Unable to access Application on port 80 from outside

Hello All Experts,

We have Cisco 877 w router, I plugged Polycom video Conferencing unit  into Cisco, & gave Static IP 10.10.10.2,  I am able to access this unit on browser by http://10.10.10.2, we have Public Ip address 203.X.X.X ,  I think my configuration is  correct, Now i am able to access polycom unit through http://10.10.10.2 in LAN, but can't access through static IP from Outside but when i tried to open through http://203.xx.xx.xx in LAN i am getting Cisco router page, It should be open Polycom unit instead of Cisco. please look on my running config also please find attached sh ip  nat trans outpt & suggest me if i'm wrong

comteam#sh run
Building configuration...

Current configuration : 7986 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname comteam
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-814900924
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-814900924
revocation-check none
rsakeypair TP-self-signed-814900924
!
!
crypto pki certificate chain TP-self-signed-814900924
certificate self-signed 01
  3082024C 308201B5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 38313439 30303932 34301E17 0D313031 32313230 38323934
  395A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3831 34393030
  39323430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  E9EF51C3 C77CA2DA 2C06B1DD 4099F308 CBBAA8CB 963E1531 E74C5260 DD9ED17E
  7C1FF7F7 624D3C8A 75894902 BBF2B7CF BE3D8386 B8655693 DCA7E7CB C282D672
  8FC4360C EE032BA2 B685627D DE4DFC39 F39F8D65 23EE720D F5BE2297 96BBF6E4
  65F8947A FFBCDEC9 17772266 0105B4D5 1A81796C 10836ADC F6272826 271C29E3
  02030100 01A37630 74300F06 03551D13 0101FF04 05300301 01FF3021 0603551D
  11041A30 18821663 6F6D7465 616D2E79 6F757264 6F6D6169 6E2E636F 6D301F06
  03551D23 04183016 8014F899 77021298 0AD7AB9E 668987B0 2D2810EF BC93301D
  0603551D 0E041604 14F89977 0212980A D7AB9E66 8987B02D 2810EFBC 93300D06
  092A8648 86F70D01 01040500 03818100 2006DF1D 4379C8C3 9A36A316 79A98E01
  B4474F4F 435A0BE2 3B7014D8 6E78176C 2FC623D0 8AD528B3 193ED349 6CC844DD
  DD82F74C D60A0E6B FF7CCA37 DBE7E8FA 32385098 3A94F2B2 BBA04F6C C3AFCA2C
  38CA6741 7E2690D5 BCD31E58 1D7B8638 0007545E 9F11EB3B 72AE0044 A26AC50E
  8D2DF0D3 35EE4C48 B18533C9 3A643261
        quit
dot11 syslog
!
dot11 ssid comteam
   vlan 1
   authentication open
   authentication key-management wpa
   guest-mode
   wpa-psk ascii 7 XXXXXXXXX
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1 10.10.10.2
!
ip dhcp pool sdm-pool
   import all
   network 10.10.10.0 255.255.255.0
   default-router 10.10.10.1
   dns-server 10.10.10.1
   lease 0 2
!
!
ip domain name yourdomain.com
ip name-server 203.0.178.191
ip name-server 203.215.29.191
!
!
!
username XXXXXXXXX privilege 15 password XXXXXXXXX
!
!
archive
log config
  hidekeys
!
!
!
class-map match-all Streaming-Video
match access-group 103
class-map match-all video-conf
match access-group 102
class-map match-all Video-Conf
match access-group 102
!
!
policy-map qos-policy
class video-conf
  bandwidth 512
class class-default
  fair-queue
!
!
bridge irb
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
pvc 8/35
  pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
ip nat inside
ip virtual-reassembly
!
encryption vlan 1 mode ciphers tkip
!
ssid comteam
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
ip virtual-reassembly
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dialer0
mtu 1454
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
ip tcp adjust-mss 1360
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp chap refuse
ppp pap sent-username computerteam password 7 030E71051F0B74696F18
!
interface BVI1
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source list ToNAT interface Dialer0 overload
ip nat inside source static tcp 10.10.10.2 80 interface Dialer0 80
ip nat inside source static tcp 10.10.10.2 389 interface Dialer0 389
ip nat inside source static tcp 10.10.10.2 1503 interface Dialer0 1503
ip nat inside source static tcp 10.10.10.2 1720 interface Dialer0 1720
ip nat inside source static udp 10.10.10.2 80 interface Dialer0 80
ip nat inside source static udp 10.10.10.2 389 interface Dialer0 389
ip nat inside source static udp 10.10.10.2 1503 interface Dialer0 1503
ip nat inside source static udp 10.10.10.2 1720 interface Dialer0 1720
ip nat inside source static tcp 10.10.10.2 3230 interface Dialer0 3230
ip nat inside source static tcp 10.10.10.2 3231 interface Dialer0 3231
ip nat inside source static tcp 10.10.10.2 3232 interface Dialer0 3232
ip nat inside source static tcp 10.10.10.2 3233 interface Dialer0 3233
ip nat inside source static tcp 10.10.10.2 3234 interface Dialer0 3234
ip nat inside source static tcp 10.10.10.2 3235 interface Dialer0 3235
ip nat inside source static udp 10.10.10.2 3230 interface Dialer0 3230
ip nat inside source static udp 10.10.10.2 3231 interface Dialer0 3231
ip nat inside source static udp 10.10.10.2 3232 interface Dialer0 3232
ip nat inside source static udp 10.10.10.2 3233 interface Dialer0 3233
ip nat inside source static udp 10.10.10.2 3234 interface Dialer0 3234
ip nat inside source static udp 10.10.10.2 3235 interface Dialer0 3235
!
ip access-list extended ToNAT
permit ip 10.10.10.0 0.0.0.255 any
!
no cdp run
!
!
!
control-plane
!
bridge 1 route ip

