Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

1 to 1 nat not working!

Wow.  This post has been up for OVER 5 MONTHS.  Hello Cisco?  Anyone home?  KNOCK KNOCK?  I expected far better support for this, I have yet to even get this to work right. 

I've recently set up a domain of tpfnd.cat and am trying to route my five multiple IP's into various boxes.  Here's my DNS entry:

 

@ 10800 IN A 172.13.47.106
CISCO 10800 IN A 172.13.47.105
DNS 10800 IN A 172.13.47.109
SP 10800 IN A 172.13.47.108
WIMP 10800 IN A 172.13.47.107
www 10800 IN CNAME tpfnd.cat.

 

WIMP is a Windows IIS MySQL PHP box, SP is Sharepoint, DNS will be my public-facing DNS (eventually), and CISCO is the "surfing" address.

One the 1to1 I have:

 10.0.0.80172.13.47.1061Any 
 10.0.0.69172.13.47.1081Any 
 10.0.0.59172.13.47.1091Any

 

 

The access rules for WIMP are:

Always Allow     Any     Enabled     Outbound (LAN (Local Network) > WAN (Internet))     10.0.0.80     172.13.47.107     
Always Allow     Any     Enabled     Inbound (WAN (Internet) > LAN (Local Network))     172.13.47.107    

with the Inbound using Other WAN IP of .107, and the Outbound having the Source of .80 and the Destination of .107

Internally, using either the IP or FQDN, it resolves internally but only when I use Access Rules and Port Forwarding from 172.13.47.107 to 10.0.0.80 as any port.  From what I've read, you can use either 1to1 or AR and Port Forwarding, but don't have to use both...but if I disable the PF it brings up the Cisco login, even with the 1to1 enabled.  And none of it works externally from outside my network.

The firmware is 1.0.4.14, the newest version. I've spent almost a week trying to figure this out, which options are correct, but have yet to get it to work.  And my logs seem empty too, even though I've set them to record everything...HELP!
 

Everyone's tags (1)
2 REPLIES
Cisco Employee

Matt, What is the purpose of

Matt,

 

What is the purpose of the ACLs?  You are permitting outbound traffic only to the public address that you own.  Try either disabling the rules or changing the outbound destination to ANY.

Community Member

I had a Cisco TAC guy remote

I had a Cisco TAC guy remote in and do that (removed the Outbound Rule), it actually worked for 24 hours.  Then while I was at work the rv180 locked up, rebooted it, and once again I'm getting "Connection Refused" even using the IP http://172.13.47.107/

The current ACL is Inbound, Always Allow, HTTP, Source ANY, DNAT 10.0.0.92, Use other WAN enabled, WAN IP 172.13.47.107 and the rule is enabled. 

It's driving me nuts.

97
Views
0
Helpful
2
Replies
CreatePlease to create content