suggest me How to open above mention Port  Bi-directional ?


Regards

Vikrant