Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
499
Views
0
Helpful
5
Replies

about a port 80 service

fffrrr1d3m
Level 1
Level 1

‎03-22-2010 10:46 AM - edited ‎03-04-2019 07:53 AM

This is the scenario:

          LAN

       Server

  (using IIS service)                          

    [/WebFileAsp] <--------------------> (  Router   ) <--------------> INTERNET

private IP 10.10.10.2                 public IP 200.1.2.3

I want to enter through port 80 using the public ip (200.1.2.3) to a page (/WebFileAsp) on a server (10.10.10.2). I've entered the next command on the router to enable the nating:

# ip nat inside source static tcp 10.10.10.2 80 200.1.2.3 80 extendable

but I thing is not enought. I mean, by the LAN, if I enter on the url "http://10.10.10.2/WebFileAsp" I can see and access to the service, but if I enter by out of the LAN on the url "http://200.1.2.3/WebFileAsp" I cant, I mean, the browser doesnt find the page.

Here is my doubt. How can I enable the access to this specific page by internet?

I'll appreciate a lot the support. Thanks.

Labels:
0 Helpful
5 Replies 5

pompeychimes
Level 4
Level 4

‎03-22-2010 11:43 AM

Post a scrubbed copy of your Router config please.

0 Helpful

fffrrr1d3m
Level 1
Level 1
In response to pompeychimes

‎03-22-2010 12:17 PM

you need the complete sh runn?

0 Helpful

fffrrr1d3m
Level 1
Level 1

‎03-22-2010 12:31 PM

I think you need this part of the config:

ip nat inside source route-map NONAT interface FastEthernet0/0 overload

ip nat inside source static tcp 10.10.10.2 80 200.1.2.3 80 extendable

ip nat inside source static tcp 10.10.10.1 80 200.1.2.4 80 extendable

!

ip access-list standard REDISTRIBUTION

deny   0.0.0.0

permit any

!

ip access-list extended PHONELIST

permit ip any 10.20.14.0 0.0.0.31

ip access-list extended REMOTEVPN

permit ip 192.168.3.0 0.0.0.255 10.10.14.0 0.0.0.31

permit ip 10.10.0.0 0.0.63.255 10.10.14.0 0.0.0.31

permit ip 10.20.0.0 0.0.63.255 10.10.14.0 0.0.0.31

permit ip 192.168.21.0 0.0.0.255 10.10.14.0 0.0.0.31

permit ip 192.168.33.0 0.0.0.255 10.10.14.0 0.0.0.31

ip access-list extended TO_INET

deny   ip 10.10.0.0 0.0.63.255 10.10.14.0 0.0.0.31

deny   ip 10.20.0.0 0.0.63.255 10.10.14.0 0.0.0.31

deny   ip 10.20.0.0 0.0.63.255 10.20.14.0 0.0.0.31

deny   ip 192.168.3.0 0.0.0.255 any

deny   ip 10.10.0.0 0.0.63.255 192.168.21.0 0.0.0.255

deny   ip 10.20.0.0 0.0.63.255 192.168.33.0 0.0.0.255

permit ip 10.10.1.0 0.0.0.255 any

permit ip 10.20.1.128 0.0.0.127 any

ip access-list extended TO_INTERNET

permit ip 10.10.1.0 0.0.0.255 any

permit ip 10.20.1.0 0.0.0.255 any

permit ip 10.2.1.0 0.0.0.255 any

0 Helpful

pompeychimes
Level 4
Level 4
In response to fffrrr1d3m

‎03-22-2010 12:40 PM

Post the whole config please.

0 Helpful

fffrrr1d3m
Level 1
Level 1

‎03-22-2010 01:14 PM

The whole config:

Building configuration...

Current configuration : 6571 bytes

!

!

interface FastEthernet0/0

description *** INTERFACE A INTERNET **

ip address 200.1.2.4 255.255.255.240

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

description TRUNK_SWITCH

no ip address

duplex auto

speed auto

!

interface FastEthernet0/1.10

description *** VLAN DATA USERS ***

encapsulation dot1Q 10

ip address 10.10.1.10 255.255.255.128

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/1.11

description *** VLAN DATA SERVERS ***

encapsulation dot1Q 11

ip address 10.10.1.90 255.255.255.192

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/1.20

description *** VLAN VOICE USERS ***

encapsulation dot1Q 20

ip address 10.20.1.10 255.255.255.128

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/1.21

description VLAN *** VOICESERVERS ***

encapsulation dot1Q 21

ip address 10.20.1.90 255.255.255.192

ip nat inside

ip virtual-reassembly

!

interface Serial0/0/0

no ip address

shutdown

clock rate 2000000

!

interface Serial0/0/1

no ip address

shutdown

clock rate 2000000

!

!

ip route profile

ip route 0.0.0.0 0.0.0.0 200.1.2.4

!

ip nat inside source route-map NONAT interface FastEthernet0/0 overload

ip nat inside source static tcp 10.10.10.2 80 200.1.2.3 80 extendable

ip nat inside source static tcp 10.10.10.1 80 200.1.2.4 80 extendable

!

ip access-list standard REDISTRIBUTION

deny   0.0.0.0

permit any

!

ip access-list extended PHONELIST

permit ip any 10.20.14.0 0.0.0.31

ip access-list extended REMOTEVPN

permit ip 192.168.3.0 0.0.0.255 10.10.14.0 0.0.0.31

permit ip 10.10.0.0 0.0.63.255 10.10.14.0 0.0.0.31

permit ip 10.20.0.0 0.0.63.255 10.10.14.0 0.0.0.31

permit ip 192.168.21.0 0.0.0.255 10.10.14.0 0.0.0.31

permit ip 192.168.33.0 0.0.0.255 10.10.14.0 0.0.0.31

ip access-list extended TO_INET

deny   ip 10.10.0.0 0.0.63.255 10.10.14.0 0.0.0.31

deny   ip 10.20.0.0 0.0.63.255 10.10.14.0 0.0.0.31

deny   ip 10.20.0.0 0.0.63.255 10.20.14.0 0.0.0.31

deny   ip 192.168.3.0 0.0.0.255 any

deny   ip 10.10.0.0 0.0.63.255 192.168.21.0 0.0.0.255

deny   ip 10.20.0.0 0.0.63.255 192.168.33.0 0.0.0.255

permit ip 10.10.1.0 0.0.0.255 any

permit ip 10.20.1.128 0.0.0.127 any

ip access-list extended TO_INTERNET

permit ip 10.10.1.0 0.0.0.255 any

permit ip 10.20.1.0 0.0.0.255 any

permit ip 10.2.1.0 0.0.0.255 any

!

!

route-map NONAT permit 10

match ip address TO_INET

!

!

!

!

control-plane

!

!

!

line con 0

logging synchronous

line aux 0

line vty 0 4

transport input telnet

!

scheduler allocate 20000 1000

end

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card