Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IP NAT for Web Server---Cisco 3640

I am trying to setup my web server, but I am having trouble trying to figure out how to direct outside traffic to that server and not to the router itself when the WAN IP address is entered.

Topology=  Cable Modem -----> Cisco 3640 ----> Switch -----> WinServ1 (Web Server)

My current show run:

3640-Internet#show run

Building configuration...

Current configuration : 1771 bytes

!

version 12.4

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname 3640-Internet

!

boot-start-marker

boot system flash:1

boot system flash c3640-ik9o3s-mz.124-7h.bin

boot-end-marker

!

!

no aaa new-model

memory-size iomem 25

!

!

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.2.1 192.168.2.150

!

ip dhcp pool 192.168.2.0/24

   network 192.168.2.0 255.255.255.0

   default-router 192.168.2.1

   dns-server 8.8.8.8 8.8.4.4

!

!

!

!

!

!

!

!

!

!

!

!

username 9

!

!

!

!

interface FastEthernet0/0

ip address dhcp

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

!

interface Serial0/0

no ip address

shutdown

clock rate 2000000

!

interface FastEthernet0/1

ip address 192.168.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

!

interface Serial0/1

no ip address

shutdown

clock rate 2000000

!

interface Ethernet3/0

no ip address

shutdown

half-duplex

!

interface Ethernet3/1

no ip address

shutdown

half-duplex

!

ip http server

ip http authentication local

!

ip forward-protocol nd

!

ip nat inside source list 15 interface FastEthernet0/0 overload

!

access-list 15 permit 192.169.2.0 0.0.0.255

access-list 15 permit 192.168.2.0 0.0.0.255

snmp-server community public RO

snmp-server community private RW

snmp-server enable traps tty

!

control-plane

!

!

dial-peer cor custom

!

!

!

!

gatekeeper

shutdown

!

!

line con 0

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet

!

!

end

3640-Internet#

1 ACCEPTED SOLUTION

Accepted Solutions
Purple

IP NAT for Web Server---Cisco 3640

Hi,

yes you should try it from an outside address because hairpinning is not available on this type of router, the only way to access it from outside would be using DNS doctoring by using a fqdn and having the record on an external DNS server.

Regards.

Alain

Don't forget to rate helpful posts.
10 REPLIES
Purple

IP NAT for Web Server---Cisco 3640

Hi,

ip nat inside source static tcp x.x.x.x 80 interface f0/0 80   where x.x.x.x is the inside address of the web server

Regards.

Alain

Don't forget to rate helpful posts.
New Member

IP NAT for Web Server---Cisco 3640

Cool, just applied that and still I get passed the the SDM and not the web server.  When I type me web address it goes to the SDM of the router and not the web server.  I am using my inside network to try and test this out, do I need to try and access it via differnet outside IP address?

I went to my domain host, godaddy.com and config it to forward you to my outside IP address when the web address is typed.  That part seems to be working.

Any ideas?

Purple

IP NAT for Web Server---Cisco 3640

Hi,

yes you should try it from an outside address because hairpinning is not available on this type of router, the only way to access it from outside would be using DNS doctoring by using a fqdn and having the record on an external DNS server.

Regards.

Alain

Don't forget to rate helpful posts.
New Member

IP NAT for Web Server---Cisco 3640

could you explain how to FQDN?

Purple

IP NAT for Web Server---Cisco 3640

Hi,

FQDN= full dns name so just have a A record on an external DNS server and in your browser type the DNS name instead of the IP and the router will rewrite the DNS reply to the private IP of your server.

Regards.

Alain.

Don't forget to rate helpful posts.
New Member

IP NAT for Web Server---Cisco 3640

I think I have that done already.  Like I said I use www.godaddy.com for the web host.  I went in and modified the A record to:  @ (wan ip address).  So all I should have to do now, is type the www.jkkcc.com address in the web page and it should take me to my server.  But when I do that, I get the router instead (the SDM login page).  I applies the NAT policy you provided a minute ago and still get the same thing.

New Member

IP NAT for Web Server---Cisco 3640

if this help, here is the show run again:

User Access Verification

Username: woodjl1650

Password:

3640-Internet#show run

Building configuration...

Current configuration : 1691 bytes

!

version 12.4

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname 3640-Internet

!

boot-start-marker

boot system flash:1

boot system flash c3640-ik9o3s-mz.124-7h.bin

boot-end-marker

!

!

no aaa new-model

memory-size iomem 25

!

!

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.2.1 192.168.2.150

!

ip dhcp pool 192.168.2.0/24

   network 192.168.2.0 255.255.255.0

   default-router 192.168.2.1

   dns-server 8.8.8.8 8.8.4.4

!

!

!

!

!

!

!

!

!

!

!

!

username woodjl1650 privilege 15 password 0 henry999

!

!

!

!

interface FastEthernet0/0

ip address dhcp

ip nat outside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

!

interface Serial0/0

no ip address

shutdown

clock rate 2000000

!

interface FastEthernet0/1

ip address 192.168.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip route-cache flow

duplex auto

speed auto

!

interface Serial0/1

no ip address

shutdown

clock rate 2000000

!

interface Ethernet3/0

no ip address

shutdown

half-duplex

!

interface Ethernet3/1

no ip address

shutdown

half-duplex

!

ip http server

ip http authentication local

!

ip forward-protocol nd

!

ip nat inside source list 15 interface FastEthernet0/0 overload

ip nat inside source static tcp 192.168.2.128 80 interface FastEthernet0/0 80

!

access-list 15 permit 192.169.2.0 0.0.0.255

snmp-server community public RO

snmp-server community private RW

snmp-server enable traps tty

!

control-plane

!

!

dial-peer cor custom

!

!

!

!

gatekeeper

shutdown

!

!

line con 0

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet

!

!

end

3640-Internet#

Purple

IP NAT for Web Server---Cisco 3640

Hi,

if you could only keep it one thread this would be great. So maybe your IOS version doesn't support dns doctoring?

Regards.

Alain.

Don't forget to rate helpful posts.
New Member

IP NAT for Web Server---Cisco 3640

Hello,

Help needed on my post. Thank you.

New Member

IP NAT for Web Server---Cisco 3640

Hello,

How are you? I am in big trouble I am unable to configure 1 web server which is inside my organization. Can you please send your router running configuration. I need to configure it is very urgent please. Thank you.

Also Have a look at the links. Let me know Is there anything that is wrong with my configuration. Thank you.

https://supportforums.cisco.com/thread/2231684

https://learningnetwork.cisco.com/message/320091#320091

However, I can access web server Inside the organization but not from outside. Thank you.

896
Views
0
Helpful
10
Replies
CreatePlease login to create content