Solved: Re: Port Forward to HTTP server - Cisco 3745

jwood1650 · ‎04-19-2012

I need help getting access to my http server. I have a host name that I configured to point to my IPS IP address. Port 80 is enabled on my server, but I can't seem to get access it from my web address (www.jkkcc.com)

Here is my config for my router:

3745-Internet#show run

Building configuration...

Current configuration : 2331 bytes

!

version 12.4

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname 3745-Internet

!

boot-start-marker

boot system flash:

boot-end-marker

!

no logging buffered

!

aaa new-model

!

aaa authentication login default local

aaa authorization exec default local

!

aaa session-id common

memory-size iomem 25

no network-clock-participate slot 2

ip cef

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.2.1 192.168.2.150

!

ip dhcp pool HOME-Network

network 192.168.2.0 255.255.255.0

default-router 192.168.2.1

dns-server 192.168.2.127 192.168.1.128

!

ip dhcp pool home-network

!

ip domain name www.jkkcc.com

ip name-server 192.168.2.127

!

multilink bundle-name authenticated

parameter-map type regex sdm-regex-nonascii

pattern [^\x00-\x80]

!

username woodjl1650 privilege 15 password 0 henry999

archive

log config

hidekeys

!

interface FastEthernet0/0

description $FW_OUTSIDE$

ip address dhcp

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

!

interface FastEthernet0/0.1

!

interface Serial0/0

description $FW_INSIDE$

ip address 10.0.1.9 255.255.255.248

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/1

description $FW_INSIDE$

ip address 192.168.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

!

interface Serial0/1

description $FW_INSIDE$

ip address 10.0.1.5 255.255.255.248

ip nat inside

ip virtual-reassembly

!

router eigrp 1

network 10.0.0.0

network 192.168.2.0

network 192.168.3.0

network 192.168.4.0

network 192.168.6.0

network 192.168.10.0

network 192.168.11.0

no auto-summary

!

ip route 192.168.4.0 255.255.255.0 192.168.3.5

!

no ip http server

ip http authentication local

no ip http secure-server

ip nat inside source list 15 interface FastEthernet0/0 overload

!

access-list 15 permit 192.168.2.0 0.0.0.255

access-list 15 permit 192.168.3.0 0.0.0.255

access-list 15 permit 192.168.4.0 0.0.0.255

access-list 15 permit 10.0.1.0 0.0.0.7

access-list 15 permit 10.0.1.8 0.0.0.7

snmp-server community public RO

snmp-server community private RW

snmp-server enable traps tty

!

control-plane

!

line con 0

line aux 0

line vty 0 4

privilege level 15

transport input telnet

!

webvpn cef

!

end

Dennis Mink · ‎04-22-2012

Jonathan,

is this a continuation of one of your older posts?

https://supportforums.cisco.com/thread/2135614

I see no PAT in your config above that forwards port 80 on your outbound interface to the ip address of your web server.

add

ip nat inside source static tcp 192.168.2.x 80 interface FastEthernet0/0 80 (where 192.168.2.x, is the IP address of your web server).

also you might want to create an inbound access list on fa0/0 to allow traffic on port 80 to be allowed through.

let me know if you need more details

Please remember to rate useful posts, by clicking on the stars below.

View solution in original post

Dennis Mink · ‎04-22-2012

Jonathan,

is this a continuation of one of your older posts?

https://supportforums.cisco.com/thread/2135614

I see no PAT in your config above that forwards port 80 on your outbound interface to the ip address of your web server.

add

ip nat inside source static tcp 192.168.2.x 80 interface FastEthernet0/0 80 (where 192.168.2.x, is the IP address of your web server).

also you might want to create an inbound access list on fa0/0 to allow traffic on port 80 to be allowed through.

let me know if you need more details

Please remember to rate useful posts, by clicking on the stars below.

jwood1650 · ‎04-30-2012

would the access list look like?

access list 15 fa0/0 80

jwood1650 · ‎04-30-2012

would you please be able to help me with the access list config?

Parvesh Paliwal · ‎05-01-2012

Dear Jonath,

You just need to enter the following command at the configuration prompt:

"access-list 104 permit ip any any"

This command allows all ip traffic. But I dont think that you need an acl here in the suggestion above.

BTW: If the above config(as suggested by minkdennis) does not work, you can go for below commands:

Int fa0/0 ---------Interface where your server is connected.

ip nat inside

Int fa0/1 ------------ Interface that is connecting your router to wan

ip nat outside

exit

ip nat inside source list 104 int fa0/1 overload

access-list 104 permit ip any any

ip nat inside source static tcp 192.x.x.x 80 int 11.x.x.x 80 ---- where 192.x.x.x is the server ip and 11.x.x.x is your wan ip.

Please revert if I can do something for you !!

--

Parvesh

jwood1650 · ‎05-01-2012

Does my web server need to be plugged directly to the router? Right now f0/1 is connected to my switch where my web server is connect as well.

Sent from Cisco Technical Support iPhone App