|
|
|
|
07-03-2009, 09:54 PM
|
#1 |
Hoping someone may be able to shed some light on a problem I have getting static nat to work on a 2620 router, I have spent hours scouring the net, reading documents and my isco guides, all to no avail. This router simply refuses to let me in from the outside. The server on the the inside is OK, firewall letting through ok for the port in question, it all works, tried it with my Zyxel DSL router and all good.
I have tried ACL's on the incoming and out going interfaces, combinations of them, but nothing work, it quite simply refuses to let traffic through. If look a the transaction table they show there, with the port number, everything looks right, but does not work. The only way i have been able to ge in is to add the command..... ip nat inside source static 10.0.0.50 interface dialer0 That works, but then my internal network is wide open like a barn door, yes I could tie it down with some acl's, but I would like to get the port forwarding to work. Has anyone got a similar router setup to work, and have any pointers for me. All help, comment sugesstions appreciated. Running config below... kivran_router#sh run Building configuration... Current configuration : 1811 bytes ! ! Last configuration change at 20:39:07 UTC Fri Jul 3 2009 ! NVRAM config last updated at 20:39:10 UTC Fri Jul 3 2009 ! version 12.3 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname kivran_router ! boot-start-marker boot-end-marker ! enable secret 5 $1$XzXH$00N2C3NPeq6wL.udCivFO/ ! memory-size iomem 10 no aaa new-model ip subnet-zero ! ! no ip domain lookup ! ip cef ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface ATM0/0 no ip address no ip mroute-cache no atm ilmi-keepalive dsl operating-mode auto pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface FastEthernet0/0 no ip address duplex auto speed auto ! interface FastEthernet0/0.1 encapsulation dot1Q 3 ip address 10.0.0.40 255.0.0.0 no ip proxy-arp ip nat inside ip tcp adjust-mss 1452 ! interface FastEthernet0/0.2 encapsulation dot1Q 2 ip address 192.168.10.40 255.255.255.0 ! interface Dialer0 ip address negotiated no ip proxy-arp ip mtu 1492 ip nat outside encapsulation ppp ip route-cache flow ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 ppp authentication chap callin ppp chap hostname ********************* ppp chap password 0 ******************* ! ip nat inside source list 1 interface Dialer0 overload ip nat inside source static tcp 10.0.0.50 80 interface Dialer0 80 no ip http server ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 ! ! access-list 1 permit 192.168.10.0 0.0.0.255 access-list 1 permit 10.0.0.0 0.255.255.255 dialer-list 1 protocol ip permit ! ! ! ! ! ! line con 0 speed 19200 line aux 0 line vty 0 4 session-timeout 60 exec-timeout 60 0 password ******** login line vty 5 15 session-timeout 60 exec-timeout 60 0 password ******** login ! ntp server 139.143.5.50 ntp server 139.143.5.30 ! end biomed32uk |
|
|
|
|
10-22-2009, 03:25 PM
|
#2 |
|
Junior Member
Join Date: Oct 2009
Posts: 5
|
I came up with this to get to our Blackberry server:
ip nat inside source static tcp 192.168.0.158 3101 65.201.xxx.xxx 3101 extendable rlewisii |
|
|
|
 |
| Thread Tools | Search this Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Cisco 6509, SUP2, IPv6, upgrade IOS failed | fabianV | Hardware | 0 | 07-06-2009 04:33 PM |
| Cisco 871 and NAT | Beachguy | General Help Related Topics | 0 | 05-19-2009 09:03 PM |
| Cisco 837 multiple IP addresses. | seanbranagh | Hardware | 0 | 03-29-2009 11:49 PM |
| Cisco ASA 5505 not permitting SSH/HTTPS | aphex | Hardware | 1 | 05-16-2008 12:39 AM |
| Cisco 2811 wont load static routes | Nik | Hardware | 3 | 12-19-2007 10:24 PM |
