I've been working on this config for over month now and its driving me insane. After lot of tweaking I've got this config to work with my BT infinty 2 Internet connection which is a UK based VDSL2. NAT overload works perfectly for all my hosts. Tricky part is i can't seem port forward my web server which is assigned 10.20.20.199 and is VLAN20 on my Layer 3 switch(Please see the network diagram).What am I doing wrong ? Port forwarding works with supplied BT router (BT homehub 5) so I think it is safe to assume its not ISP side. Thanks for taking interest in this matter and for contributing. Appreciate your help.
GRYPHON#sho running-config Building configuration...
Current configuration : 4295 bytes ! ! Last configuration change at 22:42:15 UTC Mon Feb 24 2014 by cyvorex ! NVRAM config last updated at 22:52:09 UTC Thu Feb 20 2014 ! NVRAM config last updated at 22:52:09 UTC Thu Feb 20 2014 version 15.1 no service pad service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname GRYPHON ! boot-start-marker boot-end-marker ! ! enable secret 4 ! no aaa new-model memory-size iomem 10
ip source-route ! ! ! ip dhcp excluded-address 172.16.10.100 172.16.10.200 ! ip dhcp pool gryphon-pool network 172.16.10.0 255.255.255.0 dns-server 188.8.131.52 default-router 172.16.10.1 domain-name cyvorex.local lease infinite ! ! ip cef no ipv6 cef ! !
! ! vtp mode transparent
! ! ! ! controller VDSL 0 ! vlan 10,101 ! ! ! ! ! ! ! ! interface Ethernet0 no ip address ! interface Ethernet0.101 encapsulation dot1Q 101 pppoe-client dial-pool-number 1 ! interface ATM0 no ip address shutdown no atm ilmi-keepalive ! interface FastEthernet0 switchport protected no ip address ! interface FastEthernet1 no ip address ! interface FastEthernet2 no ip address ! interface FastEthernet3 no ip address ! interface Vlan1 description DMZ ip address 172.16.10.1 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface Dialer1 description ***Dialer for BT Infinity 2*** mtu 1492 ip address negotiated no ip redirects no ip unreachables no ip proxy-arp ip nbar protocol-discovery ip flow ingress ip nat outside ip virtual-reassembly in encapsulation ppp ip tcp adjust-mss 1452 dialer pool 1 ppp authentication pap chap ms-chap callin ppp chap hostname email@example.com ppp chap password 0 bt ppp ipcp address accept no cdp enable ! ip forward-protocol nd ip http server ip http authentication local ip http secure-server ! ip nat inside source list NAT interface Dialer1 overload ip nat inside source static tcp 10.20.20.199 80 Dialer1 80 ! ip route 0.0.0.0 0.0.0.0 Dialer1 ip route 10.10.10.0 255.255.255.0 172.16.10.254 ip route 10.20.20.0 255.255.255.0 172.16.10.254 ip route 10.30.30.0 255.255.255.0 172.16.10.254 ! ip access-list extended NAT permit ip 172.16.10.0 0.0.0.255 any remark access list for NAT permit ip 10.10.10.0 0.0.0.255 any permit ip 10.20.10.0 0.0.0.255 any permit ip 10.30.10.0 0.0.0.255 any remark access list for NAT ! ! ! ! ! alias exec c conf t alias exec s sho ip int br ! line con 0 line aux 0 line vty 0 4 privilege level 15 password login local transport input telnet ssh ! end
Nothing obvious here. But you can try denying the static NAT traffic from the overload statement like this..
ip access-list extended NAT
deny tcp host 10.20.20.199 80 any permit ip 172.16.10.0 0.0.0.255 any remark access list for NAT permit ip 10.10.10.0 0.0.0.255 any permit ip 10.20.10.0 0.0.0.255 any permit ip 10.30.10.0 0.0.0.255 any remark access list for NAT !
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...