!
line con 0
password 7 011009094B1E120A33584B08145346445A
login local
no modem enable
line aux 0
password 7 011009094B1E120A33584B08145346445A
login local
line vty 0 4
access-class 23 in
privilege level 15
password 7 011009094B1E120A33584B08145346445A
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end

comteam#

Open in new window

sh-ip-nat-trans.txt
LVL 6
vikrantambhoreAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Member_2_3684971_1Commented:
try to disable the http server on the cisco router.

no ip http server
vikrantambhoreAuthor Commented:
Hi,

I tried this but No luck :(
Member_2_3684971_1Commented:
what about the other ports, do they work?

maybe you try to should disable secure http also
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

vikrantambhoreAuthor Commented:
I did try by removing below all but still have same issue

ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
Member_2_3684971_1Commented:
what about chaning the http port on the router

ip http port 81
vikrantambhoreAuthor Commented:
I am able to this unit in LAN on port no. 80, it should be open from outside if i open 80 on Cisco router,
I never try another port because 80 is by default
Member_2_3684971_1Commented:
Yes but the problem is that the router runs he's own http server on port 80 and can't forward port 80 to 10.10.10.2.

There for, if you try to change port 80 on the router to port 81. The router can then forward port 80 to 10.10.10.2.

To change the http port on Cisco router, use this command in the config:
ip http port 81
vikrantambhoreAuthor Commented:
Ok I tried & let u know soon
vikrantambhoreAuthor Commented:
I tried
no ip http port 81
ip http port 1024 & tried  but have same issue yet
greg wardSystems EngineerCommented:
Did you try and reboot the router after the config change?

Also please look here about password 7
http://www.firewall.cx/modules.php?name=Cisco_Decrypter

Greg
vikrantambhoreAuthor Commented:
Can u suggest why i use this tool, why i need this
vikrantambhoreAuthor Commented:
I don't want to use port 80 for cisco, because I need this port for Polycom unit I have already open 80 port on Dialer0  as per below command
!
ip nat inside source static tcp 10.10.10.2 80 interface Dialer0 80
!
we have Public Ip address 203.X.X.X , I am able to access polycom unit through http://10.10.10.2 in LAN, but can't access through static IP from Outside but when i tried to open through http://203.xx.xx.xx in LAN i am getting Cisco router page, & when try from outside i am getting (Page can't be displayed) It should be open Polycom unit instead of Cisco from Outside.

I think All is clear now

Regards

Vikrant
greg wardSystems EngineerCommented:
If this is a password that is important computerteam6161 then i would suggest you change it and any other that you have pasted on this site.

I too have had issues with getting port 80 re-directed, however when i stopped the routers internal http server and rebooted the router i managed to get it to work. I hope this is now clear.

Greg.
vikrantambhoreAuthor Commented:
i removed the routers internal http server and rebooted the router, but have same issue yet,

I am not sure why it's not working
greg wardSystems EngineerCommented:
Might be worth removing the nat statements and re-applying them.
Or just clearing the config and starting again.

Good luck
Greg
vikrantambhoreAuthor Commented:
Same issue After removing the nat statements and re-applying them, also I dont think there is an option to change Port 80 on Polycom unit.....
greg wardSystems EngineerCommented:
you could try using port 100 on the outside and port 80 on the inside to see if its a router issue.
ip nat inside source static tcp 10.10.10.2 80 interface Dialer0 100
If that does not work you could check your mtu settings.
interface Dialer0
 mtu 1492
 ip tcp adjust-mss 1452
this might be an issue but hard to tell from here.

Greg

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
vikrantambhoreAuthor Commented:
Same Issue dear, If my NAT statment is correct then why it's not working
greg wardSystems EngineerCommented:
What happens when you do a show ip nat tran , is there anything trying to get through?
can you paste your current config please

Greg
vikrantambhoreAuthor Commented:
Hi gerg Not sure why,

But i was unable when i tried ip nat inside source static tcp 10.10.10.2 80 interface Dialer0 100

But i am able to access this unit when i tried ip nat inside source static tcp 10.10.10.2 80 interface Dialer0 8080

Thanks Greg
vikrantambhoreAuthor Commented:
Excellent
greg wardSystems EngineerCommented:
YAY !!!
vikrantambhoreAuthor Commented:
what YAY!!!


ur realy gret
greg wardSystems EngineerCommented:
YAY !!!! == I am happy its working. It took me ages to sort my router out when it started to do that.

Greg
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.