Port Redirection on a 837 DSL Router for SSL web access

patrick60 · ‎04-17-2008

We have a small network sitting behind a CISCO 837 DSL router. Thre are two servers sitting in the local intranet. And I do port redirection on the router.

Server(IP# nnn.nnn.nnn.16) runs a web based application (IIS on Windows 2003) and I can access it from outside of the company network.

I have Exchange on another Windows 2003 box (IP# nnn.nnn.nnn.15) and I have configued OWA on it. I can run OWA within the company network. But I can not access OWA from outside of the company network. (when I do an https://.., receives Page Not Found). I have created the required certificate (for SSL) through Windows 2003 CA.

Below are the port redirections I have configured into the CISCO 837 router:

------

ip nat inside source list 102 interface Dialer1 overload

ip nat inside source static tcp nnn.nnn.nnn.15 443 interface Dialer1 443

ip nat inside source static tcp nnn.nnn.nnn.16 80 interface Dialer1 80

access-list 102 permit ip nnn.nnn.nnn.0 0.0.0.255 any

------

What am I missing?

Thanks.

tstanik · ‎04-23-2008

When you specify a protocol as part of the 'static' command as you would for port redirection, the 'static' is not a regular static

anymore. In that case you want to make sure that there is translation both ways for the inside host that is part of the STATIC.

If you are using a different IP address for the STATIC, then you need to specify a NAT translation for that inside host and a GLOBAL

statement. You do that with a 'nat (inside) #' and 'global

(outside) #'.

The # is an ID DIFFERENT from the current NAT and GLOBAL, and it only includes the inside host's IPfor the 'nat' statement and the

external IP for the 'global' statement, as found in the STATIC with

port redirection statement.

After this, make sure to create the 'access-lists' or 'conduit' statements for the external ports that were specified in the 'static'

statement.