×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

port forwarding in cisco 2621 router issues

Answered Question
Dec 24th, 2013
User Badges:

Hello all,


I have a router 2621. I configured it for port forwarding. I need to forward the public ip 115.115.123.xxx 8086 to 192.168.1.130 8086. But I cant connect. Please shed a light on this.

Here i shows the output of my show run command


Building configuration...


Current configuration : 1451 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname RouterA
!
enable secret 5 $1$l/ko$sibpgYNMefNJLRWO477l70
enable password cisco12$
!
ip subnet-zero
!
!
ip name-server 192.168.1.1
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip name-server 192.168.1.10
ip dhcp excluded-address 192.168.1.10 192.168.1.254
!
ip dhcp pool LAN
   network 192.168.1.0 255.255.255.0
!
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description WAN
ip address 115.115.123.xxx 255.255.255.252
ip nat outside
duplex auto
speed auto
no cdp enable
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
description LAN
ip address 192.168.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
!
ip nat pool mjsoft 115.115.123.xxx 115.115.123.xxx netmask 255.255.255.252
ip nat inside source list 1 pool mjsoft overload
ip nat inside source static tcp 192.168.1.130 8086 interface FastEthernet0/0 8086
ip classless
ip route 0.0.0.0 0.0.0.0 115.115.123.xxx - gateway
ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
snmp-server community public RO
snmp-server enable traps tty
!
dial-peer cor custom
!
!
!
!
!
line con 0
password cisco
login
line aux 0
line vty 0 4
exec-timeout 30 0
password cisco
logging synchronous
login
transport input telnet ssh
line vty 5 15
password cisco
login
!
end


Thanks in advance

Correct Answer by cadet alain about 3 years 7 months ago

Hi,

In this case if you can connect from Outside world it means your static PAT is working correctly.

if you try from the router itself then there will be no NAT involved and as there is no process listening on this protocol/port on the router it will not respond.


Regards


Alain



Don't forget to rate helpful posts.

Correct Answer by cadet alain about 3 years 7 months ago

Hi Sooraj,

You didn't tell us how you are testing your static PAT, from where are you trying to connect to this server ?

Can you verify that the server knows how to reply  by pinging 8.8.8.8 on the server

what did you do before issuing the sh ip nat translation command ?

Can you redo telnet 192.168.1.130 8086  with following debug: debug ip tcp transaction and post the debug output


Regards


Alain



Don't forget to rate helpful posts.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
johnlloyd_13 Tue, 12/24/2013 - 02:55
User Badges:
  • Blue, 1500 points or more

Hi,

Could you try:

ip nat inside source static tcp 192.168.1.130 8086 115.115.123.x 8086

Add another line for UDP if the above doesn't work.


Sent from Cisco Technical Support iPhone App

johnlloyd_13 Tue, 12/24/2013 - 03:24
User Badges:
  • Blue, 1500 points or more

Hi,

Can you ping 192.168.1.130 and an external IP, i.e. 8.8.8.8?


Sent from Cisco Technical Support iPhone App

soorajn2011 Tue, 12/24/2013 - 03:30
User Badges:

Yes i can ping 192.168.1.130 and my public IP 115.115.123.xxx

johnlloyd_13 Tue, 12/24/2013 - 03:42
User Badges:
  • Blue, 1500 points or more

Ok. How about ping to ISP next hop IP or 8.8.8.8?

Could you post output of 'telnet 192.168.1.130 8086' and 'show ip nat translations' commands from 2621?

Sent from Cisco Technical Support iPhone App

soorajn2011 Wed, 12/25/2013 - 21:06
User Badges:

Hello,


The output of Telnet 192.168.1.130 8086 is


RouterA#telnet 192.168.1.130 8086

Trying 192.168.1.130, 8086 ... Open


[Connection to 192.168.1.130 closed by foreign host]


The output of show ip nat translation is

tcp 115.115.123.202:2479  192.168.1.124:2479    108.160.162.36:80     108.160.162.36:80

tcp 115.115.123.202:51289 192.168.1.208:51289   74.125.236.53:443     74.125.236.53:443

udp 115.115.123.202:55677 192.168.1.100:55677   208.67.222.222:53     208.67.222.222:53

tcp 115.115.123.202:50330 192.168.1.207:50330   74.125.200.18:443     74.125.200.18:443

tcp 115.115.123.202:2173  192.168.1.124:2173    74.125.236.53:443     74.125.236.53:443

tcp 115.115.123.202:60165 192.168.1.205:60165   54.230.158.185:80     54.230.158.185:80

tcp 115.115.123.202:60166 192.168.1.205:60166   54.230.158.185:80     54.230.158.185:80

tcp 115.115.123.202:60167 192.168.1.205:60167   54.230.158.185:80     54.230.158.185:80

tcp 115.115.123.202:60168 192.168.1.205:60168   54.230.158.185:80     54.230.158.185:80

tcp 115.115.123.202:60169 192.168.1.205:60169   54.230.158.185:80     54.230.158.185:80

tcp 115.115.123.202:60170 192.168.1.205:60170   54.230.158.185:80     54.230.158.185:80

tcp 115.115.123.202:60179 192.168.1.205:60179   54.230.158.185:80     54.230.158.185:80

tcp 115.115.123.202:1598  192.168.1.100:1598    23.41.65.227:443      23.41.65.227:443

tcp 115.115.123.202:1599  192.168.1.100:1599    23.41.65.227:443      23.41.65.227:443

tcp 115.115.123.202:60501 192.168.1.205:60501   74.125.200.132:443    74.125.200.132:443

icmp 115.115.123.202:60501 192.168.1.205:60501  74.125.200.132:443    74.125.200.132:443

tcp 115.115.123.202:54477 192.168.1.204:54477   5.79.83.18:1002       5.79.83.18:1002

tcp 115.115.123.202:60201 192.168.1.205:60201   54.230.158.185:80     54.230.158.185:80

tcp 115.115.123.202:54479 192.168.1.204:54479   5.79.83.18:1002       5.79.83.18:1002

tcp 115.115.123.202:1597  192.168.1.100:1597    74.125.200.17:80      74.125.200.17:80

tcp 115.115.123.202:54483 192.168.1.204:54483   5.79.83.18:1002       5.79.83.18:1002

tcp 115.115.123.202:54484 192.168.1.204:54484   5.79.83.18:1002       5.79.83.18:1002

tcp 115.115.123.202:1604  192.168.1.100:1604    74.125.200.17:80      74.125.200.17:80

tcp 115.115.123.202:54487 192.168.1.204:54487   5.79.83.18:1002       5.79.83.18:1002

tcp 115.115.123.202:60683 192.168.1.205:60683   199.38.164.165:80     199.38.164.165:80

tcp 115.115.123.202:54493 192.168.1.204:54493   5.79.83.18:1002       5.79.83.18:1002

tcp 115.115.123.202:54495 192.168.1.204:54495   5.79.83.18:1002       5.79.83.18:1002

tcp 115.115.123.202:54501 192.168.1.204:54501   5.79.83.18:1002       5.79.83.18:1002

tcp 115.115.123.202:49911 192.168.1.202:49911   98.139.235.96:80      98.139.235.96:80

tcp 115.115.123.202:54504 192.168.1.204:54504   5.79.83.18:1002       5.79.83.18:1002

tcp 115.115.123.202:54506 192.168.1.204:54506   5.79.83.18:1002       5.79.83.18:1002

tcp 115.115.123.202:53758 192.168.1.204:53758   149.174.97.86:80      149.174.97.86:80

udp 115.115.123.202:51089 192.168.1.10:51089    192.150.16.247:53     192.150.16.247:53

udp 115.115.123.202:50012 192.168.1.202:50012   12.127.17.71:53       12.127.17.71:53

tcp 115.115.123.202:60295 192.168.1.205:60295   54.230.158.153:80     54.230.158.153:80

tcp 115.115.123.202:60602 192.168.1.205:60602   67.215.80.135:80      67.215.80.135:80

