hairylots
asked on
CISCO IOS router 880 with ADSL interface and Internet to LAN port forward
Hello All
I require some assistance.
I have a CISCO 880 router (ISO Version 15.2(4)M6) with PPPoE ADSL Internet interface and VLan1 LAN interface.
Router is up and operational, LAN clients can reach Internet.
I need to enable Port forward from Internet to LAN client web Server, but also retain remote Internet management of router.
I have tried various configs but as soon as I apply policy to Dialer1 interface I loose remote connection to router but port forward to web server works.
Can you assist how I achieve this.
What I need
Internet Public --> to Router (Internet Public or Private 172.16.1.251) IP TCP port Telnet 23 and 22 for management.
Internet Public --> Router Public Internet IP for ICMP
Internet Public --> web server on Private LAN 172.16.1.250 on TCP port 80
Internet Public --> web server on Private LAN 172.16.1.250 on TCP port 23, need to translate TCP Port Internet Public 3023 to Private 23
The current working config, missing above requirements Internet to LAN forwarding.
==========
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router01
!
boot-start-marker
boot-end-marker
!
enable password enaPassword
!
no aaa new-model
memory-size iomem 10
!
ip name-server 8.8.8.8
ip name-server 4.4.4.4
ip cef
no ipv6 cef
!
controller VDSL 0
!
interface Ethernet0
no ip address
!
interface ATM0
description DSL Interface
no ip address
ip mask-reply
ip directed-broadcast
ip flow ingress
no atm ilmi-keepalive
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Vlan1
description internal interface
ip address 172.16.1.252 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname user@isp
ppp chap password 0 ISPPassword
ppp pap sent-username user@isp password 0 ISPPassword
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list DSL_ACCESSLIST interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended DSL_ACCESSLIST
permit ip 172.16.1.0 0.0.0.255 any
!
line con 0
password conPassword
login
no modem enable
line aux 0
password auxPassword
login
line vty 0 4
password vtyPassword
login
transport input all
!
end
================
Thanks you in advance.
I require some assistance.
I have a CISCO 880 router (ISO Version 15.2(4)M6) with PPPoE ADSL Internet interface and VLan1 LAN interface.
Router is up and operational, LAN clients can reach Internet.
I need to enable Port forward from Internet to LAN client web Server, but also retain remote Internet management of router.
I have tried various configs but as soon as I apply policy to Dialer1 interface I loose remote connection to router but port forward to web server works.
Can you assist how I achieve this.
What I need
Internet Public --> to Router (Internet Public or Private 172.16.1.251) IP TCP port Telnet 23 and 22 for management.
Internet Public --> Router Public Internet IP for ICMP
Internet Public --> web server on Private LAN 172.16.1.250 on TCP port 80
Internet Public --> web server on Private LAN 172.16.1.250 on TCP port 23, need to translate TCP Port Internet Public 3023 to Private 23
The current working config, missing above requirements Internet to LAN forwarding.
==========
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router01
!
boot-start-marker
boot-end-marker
!
enable password enaPassword
!
no aaa new-model
memory-size iomem 10
!
ip name-server 8.8.8.8
ip name-server 4.4.4.4
ip cef
no ipv6 cef
!
controller VDSL 0
!
interface Ethernet0
no ip address
!
interface ATM0
description DSL Interface
no ip address
ip mask-reply
ip directed-broadcast
ip flow ingress
no atm ilmi-keepalive
pvc 8/35
pppoe-client dial-pool-number 1
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Vlan1
description internal interface
ip address 172.16.1.252 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname user@isp
ppp chap password 0 ISPPassword
ppp pap sent-username user@isp password 0 ISPPassword
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list DSL_ACCESSLIST interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended DSL_ACCESSLIST
permit ip 172.16.1.0 0.0.0.255 any
!
line con 0
password conPassword
login
no modem enable
line aux 0
password auxPassword
login
line vty 0 4
password vtyPassword
login
transport input all
!
end
================
Thanks you in advance.
ASKER
Hello Predrag Jovic
I was hoping for some additional information.
Is that the full list of commands, how is it applied to the access list and Interface?
