Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco 887va Port Forwarding Problem

Hi,

I am relativly new to Cisco (So excuse any dodgy config please) and am struggling to get my port forwarding working on my Cisco 887VA, ultimately it will be for PPTP VPN's but using a online port checker it is not showing the port as open.

It works if in the NAT statment I use my external IP address, however since I have a dynamic one from my ISP this is not pratical.

I therefore tried to use an interface (As below) however this does not work... for me at least.

My config for internal and external interfaces is below.

interface Vlan1
 description LAN
 ip address 10.199.0.1 255.255.255.0
 ip flow ingress
 ip nat inside
 no ip virtual-reassembly in
 ip route-cache policy
 ip tcp adjust-mss 1452
!
interface Dialer1
 description Dialer interface for VDSL
 mtu 1492
 ip address negotiated
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip flow ingress
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname *************
 ppp chap password 0 ********
 ppp pap sent-username *********password 0 **********
 ppp ipcp dns request
 ppp ipcp route default
 ppp ipcp address accept
 no cdp enable
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!

ip dns server
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 10.199.0.7 1723 interface Dialer1 1723
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.200.0.0 255.255.255.0 10.199.0.2
!
access-list 1 remark Inside_Access
access-list 1 permit 10.199.0.0 0.0.0.255
dialer-list 1 protocol ip permit

 

Hopefully it is something obvious I am doing wrong.

 

Thanks
Alexander

 

2 REPLIES
New Member

Hi Alex, I try and keep the

Hi Alex,

 

I try and keep the IP address off the dialer interface and insteda use Loopback interfaces where possible. try this code

 

 

interface Loopback0
 ip address negotiated
 ip nat outside

 interface Vlan1
 ip nat inside

 
 interface Dialer0
 ip unnumbered Loopback0
 
 
 ip nat inside source list 101 interface Loopback0 overload
 ip nat inside source static tcp 10.199.0.7 1723 interface Loopback0 1723
 
 ip route 0.0.0.0 0.0.0.0 Dialer0
 access-list 101 permit ip 10.199.0.0 0.0.255.255 any
 (internal LAN subnet)

HelloYour current NAT

Hello

Your current NAT statements are apllicable, no need to change them.

If your WAN IP changes it wont effect your connectivity.

 

res

Paul

Please don't forget to rate any posts that have been helpful. Thanks.
121
Views
0
Helpful
2
Replies