tcp 115.115.123.202:60603 192.168.1.205:60603   67.215.80.135:80      67.215.80.135:80

tcp 115.115.123.202:60525 192.168.1.205:60525   96.7.100.174:80       96.7.100.174:80

tcp 115.115.123.202:60527 192.168.1.205:60527   96.7.100.174:80       96.7.100.174:80

tcp 115.115.123.202:60294 192.168.1.205:60294   54.230.158.185:80     54.230.158.185:80

tcp 115.115.123.202:49910 192.168.1.202:49910   98.139.243.168:80     98.139.243.168:80

udp 115.115.123.202:52956 192.168.1.10:52956    98.124.192.1:53       98.124.192.1:53

tcp 115.115.123.202:50428 192.168.1.160:50428   74.125.200.94:443     74.125.200.94:443

tcp 115.115.123.202:49739 192.168.1.90:49739    108.160.162.101:80    108.160.162.101:80

tcp 115.115.123.202:49741 192.168.1.90:49741    108.160.162.101:80    108.160.162.101:80

tcp 115.115.123.202:49743 192.168.1.90:49743    108.160.162.101:80    108.160.162.101:80

tcp 115.115.123.202:60644 192.168.1.205:60644   74.125.200.155:443    74.125.200.155:443

udp 115.115.123.202:51641 192.168.1.10:51641    217.17.46.189:53      217.17.46.189:53

tcp 115.115.123.202:49902 192.168.1.202:49902   176.32.100.249:443    176.32.100.249:443

tcp 115.115.123.202:49903 192.168.1.202:49903   176.32.100.249:443    176.32.100.249:443

tcp 115.115.123.202:49904 192.168.1.202:49904   176.32.100.249:443    176.32.100.249:443

tcp 115.115.123.202:49905 192.168.1.202:49905   176.32.100.249:443    176.32.100.249:443

tcp 115.115.123.202:49906 192.168.1.202:49906   176.32.100.249:443    176.32.100.249:443

tcp 115.115.123.202:49907 192.168.1.202:49907   176.32.100.249:443    176.32.100.249:443

cadet alain Tue, 12/24/2013 - 07:19
User Badges:
  • Purple, 4500 points or more

Hi,

How are you testing your static PAT config ?

did you verify the server is listening on this port ?

Is there any firewall on this machine prohibiting access from some IPs ?

Is your NAT statement working ---> sh ip nat translation | i 192.168.1.130


Regards


Alain



Don't forget to rate helpful posts.

soorajn2011 Wed, 12/25/2013 - 21:00
User Badges:

Hello Cadet Alain,


The output of sh ip nat translation | i 192.168.1.130



RouterA#show ip nat translations | i 192.168.1.130


tcp 115.115.123.xxx:8086  192.168.1.130:8086    ---                   ---



Also I disabled firewall in 192.168.1.130 machine


Please shed a light on this


Thanks in advance


Sooraj N

Correct Answer
cadet alain Thu, 12/26/2013 - 02:47
User Badges:
  • Purple, 4500 points or more

Hi Sooraj,

You didn't tell us how you are testing your static PAT, from where are you trying to connect to this server ?

Can you verify that the server knows how to reply  by pinging 8.8.8.8 on the server

what did you do before issuing the sh ip nat translation command ?

Can you redo telnet 192.168.1.130 8086  with following debug: debug ip tcp transaction and post the debug output


Regards


Alain



Don't forget to rate helpful posts.

soorajn2011 Thu, 12/26/2013 - 03:05
User Badges:

Hello cadet alain,


I am trying to connect to this server under the router itself. But when I am trying to connect to the server from outside world, its working fine


Thanks alot.

Correct Answer
cadet alain Fri, 12/27/2013 - 02:51
User Badges:
  • Purple, 4500 points or more

Hi,

In this case if you can connect from Outside world it means your static PAT is working correctly.

if you try from the router itself then there will be no NAT involved and as there is no process listening on this protocol/port on the router it will not respond.


Regards


Alain



Don't forget to rate helpful posts.

Actions

This Discussion