i have newbie question. We have the following situation:
A brachnoffice in Hungary is connected to our headoffice in Germany via IPSEC-VPN. Everything is working fine, all necessary traffic goes through the tunnels.
But if i set up a port forwarding (port 443) on the Router (1812) in Hungary to a server in the hungarian network, i cannot reach the server over the internal network from Germany. The port forwarding is working but if i use a private address from internal just the used port is not working.
Do you have any hints for me??
Thanks for your help
your problen is this:
access-list 103 deny tcp any host $PUBLIC_IP eq 443
description Interface zum Provider
ip address $PUBLIC_IP 255.255.255.248
ip access-group 103 in
ip nat outside
crypto map Erlangen
HTH, rate if it does.
thanks for the fast response, but i don?t think that this entry is the problem, because i also tested it with an other port (1677).
I used a second public IP-Address (which we also bought) for the port forwarding.
i did what you said and removed the complete access-list 103 and then it works from internal and external.
But can you tell me which statement is blocking the internal requests? Or do you know a debug setting which can tell me what is the reason for the blocking?
Thank for now.
That was good news!
OK if you want to see which statement is blocking you need to enable logging of your acl's statement.
like this :
access-list 1 permit 184.108.40.206 0.0.255.255 log
access-list 1 deny 220.127.116.11 0.0.255.255 log
access-list 1 permit 18.104.22.168 0.0.255.255 log-input
access-list 1 deny 22.214.171.124 0.0.255.255 log-input.
HTH,rate if it does
OK, thanks for the hint.
Do you see, maybe, an error in the access-list? Or will i need further statements to allow the access??
i have bad news. I tried again to disable the access-list to check what statement is blocking my requests, but this times after applying the portforwading rule (ip nat inside source static tcp internal_IP 443 external_IP 443) i had also no internal access to the server.
I have no idea to fix that problem... :o(
Maybe someone else???
Which ip do you use from the inside, when you try to access your server. You cannot use de global DNS name (i.e the external_IP )
You either need an internal dns or edit the host file on your computers.
i use 192.168.2.252 from internal.
We also have a working DNS. I want to use the same DNS-Name from internal and from external. The internal DNS should point to the internal address and an official DNS-Record should point to the external, public IP.
i was away for a week on vacation.
I think the problem is the communication between Germany and Hungary over VPN, because if i insert the portforwarding statement the server is reachable from the internet and from the local network in Hungary. But from the german Network it cannot be reached.
Do somebody see my mistake in the configuration??
Thanks in advance