03-06-2008 11:45 AM - edited 03-05-2019 09:36 PM
Hi all,
I have a problem with a router cisco 837 on my work. That is the configuration:
1 DSL Wan Interface named ATM0.1 with the external ip Ex: 80.36.25.24 and NAT outside, and the ethernet interface with internal ip ex: 172.26.0.254 and NAT inside.
The nat config is:
ip nat inside source list 102 interface ATM0.1 overload
ip nat inside source static tcp 172.26.0.1 8081 interface ATM0.1 8081
That's work fine if i try to connect with my browser from the external(ex: my house) to my work to the port 8081.
But, doesn`t work if i try to connect from my computer in the office using my external ip and port on the browser. URL ex: http://80.36.25.24:8081. My computer have the ip 172.26.0.53.
Wich are the correct configuration for that work correctly??
03-06-2008 12:03 PM
Can you post the entire config?
03-06-2008 12:20 PM
Yes, this is the conf
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname C837
!
logging queue-limit 100
no logging buffered
!
ip subnet-zero
ip name-server 80.58.61.250
ip name-server 80.58.61.254
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool CLIENT
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 80.58.61.250 80.58.61.254
lease 4
!
!
ip audit notify log
ip audit po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
ip address 172.30.29.254 255.255.255.0 secondary
ip address 192.168.1.1 255.255.255.0
ip access-group 103 in
ip nat inside
ip tcp adjust-mss 1452
hold-queue 100 out
no sh
!
interface ATM0
no ip address
no ip route-cache
no ip mroute-cache
atm vc-per-vp 256
no atm ilmi-keepalive
dsl operating-mode auto
no sh
!
interface ATM0.1 point-to-point
ip address 80.36.25.24 255.255.255.128
ip nat outside
no ip route-cache
no ip mroute-cache
no sh
pvc 8/32
encapsulation aal5snap
!
!
ip nat inside source list 102 interface ATM0.1 overload
ip nat inside source static tcp 172.30.29.1 8081 interface ATM0.1 8081
ip classless
ip route 0.0.0.0 0.0.0.0 ATM0.1
no ip http server
no ip http secure-server
!
access-list 23 permit 172.30.29.0 0.0.0.255
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip 172.30.29.0 0.0.0.255 any
access-list 103 deny ip 192.168.1.0 0.0.0.255 172.30.29.0 0.0.0.255
access-list 103 permit ip any any
dialer-list 1 protocol ip permit
!
scheduler max-task-time 5000
!
end
03-06-2008 12:38 PM
Two things:
1.) You say the interface address for your ethernet interface is 172.26.0.254, but its not.
interface Ethernet0
ip address 172.30.29.254 255.255.255.0 secondary
ip address 192.168.1.1 255.255.255.0
ip access-group 103 in
ip nat inside
ip tcp adjust-mss 1452
hold-queue 100 out
no sh
2.) If you are on the 172.26.0.0/24 network (you say your PC address is 172.26.0.53), your traffic will not be NAT'ed because ACL 102 is not permitting it.
ip nat inside source list 102 interface ATM0.1 overload
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip 172.30.29.0 0.0.0.255 any
HTH
Victor
03-06-2008 01:48 PM
sorry victor, i wrote wrong ip on the original message. the correct segment on lan is 172.30.29.0.
Can you see any solutions?
Many thanks,
03-06-2008 01:50 PM
Ok, but whats your PC's IP address...
PC>ipconfig
03-06-2008 02:05 PM
the ip is 172.30.29.106
Pablo
03-06-2008 06:40 PM
I really dont see anything wrong with this configuration that would prevent you from accessing the Internet.
Are you being NAT'ed?
Do a "sh ip nat trans" and see if youre being translated.
Ill think of other stuff...
Victor
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide