Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
351
Views
0
Helpful
2
Replies

Cisco 887va Port Forwarding Problem

alexanderbird
Level 1
Level 1

‎03-28-2014 11:05 AM - edited ‎03-07-2019 06:54 PM

Hi,

I am relativly new to Cisco (So excuse any dodgy config please) and am struggling to get my port forwarding working on my Cisco 887VA, ultimately it will be for PPTP VPN's but using a online port checker it is not showing the port as open.

It works if in the NAT statment I use my external IP address, however since I have a dynamic one from my ISP this is not pratical.

I therefore tried to use an interface (As below) however this does not work... for me at least.

My config for internal and external interfaces is below.

interface Vlan1
 description LAN
 ip address 10.199.0.1 255.255.255.0
 ip flow ingress
 ip nat inside
 no ip virtual-reassembly in
 ip route-cache policy
 ip tcp adjust-mss 1452
!
interface Dialer1
 description Dialer interface for VDSL
 mtu 1492
 ip address negotiated
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip flow ingress
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname *************
 ppp chap password 0 ********
 ppp pap sent-username *********password 0 **********
 ppp ipcp dns request
 ppp ipcp route default
 ppp ipcp address accept
 no cdp enable
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!

ip dns server
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 10.199.0.7 1723 interface Dialer1 1723
ip route 0.0.0.0 0.0.0.0 Dialer1
ip route 10.200.0.0 255.255.255.0 10.199.0.2
!
access-list 1 remark Inside_Access
access-list 1 permit 10.199.0.0 0.0.0.255
dialer-list 1 protocol ip permit

 

Hopefully it is something obvious I am doing wrong.

 

Thanks
Alexander

 

Labels:
0 Helpful
2 Replies 2

ryancisco01
Level 1
Level 1

‎03-31-2014 06:34 PM

Hi Alex,

 

I try and keep the IP address off the dialer interface and insteda use Loopback interfaces where possible. try this code

 

 

interface Loopback0
 ip address negotiated
 ip nat outside

 interface Vlan1
 ip nat inside

 
 interface Dialer0
 ip unnumbered Loopback0
 
 
 ip nat inside source list 101 interface Loopback0 overload
 ip nat inside source static tcp 10.199.0.7 1723 interface Loopback0 1723
 
 ip route 0.0.0.0 0.0.0.0 Dialer0
 access-list 101 permit ip 10.199.0.0 0.0.255.255 any
 (internal LAN subnet)

0 Helpful

paul driver
VIP
VIP

‎04-01-2014 05:00 AM

Hello

Your current NAT statements are apllicable, no need to change them.

If your WAN IP changes it wont effect your connectivity.

 

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card