Solved: port forwarding in cisco 2621 router issues

soorajn2011 · ‎12-24-2013

Hello all,

I have a router 2621. I configured it for port forwarding. I need to forward the public ip 115.115.123.xxx 8086 to 192.168.1.130 8086. But I cant connect. Please shed a light on this.

Here i shows the output of my show run command

Building configuration...

Current configuration : 1451 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname RouterA
!
enable secret 5 $1$l/ko$sibpgYNMefNJLRWO477l70
enable password cisco12$
!
ip subnet-zero
!
!
ip name-server 192.168.1.1
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip name-server 192.168.1.10
ip dhcp excluded-address 192.168.1.10 192.168.1.254
!
ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
!
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description WAN
ip address 115.115.123.xxx 255.255.255.252
ip nat outside
duplex auto
speed auto
no cdp enable
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
description LAN
ip address 192.168.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
!
ip nat pool mjsoft 115.115.123.xxx 115.115.123.xxx netmask 255.255.255.252
ip nat inside source list 1 pool mjsoft overload
ip nat inside source static tcp 192.168.1.130 8086 interface FastEthernet0/0 8086
ip classless
ip route 0.0.0.0 0.0.0.0 115.115.123.xxx - gateway
ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
snmp-server community public RO
snmp-server enable traps tty
!
dial-peer cor custom
!
!
!
!
!
line con 0
password cisco
login
line aux 0
line vty 0 4
exec-timeout 30 0
password cisco
logging synchronous
login
transport input telnet ssh
line vty 5 15
password cisco
login
!
end

Thanks in advance

cadet alain · ‎12-26-2013

Hi Sooraj,

You didn't tell us how you are testing your static PAT, from where are you trying to connect to this server ?

Can you verify that the server knows how to reply by pinging 8.8.8.8 on the server

what did you do before issuing the sh ip nat translation command ?

Can you redo telnet 192.168.1.130 8086 with following debug: debug ip tcp transaction and post the debug output

Regards

Alain

Don't forget to rate helpful posts.

View solution in original post

cadet alain · ‎12-27-2013

Hi,

In this case if you can connect from Outside world it means your static PAT is working correctly.

if you try from the router itself then there will be no NAT involved and as there is no process listening on this protocol/port on the router it will not respond.

Regards

Alain

Don't forget to rate helpful posts.

View solution in original post

johnlloyd_13 · ‎12-24-2013

Hi,

Could you try:

ip nat inside source static tcp 192.168.1.130 8086 115.115.123.x 8086

Add another line for UDP if the above doesn't work.

Sent from Cisco Technical Support iPhone App

soorajn2011 · ‎12-24-2013

Same issue. Its not working

please help me

johnlloyd_13 · ‎12-24-2013

Hi,

Can you ping 192.168.1.130 and an external IP, i.e. 8.8.8.8?

Sent from Cisco Technical Support iPhone App

soorajn2011 · ‎12-24-2013

Yes i can ping 192.168.1.130 and my public IP 115.115.123.xxx

johnlloyd_13 · ‎12-24-2013

Ok. How about ping to ISP next hop IP or 8.8.8.8?

Could you post output of 'telnet 192.168.1.130 8086' and 'show ip nat translations' commands from 2621?

Sent from Cisco Technical Support iPhone App

soorajn2011 · ‎12-25-2013

Hello,

The output of Telnet 192.168.1.130 8086 is

RouterA#telnet 192.168.1.130 8086

Trying 192.168.1.130, 8086 ... Open

[Connection to 192.168.1.130 closed by foreign host]

The output of show ip nat translation is

tcp 115.115.123.202:2479 192.168.1.124:2479 108.160.162.36:80 108.160.162.36:80

tcp 115.115.123.202:51289 192.168.1.208:51289 74.125.236.53:443 74.125.236.53:443

udp 115.115.123.202:55677 192.168.1.100:55677 208.67.222.222:53 208.67.222.222:53

tcp 115.115.123.202:50330 192.168.1.207:50330 74.125.200.18:443 74.125.200.18:443

tcp 115.115.123.202:2173 192.168.1.124:2173 74.125.236.53:443 74.125.236.53:443

tcp 115.115.123.202:60165 192.168.1.205:60165 54.230.158.185:80 54.230.158.185:80

tcp 115.115.123.202:60166 192.168.1.205:60166 54.230.158.185:80 54.230.158.185:80

tcp 115.115.123.202:60167 192.168.1.205:60167 54.230.158.185:80 54.230.158.185:80

tcp 115.115.123.202:60168 192.168.1.205:60168 54.230.158.185:80 54.230.158.185:80

tcp 115.115.123.202:60169 192.168.1.205:60169 54.230.158.185:80 54.230.158.185:80

tcp 115.115.123.202:60170 192.168.1.205:60170 54.230.158.185:80 54.230.158.185:80

tcp 115.115.123.202:60179 192.168.1.205:60179 54.230.158.185:80 54.230.158.185:80

tcp 115.115.123.202:1598 192.168.1.100:1598 23.41.65.227:443 23.41.65.227:443

tcp 115.115.123.202:1599 192.168.1.100:1599 23.41.65.227:443 23.41.65.227:443

tcp 115.115.123.202:60501 192.168.1.205:60501 74.125.200.132:443 74.125.200.132:443

icmp 115.115.123.202:60501 192.168.1.205:60501 74.125.200.132:443 74.125.200.132:443

tcp 115.115.123.202:54477 192.168.1.204:54477 5.79.83.18:1002 5.79.83.18:1002

tcp 115.115.123.202:60201 192.168.1.205:60201 54.230.158.185:80 54.230.158.185:80

