Solved: 877 responds to HTTP requests from WAN instead of forwarding

Zenith888 · ‎06-11-2010

Hi,

There is a web server on my network and I've created forvarding rule to that internal IP address on port 80.

But when a request is sent from outside, SDM responds and prompts for a password.

How can I stop SDM from responding and have router forward to the web server?

Thanks

Zen

Federico Coto Fajardo · ‎06-11-2010

Ok,

Please put the "ip http server'' command again to regain SDM access.

I believe the port redirection is working fine, but the internal device might not be responding appropiately.

Anyway, yo be 100% sure, could you attach a ''sh run'' and specify the IP for the connection?

Federico.

View solution in original post

Federico Coto Fajardo · ‎06-11-2010

Zen,

The connection gets to the router on port 80?

If so, perhaps SDM is listening on port 80 and that's why it responds (and maybe the forwarding rule is not correct).

Please post the output of:

sh run | i ip nat

Federico.

Zenith888 · ‎06-11-2010

#sh run | i ip nat
ip nat inside
ip nat outside
ip nat pool 10.10.10.0 10.10.10.2 10.10.10.254 netmask 255.255.255.0
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 10.10.10.2 80 interface Dialer0 80

PS: Do I actually need to have SDM in the router?

Federico Coto Fajardo · ‎06-11-2010

You don't have ASDM on the router? You mentioned that ASDM prompts for user/password when you attempt the connection on port 80.

If you don't use ASDM, you can disable the HTTP server or if you use ASDM, you can make ASDM to listen only on HTTPS (443)

In this way you can have the router pass traffic through the router on port 80.

Please post: sh run | i http

Federico.

Zenith888 · ‎06-11-2010

cisco877#sh run | i http
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
GUIDE for your router or go to http://www.cisco.com/go/sdm

I am not planning to access SDM from outside. Can I remove SDM from the router?

Federico Coto Fajardo · ‎06-11-2010

Do this and try again:

router(config)# no ip http server

Federico.

Zenith888 · ‎06-11-2010

Now I've lost HTTP access from both inside and outside. I still want to use SDM from local network.How can I achieve that?

And the main issue is port forwarding still does not forward HTTP requests to the web server

I think I got it! Apache virtual hosts had the old network addresses, which I used before installing 877. That's why I thought forwarding did not work. Testing...

Nope, looks like still no forwarding to port 80 of the web server on the lan.

Federico Coto Fajardo · ‎06-11-2010

Ok,

Please put the "ip http server'' command again to regain SDM access.

I believe the port redirection is working fine, but the internal device might not be responding appropiately.

Anyway, yo be 100% sure, could you attach a ''sh run'' and specify the IP for the connection?

Federico.

Zenith888 · ‎06-11-2010

Actually, the port forwarding works when sight accessed from outside.

Only when I am trying from the inside network by the domain name, 877 responds with its own HTTP server.

Solved!

Well, solved partially. There is a slight problem: before moving to 877 I used a cheap router from SMC, which allowed me to access my internal web server by name from inside the LAN. I could type www.domain1.com or www.domain2.com and Apache served the named host.

But now I lost the ability to access from the LAN, only the external users see my web sites. How can I re-gain access from the LAN?