I was hoping for some additional information.
Is that the full list of commands, how is it applied to the access list and Interface?
That's all that is needed. No ACLs or applying to interface.
There is no much to explain. You can read Cisco article:
Configuring Network Address Translation and Static Port Address Translation to Support an Internal Web Server
There is no much to explain. You can read Cisco article:
Configuring Network Address Translation and Static Port Address Translation to Support an Internal Web Server
ASKER
Hello Predrag Jovic
I have tried your command and get error.
Router(config)#$ce inside static tcp 172.16.1.250 80 interface Dialer1 80
ip nat source inside static tcp 172.16.1.250 80 interface Dialer1 80
^
% Invalid input detected at '^' marker.
Router01(config)#ip nat
Router01(config)#ip nat sou
Router01(config)#ip nat source ?
list Specify access list describing local addresses
route-map Specify route-map
static Specify static local->global mapping
Router01(config)#
I have change command to: ip nat inside source static tcp 172.16.1.250 80 interface Dialer1 80
It is now in the running config but still does not proved desired result, I cannot connect to web server.
===Running Config
ip nat inside source list DSL_ACCESSLIST interface Dialer1 overload
ip nat inside source static tcp 172.16.1.250 80 interface Dialer1 80
ip route 0.0.0.0 0.0.0.0 Dialer1
===Running Config
Any assistance is appreciated.
I have tried your command and get error.
Router(config)#$ce inside static tcp 172.16.1.250 80 interface Dialer1 80
ip nat source inside static tcp 172.16.1.250 80 interface Dialer1 80
^
% Invalid input detected at '^' marker.
Router01(config)#ip nat
Router01(config)#ip nat sou
Router01(config)#ip nat source ?
list Specify access list describing local addresses
route-map Specify route-map
static Specify static local->global mapping
Router01(config)#
I have change command to: ip nat inside source static tcp 172.16.1.250 80 interface Dialer1 80
It is now in the running config but still does not proved desired result, I cannot connect to web server.
===Running Config
ip nat inside source list DSL_ACCESSLIST interface Dialer1 overload
ip nat inside source static tcp 172.16.1.250 80 interface Dialer1 80
ip route 0.0.0.0 0.0.0.0 Dialer1
===Running Config
Any assistance is appreciated.
ASKER
Hello Predrag Jovic
Sorry, reviewed my command and had incorrect IP.
Correct command and IP as listed here is working, I can now reach web server.
ip nat inside source static tcp 172.16.1.251 80 interface Dialer1 80
Let me try other IP NAT and see if I can get working.
Sorry, reviewed my command and had incorrect IP.
Correct command and IP as listed here is working, I can now reach web server.
ip nat inside source static tcp 172.16.1.251 80 interface Dialer1 80
Let me try other IP NAT and see if I can get working.
Sorry for incorrect order in commands - I did not copy it - typed it. :(
Also, depending on how you configured NAT can also be configured as:
ip nat source static tcp 172.16.1.250 80 interface Dialer1 80
But, NAT in that case is configured as:
interface Vlan1
ip nat enable
interface Dialer1
ip nat enable
ip nat source list DSL_ACCESSLIST interface Dialer1 overload <- no inside keyword
This will activate NVI0 interface.
Also, depending on how you configured NAT can also be configured as:
ip nat source static tcp 172.16.1.250 80 interface Dialer1 80
But, NAT in that case is configured as:
interface Vlan1
ip nat enable
interface Dialer1
ip nat enable
ip nat source list DSL_ACCESSLIST interface Dialer1 overload <- no inside keyword
This will activate NVI0 interface.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
ip nat source inside static tcp 172.16.1.251 23 interface Dialer1 23
ip nat source inside static tcp 172.16.1.251 22 interface Dialer1 22
ip nat source inside static tcp 172.16.1.250 80 interface Dialer1 80
ip nat source inside static tcp 172.16.1.250 23 interface Dialer1 3023
Typically there would be extendable parameter at the end, but I don't see it in IOS 15.4(3)M6a, so I guess it is not present in IOS 15.2(4)M6.
I am not sure about this one:
Internet Public --> Router Public Internet IP for ICMP