tcp 115.115.123.202:54479 192.168.1.204:54479 5.79.83.18:1002 5.79.83.18:1002

tcp 115.115.123.202:1597 192.168.1.100:1597 74.125.200.17:80 74.125.200.17:80

tcp 115.115.123.202:54483 192.168.1.204:54483 5.79.83.18:1002 5.79.83.18:1002

tcp 115.115.123.202:54484 192.168.1.204:54484 5.79.83.18:1002 5.79.83.18:1002

tcp 115.115.123.202:1604 192.168.1.100:1604 74.125.200.17:80 74.125.200.17:80

tcp 115.115.123.202:54487 192.168.1.204:54487 5.79.83.18:1002 5.79.83.18:1002

tcp 115.115.123.202:60683 192.168.1.205:60683 199.38.164.165:80 199.38.164.165:80

tcp 115.115.123.202:54493 192.168.1.204:54493 5.79.83.18:1002 5.79.83.18:1002

tcp 115.115.123.202:54495 192.168.1.204:54495 5.79.83.18:1002 5.79.83.18:1002

tcp 115.115.123.202:54501 192.168.1.204:54501 5.79.83.18:1002 5.79.83.18:1002

tcp 115.115.123.202:49911 192.168.1.202:49911 98.139.235.96:80 98.139.235.96:80

tcp 115.115.123.202:54504 192.168.1.204:54504 5.79.83.18:1002 5.79.83.18:1002

tcp 115.115.123.202:54506 192.168.1.204:54506 5.79.83.18:1002 5.79.83.18:1002

tcp 115.115.123.202:53758 192.168.1.204:53758 149.174.97.86:80 149.174.97.86:80

udp 115.115.123.202:51089 192.168.1.10:51089 192.150.16.247:53 192.150.16.247:53

udp 115.115.123.202:50012 192.168.1.202:50012 12.127.17.71:53 12.127.17.71:53

tcp 115.115.123.202:60295 192.168.1.205:60295 54.230.158.153:80 54.230.158.153:80

tcp 115.115.123.202:60602 192.168.1.205:60602 67.215.80.135:80 67.215.80.135:80

tcp 115.115.123.202:60603 192.168.1.205:60603 67.215.80.135:80 67.215.80.135:80

tcp 115.115.123.202:60525 192.168.1.205:60525 96.7.100.174:80 96.7.100.174:80

tcp 115.115.123.202:60527 192.168.1.205:60527 96.7.100.174:80 96.7.100.174:80

tcp 115.115.123.202:60294 192.168.1.205:60294 54.230.158.185:80 54.230.158.185:80

tcp 115.115.123.202:49910 192.168.1.202:49910 98.139.243.168:80 98.139.243.168:80

udp 115.115.123.202:52956 192.168.1.10:52956 98.124.192.1:53 98.124.192.1:53

tcp 115.115.123.202:50428 192.168.1.160:50428 74.125.200.94:443 74.125.200.94:443

tcp 115.115.123.202:49739 192.168.1.90:49739 108.160.162.101:80 108.160.162.101:80

tcp 115.115.123.202:49741 192.168.1.90:49741 108.160.162.101:80 108.160.162.101:80

tcp 115.115.123.202:49743 192.168.1.90:49743 108.160.162.101:80 108.160.162.101:80

tcp 115.115.123.202:60644 192.168.1.205:60644 74.125.200.155:443 74.125.200.155:443

udp 115.115.123.202:51641 192.168.1.10:51641 217.17.46.189:53 217.17.46.189:53

tcp 115.115.123.202:49902 192.168.1.202:49902 176.32.100.249:443 176.32.100.249:443

tcp 115.115.123.202:49903 192.168.1.202:49903 176.32.100.249:443 176.32.100.249:443

tcp 115.115.123.202:49904 192.168.1.202:49904 176.32.100.249:443 176.32.100.249:443

tcp 115.115.123.202:49905 192.168.1.202:49905 176.32.100.249:443 176.32.100.249:443

tcp 115.115.123.202:49906 192.168.1.202:49906 176.32.100.249:443 176.32.100.249:443

tcp 115.115.123.202:49907 192.168.1.202:49907 176.32.100.249:443 176.32.100.249:443

cadet alain · ‎12-24-2013

Hi,

How are you testing your static PAT config ?

did you verify the server is listening on this port ?

Is there any firewall on this machine prohibiting access from some IPs ?

Is your NAT statement working ---> sh ip nat translation | i 192.168.1.130

Regards

Alain

Don't forget to rate helpful posts.

soorajn2011 · ‎12-25-2013

Hello Cadet Alain,

The output of sh ip nat translation | i 192.168.1.130

RouterA#show ip nat translations | i 192.168.1.130

tcp 115.115.123.xxx:8086 192.168.1.130:8086 --- ---

Also I disabled firewall in 192.168.1.130 machine

Please shed a light on this

Thanks in advance

Sooraj N

cadet alain · ‎12-26-2013

Hi Sooraj,

You didn't tell us how you are testing your static PAT, from where are you trying to connect to this server ?

Can you verify that the server knows how to reply by pinging 8.8.8.8 on the server

what did you do before issuing the sh ip nat translation command ?

Can you redo telnet 192.168.1.130 8086 with following debug: debug ip tcp transaction and post the debug output

Regards

Alain

Don't forget to rate helpful posts.

soorajn2011 · ‎12-26-2013

Hello cadet alain,

I am trying to connect to this server under the router itself. But when I am trying to connect to the server from outside world, its working fine

Thanks alot.

cadet alain · ‎12-27-2013

Hi,

In this case if you can connect from Outside world it means your static PAT is working correctly.

if you try from the router itself then there will be no NAT involved and as there is no process listening on this protocol/port on the router it will not respond.

Regards

Alain

Don't forget to rate helpful posts.