?
Solved

Cisco 881 port forward with redirection

Posted on 2012-09-19
1
Medium Priority
?
1,707 Views
Last Modified: 2012-11-09
Hi,

I have a fairly simple WAN set up with one static IP (1.2.3.4).  The internal network is 192.168.2.X.  I have two phones on the internal WAN that can be programmed via http port 80 (192.168.2.201 and 192.168.2.202).   I am attempting to forward traffic from WAN IP on port 8080 to the phone at .201 and 8081 to .202.  However, I am not able to get it to work.  The pertinent config sections are below.  Please advise.  

KMT

ip port-map user-protocol--1 port udp 3463
ip port-map user-protocol--2 port udp 5062
ip port-map user-protocol--3 port udp 3462
ip port-map user-protocol--4 port udp 3465
ip port-map user-protocol--5 port udp 5063
ip port-map user-protocol--6 port udp 3464
ip port-map user-protocol--7 port tcp 8080
ip port-map user-protocol--8 port tcp 8081
no ipv6 cef
!
!
class-map type inspect match-all sdm-nat-user-protocol--7-1
 match access-group 109
 match protocol user-protocol--7
class-map type inspect match-all sdm-nat-user-protocol--6-1
 match access-group 108
 match protocol user-protocol--6
class-map type inspect match-all sdm-nat-user-protocol--5-1
 match access-group 107
 match protocol user-protocol--5
class-map type inspect match-all sdm-nat-user-protocol--4-1
 match access-group 106
 match protocol user-protocol--4
class-map type inspect match-all sdm-nat-user-protocol--3-1
 match access-group 105
 match protocol user-protocol--3
class-map type inspect match-all sdm-nat-user-protocol--2-1
 match access-group 104
 match protocol user-protocol--2
class-map type inspect match-all sdm-nat-user-protocol--1-1
 match access-group 103
 match protocol user-protocol--1
class-map type inspect match-all sdm-nat-user-protocol--8-1
 match access-group 110
 match protocol user-protocol--8
class-map type inspect match-any ccp-cls-insp-traffic
 match protocol cuseeme
 match protocol dns
 match protocol ftp
 match protocol h323
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol netshow
 match protocol shell
 match protocol realmedia
 match protocol rtsp
 match protocol smtp
 match protocol sql-net
 match protocol streamworks
 match protocol tftp
 match protocol vdolive
 match protocol tcp
 match protocol udp
class-map type inspect match-all ccp-insp-traffic
 match class-map ccp-cls-insp-traffic
class-map type inspect match-all sdm-nat-sip-tls-1
 match access-group 102
 match protocol sip-tls
class-map type inspect match-any ccp-cls-icmp-access
 match protocol icmp
 match protocol tcp
 match protocol udp
class-map type inspect match-all ccp-icmp-access
 match class-map ccp-cls-icmp-access
class-map type inspect match-all ccp-invalid-src
 match access-group 100
class-map type inspect match-all sdm-nat-sip-1
 match access-group 101
 match protocol sip
class-map type inspect match-all ccp-protocol-http
 match protocol http
!
!
policy-map type inspect ccp-permit-icmpreply
 class type inspect ccp-icmp-access
  inspect
 class class-default
  pass
policy-map type inspect sdm-pol-NATOutsideToInside-1
 class type inspect sdm-nat-sip-1
  inspect
 class type inspect sdm-nat-sip-tls-1
  inspect
 class type inspect sdm-nat-user-protocol--1-1
  inspect
 class type inspect sdm-nat-user-protocol--2-1
  inspect
 class type inspect sdm-nat-user-protocol--3-1
  inspect
 class type inspect sdm-nat-user-protocol--4-1
  inspect
 class type inspect sdm-nat-user-protocol--5-1
  inspect
 class type inspect sdm-nat-user-protocol--6-1
  inspect
 class type inspect sdm-nat-user-protocol--7-1
  inspect
 class type inspect sdm-nat-user-protocol--8-1
  inspect
 class class-default
  drop
policy-map type inspect ccp-inspect
 class type inspect ccp-invalid-src
  drop log
 class type inspect ccp-protocol-http
  inspect
 class type inspect ccp-insp-traffic
  inspect
 class class-default
  drop
policy-map type inspect ccp-permit
 class class-default
  drop
!
zone security out-zone
zone security in-zone
zone-pair security ccp-zp-self-out source self destination out-zone
 service-policy type inspect ccp-permit-icmpreply
zone-pair security sdm-zp-NATOutsideToInside-1 source out-zone destination in-zone
 service-policy type inspect sdm-pol-NATOutsideToInside-1
zone-pair security ccp-zp-in-out source in-zone destination out-zone
 service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
 service-policy type inspect ccp-permit
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 description $ES_WAN$$FW_OUTSIDE$
 ip address 1.2.3.4 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat outside
 ip virtual-reassembly
 zone-member security out-zone
 duplex auto
 speed auto
!
interface wlan-ap0
 description Service module interface to manage the embedded AP
 ip unnumbered Vlan1
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 arp timeout 0
!
interface Wlan-GigabitEthernet0
 description Internal switch interface connecting to the embedded AP
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$ES_LAN$$FW_INSIDE$
 ip address 192.168.2.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip flow ingress
 ip nat inside
 ip virtual-reassembly
 zone-member security in-zone
 ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source static udp 192.168.2.201 5060 interface FastEthernet4 5060
ip nat inside source static udp 192.168.2.201 5061 interface FastEthernet4 5061
ip nat inside source static udp 192.168.2.201 3462 interface FastEthernet4 3462
ip nat inside source static udp 192.168.2.201 3463 interface FastEthernet4 3463
ip nat inside source static udp 192.168.2.202 5062 interface FastEthernet4 5062
ip nat inside source static udp 192.168.2.202 5063 interface FastEthernet4 5063
ip nat inside source static udp 192.168.2.202 3464 interface FastEthernet4 3464
ip nat inside source static udp 192.168.2.202 3465 interface FastEthernet4 3465
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.2.202 80 interface FastEthernet4 8081
ip nat inside source static tcp 192.168.2.201 80 interface FastEthernet4 8080
ip route 0.0.0.0 0.0.0.0 1.2.3.5
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip 1.2.3.3 0.0.0.3 any
access-list 101 remark CCP_ACL Category=0
access-list 101 permit ip any host 192.168.2.201
access-list 102 remark CCP_ACL Category=0
access-list 102 permit ip any host 192.168.2.201
access-list 103 remark CCP_ACL Category=0
access-list 103 permit ip any host 192.168.2.201
access-list 104 remark CCP_ACL Category=0
access-list 104 permit ip any host 192.168.2.201
access-list 105 remark CCP_ACL Category=0
access-list 105 permit ip any host 192.168.2.202
access-list 106 remark CCP_ACL Category=0
access-list 106 permit ip any host 192.168.2.202
access-list 107 remark CCP_ACL Category=0
access-list 107 permit ip any host 192.168.2.202
access-list 108 remark CCP_ACL Category=0
access-list 108 permit ip any host 192.168.2.202
access-list 109 remark CCP_ACL Category=0
access-list 109 permit ip any host 192.168.2.201
access-list 110 remark CCP_ACL Category=0
access-list 110 permit ip any host 192.168.2.202
no cdp run
!
0
Comment
Question by:kmt333
1 Comment
 
LVL 12

Accepted Solution

by:
Henk van Achterberg earned 1500 total points
ID: 38415710
it looks like your zone firwall is not playing nice, can you remove the zone firewall on your fa4 interface and try again?
0

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question