Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

about a port 80 service

This is the scenario:

          LAN

       Server

  (using IIS service)                          

    [/WebFileAsp] <--------------------> (  Router   ) <--------------> INTERNET

private IP 10.10.10.2                 public IP 200.1.2.3

I want to enter through port 80 using the public ip (200.1.2.3) to a page (/WebFileAsp) on a server (10.10.10.2). I've entered the next command on the router to enable the nating:

# ip nat inside source static tcp 10.10.10.2 80 200.1.2.3 80 extendable

but I thing is not enought. I mean, by the LAN, if I enter on the url "http://10.10.10.2/WebFileAsp" I can see and access to the service, but if I enter by out of the LAN on the url "http://200.1.2.3/WebFileAsp" I cant, I mean, the browser doesnt find the page.

Here is my doubt. How can I enable the access to this specific page by internet?

I'll appreciate a lot the support. Thanks.

5 REPLIES

Re: about a port 80 service

Post a scrubbed copy of your Router config please.

New Member

Re: about a port 80 service

you need the complete sh runn?

New Member

Re: about a port 80 service

I think you need this part of the config:

ip nat inside source route-map NONAT interface FastEthernet0/0 overload

ip nat inside source static tcp 10.10.10.2 80 200.1.2.3 80 extendable

ip nat inside source static tcp 10.10.10.1 80 200.1.2.4 80 extendable

!

ip access-list standard REDISTRIBUTION

deny   0.0.0.0

permit any

!

ip access-list extended PHONELIST

permit ip any 10.20.14.0 0.0.0.31

ip access-list extended REMOTEVPN

permit ip 192.168.3.0 0.0.0.255 10.10.14.0 0.0.0.31

permit ip 10.10.0.0 0.0.63.255 10.10.14.0 0.0.0.31

permit ip 10.20.0.0 0.0.63.255 10.10.14.0 0.0.0.31

permit ip 192.168.21.0 0.0.0.255 10.10.14.0 0.0.0.31

permit ip 192.168.33.0 0.0.0.255 10.10.14.0 0.0.0.31

ip access-list extended TO_INET

deny   ip 10.10.0.0 0.0.63.255 10.10.14.0 0.0.0.31

deny   ip 10.20.0.0 0.0.63.255 10.10.14.0 0.0.0.31

deny   ip 10.20.0.0 0.0.63.255 10.20.14.0 0.0.0.31

deny   ip 192.168.3.0 0.0.0.255 any

deny   ip 10.10.0.0 0.0.63.255 192.168.21.0 0.0.0.255

deny   ip 10.20.0.0 0.0.63.255 192.168.33.0 0.0.0.255

permit ip 10.10.1.0 0.0.0.255 any

permit ip 10.20.1.128 0.0.0.127 any

ip access-list extended TO_INTERNET

permit ip 10.10.1.0 0.0.0.255 any

permit ip 10.20.1.0 0.0.0.255 any

permit ip 10.2.1.0 0.0.0.255 any

Re: about a port 80 service

Post the whole config please.

New Member

Re: about a port 80 service

The whole config:

Building configuration...

Current configuration : 6571 bytes

!

!

interface FastEthernet0/0

description *** INTERFACE A INTERNET **

ip address 200.1.2.4 255.255.255.240

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

description TRUNK_SWITCH

no ip address

duplex auto

speed auto

!

interface FastEthernet0/1.10

description *** VLAN DATA USERS ***

encapsulation dot1Q 10

ip address 10.10.1.10 255.255.255.128

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/1.11

description *** VLAN DATA SERVERS ***

encapsulation dot1Q 11

ip address 10.10.1.90 255.255.255.192

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/1.20

description *** VLAN VOICE USERS ***

encapsulation dot1Q 20

ip address 10.20.1.10 255.255.255.128

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/1.21

description VLAN *** VOICESERVERS ***

encapsulation dot1Q 21

ip address 10.20.1.90 255.255.255.192

ip nat inside

ip virtual-reassembly

!

interface Serial0/0/0

no ip address

shutdown

clock rate 2000000

!

interface Serial0/0/1

no ip address

shutdown

clock rate 2000000

!

!

ip route profile

ip route 0.0.0.0 0.0.0.0 200.1.2.4

!

ip nat inside source route-map NONAT interface FastEthernet0/0 overload

ip nat inside source static tcp 10.10.10.2 80 200.1.2.3 80 extendable

ip nat inside source static tcp 10.10.10.1 80 200.1.2.4 80 extendable

!

ip access-list standard REDISTRIBUTION

deny   0.0.0.0

permit any

!

ip access-list extended PHONELIST

permit ip any 10.20.14.0 0.0.0.31

ip access-list extended REMOTEVPN

permit ip 192.168.3.0 0.0.0.255 10.10.14.0 0.0.0.31

permit ip 10.10.0.0 0.0.63.255 10.10.14.0 0.0.0.31

permit ip 10.20.0.0 0.0.63.255 10.10.14.0 0.0.0.31

permit ip 192.168.21.0 0.0.0.255 10.10.14.0 0.0.0.31

permit ip 192.168.33.0 0.0.0.255 10.10.14.0 0.0.0.31

ip access-list extended TO_INET

deny   ip 10.10.0.0 0.0.63.255 10.10.14.0 0.0.0.31

deny   ip 10.20.0.0 0.0.63.255 10.10.14.0 0.0.0.31

deny   ip 10.20.0.0 0.0.63.255 10.20.14.0 0.0.0.31

deny   ip 192.168.3.0 0.0.0.255 any

deny   ip 10.10.0.0 0.0.63.255 192.168.21.0 0.0.0.255

deny   ip 10.20.0.0 0.0.63.255 192.168.33.0 0.0.0.255

permit ip 10.10.1.0 0.0.0.255 any

permit ip 10.20.1.128 0.0.0.127 any

ip access-list extended TO_INTERNET

permit ip 10.10.1.0 0.0.0.255 any

permit ip 10.20.1.0 0.0.0.255 any

permit ip 10.2.1.0 0.0.0.255 any

!

!

route-map NONAT permit 10

match ip address TO_INET

!

!

!

!

control-plane

!

!

!

line con 0

logging synchronous

line aux 0

line vty 0 4

transport input telnet

!

scheduler allocate 20000 1000

end

183
Views
0
Helpful
5
Replies
CreatePlease to create content