1. Home
  2. Cisco Systems
  3. Cisco 837 NAT not working, what am I doing wrong?

Cisco 837 NAT not working, what am I doing wrong?

Hi,

I have been trying to get my 837 onto the Internet and opening a few ports so that the webserver can be reached from the outside world, but for some reason no traffic will pass the NAT...

I can get onto the Internet fine, but no machine can reach the webserver on the inside...

Can someone please take a look at my config and tell me what goes wrong here?

Thanks,

Arnoud

PS: I know, it will need some more tuning and closing down, but I want to get it running first...

version 12.3 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname cisco837 ! enable password XXXXXXXX ! username XXXXXXXX privilege 15 secret 5 XXXXXXXX username XXXXXXXX privilege 15 password 0 XXXXXXXX clock timezone Eindhvn 1 no aaa new-model ip subnet-zero ! no ip domain lookup ip ips po max-events 100 no ftp-server write-enable ! bridge irb ! interface Ethernet0 ip address 10.210.6.249 255.255.255.0 ip nat inside ip virtual-reassembly no ip route-cache no keepalive hold-queue 100 out ! interface ATM0 no ip address no ip route-cache no atm ilmi-keepalive dsl operating-mode auto pvc 0 8/48 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface FastEthernet1 no ip address duplex auto speed auto ! interface FastEthernet2 no ip address duplex auto speed auto ! interface FastEthernet3 no ip address duplex auto speed auto ! interface FastEthernet4 no ip address duplex auto speed auto ! interface Dialer0 ip address negotiated ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication pap callin ppp pap sent-username XXXXXXXX password 0 XXXXXXXX ! ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 permanent ip route 212.206.95.0 255.255.255.0 10.210.6.254 ! ip http server ip http secure-server ! ip nat inside source list 101 interface Dialer0 overload ip nat inside source static tcp 10.210.6.1 22 [ext-ip] 22 extendable no-alias ip nat inside source static tcp 10.210.6.1 80 [ext-ip] 80 extendable no-alias ! access-list 101 permit ip any any dialer-list 1 protocol ip permit ! ! control-plane ! ! line con 0 exec-timeout 120 0 no modem enable transport preferred all transport output all stopbits 1 line aux 0 transport preferred all transport output all line vty 0 4 exec-timeout 120 0 login local transport preferred all transport input telnet ssh transport output none ! scheduler max-task-time 5000 sntp server 17.254.0.28 end

Reply to
Arnoud Helmantel
Loading thread data ...

Could the "ip http server" command be causing this issue? ie is the router attempting to intercept the incoming http request?

Regards, Steve

formatting link

Reply to
www.networking-forum.com

Ah, no, I already turned that off, but I tried it with a lot of different inbound ports as well; same problem...

Arnoud

Reply to
Arnoud Helmantel

I do not too much about Dialer interfaces but it looks OK, and also the NAT. I wonder if your ISP knows the public IP that you are assigning staticaly to the webserver with the NAT:

ip nat inside source static tcp 10.210.6.1 22 [ext-ip] 22 extendable no-alias ip nat inside source static tcp 10.210.6.1 80 [ext-ip] 80 extendable no-alias

What I mean, it is if your ISP have a route to the ext-ip to your router.

-as

Reply to
arturo.servin

What do you think about using the Web set-up interface (CRWS)? What you want to do could be sorted out in a couple of minutes using CRWS! Or is that 'cheating'?!

Regards SW

Reply to
S W

Hah, good idea, but... There is no way I have found that it will run in a browser under Mac OS X... It might work with Windows, but alas...

Arnoud

Reply to
Arnoud Helmantel

I checked, and yes, the IP I set is correct. It is the IP assigned to me by my ISP, and it is static.

Arnoud

Reply to
Arnoud Helmantel

Ahh! So its not really much use to you then. I was interested in your problem, because I have the opposite problem. I need to do stuff on the 837 that I can't do using the CRWS (set up an Access control list and also set a static route). And I don't know how to do this using CLI. I don't think Cisco make it easy to learn the CLI. I've looked on their web site, registered, but still I can't find a basic how-to list or a reference manual of commands. If you know of one, please let me know!

Regards SW

Reply to
S W

I picked up a copy of "Cisco IOS in a Nutshell" by O'Reilly, and it is quite a big help. Sadly a lot of books on Cisco equipment focus on the higher-end routers, and only casually mention topics like NAT or setting up a 'simple' ADSL router...

Setting up static routes is an easy part: (from my config)

ip route 212.206.95.0 255.255.255.0 10.210.6.254

this sets up: the network 212.206.95.xxx can be reached through router

10.210.6.254.

Yes, there is a lot of information on Cisco's site, but finding the part you need, in normal, understandable English is quite a task...

Arnoud

Reply to
Arnoud Helmantel

Try

ip nat inside source static tcp 10.210.6.1 22 interface Dialer 0 22 ext ip nat inside source static tcp 10.210.6.1 80 interface Dialer 0 80 ext

Christian

Reply to
Christian Zeng

It is a struggle to get started for sure.

Being a smart ass I tried "reference manual of commands" in the cisco search but did not get much.

formatting link
be a good place to start as a sort of canned intro.

Search for [command reference 12.3 mainline] leads to:

formatting link

12.3T (Extra features, may be needed for 837) This may be only the additional "T" features or it may be a complete guide.
formatting link
Reply to
anybody43

Ok, thanks all for thinking along with me, but... ahem... the config I posted worked just fine... oops :-)

If only I had remembered to change the router/gateway address on the machine I was trying to reach after I installed the new router :-D

That sure helped a lot...

Arnoud

Reply to
Arnoud Helmantel

formatting link
May be a good place to start as a sort of canned intro.

formatting link

formatting link

formatting link

formatting link

Thanks a lot! I don't know how I missed the first one, but that seems to be exactly what I need.

Regards SW

Reply to
S W

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.