04-25-2012 09:44 AM - edited 03-04-2019 04:09 PM
Hello experts,
We have a cisco 877 router. The DSL interface has two working ATM interfaces, one is connecting to the internet using a dynamic IP, the other is connecting to six branches. The router is performing NAT on the internet interface. The internal IP address of the router is 192.168.0.1. Branch subnets are 192.168.x.0 where x is 1,2,3,4,5 and 6.
We have an IP camera in each branch which should be accessed from the internet, the IP addresses of cameras are 192.168.2.5, 192.168.3.5, 192.168.4.5 ...etc and they can be accesses using their webpages on port 80.
I want to publish the port 80 of 192.168.2.5 to the internet using port 9280, and port 80 of 192.168.3.5 to the internet using port 9380...etc, so internet user will be able to access the camera using these addresses:
http://ourdomain.dyndns.org:9280
http://ourdomain.dyndns.org:9380
Here is the running configuration of the router, I have tried to configure NAT as shown below, but it didn't work. It seems that I have missed some configuration. Currently server 192.168.0.2 which is in the head office is published well using ports 3389, 1723 and 443. But I am unable to access the camera http://192.168.2.5:80 from the outside using http://ourdomain.dyndns.org:9280
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Bgibiz_Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxx
!
no aaa new-model
!
!
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool test
network 192.168.0.0 255.255.255.0
dns-server 195.226.228.72
default-router 192.168.0.1
!
!
ip name-server 195.226.228.72
ip name-server 195.226.228.74
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
--More-- description ***DATA***
ip address 172.16.1.2 255.255.255.252
pvc 8/80
encapsulation aal5snap
!
!
interface ATM0.2 point-to-point
description ***Internet***
pvc 8/35
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp chap hostname xxxxxxx
ppp chap password 0 xxxxxx
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.0.0 255.255.0.0 172.16.1.1
!
no ip http server
no ip http secure-server
ip nat inside source list 2 interface Dialer0 overload
ip nat inside source static tcp 192.168.0.2 3389 interface Dialer0 3389
ip nat inside source static tcp 192.168.0.2 1723 interface Dialer0 1723
ip nat inside source static tcp 192.168.0.2 443 interface Dialer0 443
ip nat inside source static tcp 192.168.2.5 80 interface Dialer0 9280 ## I have just added this
!
access-list 2 permit 192.168.0.0 0.0.0.255
!
!
--More-- !
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password xxxxxx
login
!
scheduler max-task-time 5000
end
Any help in configuring that?
04-25-2012 04:59 PM
Haitim,
your statement:
"ip nat inside source static tcp 192.168.2.5 80 interface Dialer0 9280 ## I have just added this"
seems correct; this translates all traffic sourcing from 192.168.2.5 hitting your router on port 80 into the Dialer0 ip address port 9280, so that is what you want.
to confirm this you can do
show ip nat translation and run debug ip nat, while hitting the dialer on port 9280
that should at least confirm that NAT is doing what it is supposed to do.
Also have you verified routing, in other words, can you ping 192.168.2.5? would the camera be routed back to the router that has provided the NAT?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide