Issues with Cisco 883 Router

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

CameronW

Thread Starter
Joined
May 24, 2011
Messages
31
Okay, so I'm CCNA certified, but that was like 5 years ago... and I really haven't touched cisco since then.

That being said, I've configured a router for a Library that I'm doing some volunteer IT work for.

In a nut shell they have a server that needs to host a public web page. So I needed to create a static route to said server (internal address 192.168.0.20) over port 80. I did this for PORT 80, 443 and 3389 (so I could remote in and configure)

I have no issue with 3389, works like a charm, but for PORT 80 I can't seem to get it to work.

I created the static route, and then an extended ACL allowing all traffic to said port.

If someone who with more current experience could take a look and point out what is probobly an obvious error, that would be helpfull.

And it's for a good cause too...

Thanks,

Here is the run config (i blanked out the outside ip for security reasons... it's obviously the correct ip in my config)

Building configuration...
Current configuration : 3730 bytes
!
! Last configuration change at 23:11:44 UTC Mon Oct 24 2011 by bdlmaster
!
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname bdlibrary
!
boot-start-marker
boot-end-marker
!
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096
logging console critical
enable secret 5 $1$8oh4$qIlyhvwtdUxgb8UY93M0O1
enable password 7 104C0D150816011F09166E7974796274
!
aaa new-model
!
!
aaa authentication login local_auth local
!
!
!
!
!
aaa session-id common
!
memory-size iomem 10
crypto pki token default removal timeout 0
!
!
ip source-route
no ip gratuitous-arps
!
!
!
!
!
ip cef
no ip bootp server
ip domain name bdlibrary.ca
ip inspect audit-trail
ip inspect udp idle-time 1800
ip inspect dns-timeout 7
ip inspect tcp idle-time 14400
ip inspect name autosec_inspect cuseeme timeout 3600
ip inspect name autosec_inspect ftp timeout 3600
ip inspect name autosec_inspect http timeout 3600
ip inspect name autosec_inspect rcmd timeout 3600
ip inspect name autosec_inspect realaudio timeout 3600
ip inspect name autosec_inspect smtp timeout 3600
ip inspect name autosec_inspect tftp timeout 30
ip inspect name autosec_inspect udp timeout 15
ip inspect name autosec_inspect tcp timeout 3600
login block-for 5 attempts 5 within 5
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO881-SEC-K9 sn FGL152828KL
!
!
username ******* password 7 094E4A05140404060E1E45787B757977
!
!
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
!
!
!
!
interface FastEthernet0
switchport access vlan 3
!
interface FastEthernet1
switchport access vlan 3
!
interface FastEthernet2
switchport access vlan 2
!
interface FastEthernet3
switchport access vlan 2
!
interface FastEthernet4
ip address dhcp
no ip proxy-arp
ip nat outside
ip inspect autosec_inspect out
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
no ip address
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
shutdown
!
interface Vlan2
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan3
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
!
!
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.0.20 80 ***.***.***.*** 80 extendable
ip nat inside source static tcp 192.168.0.20 443 ***.***.***.*** 443 extendable
ip nat inside source static tcp 192.168.0.20 3389 ***.***.***.*** 3389 extendable
ip route 0.0.0.0 0.0.0.0 FastEthernet4
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip access-list extended autosec_firewall_acl
permit udp any any eq bootpc
deny ip any any
!
logging esm config
logging trap debugging
logging facility local2
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 101 permit tcp any 192.168.0.0 0.0.0.255 eq www
access-list 101 permit tcp any 192.168.0.0 0.0.0.255 eq 3389
access-list 101 permit tcp any 192.168.0.0 0.0.0.255 eq 443
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
!
!
control-plane
!
banner motd ^CEND) This is private property. GET OUT ^C
!
line con 0
exec-timeout 5 0
login authentication local_auth
no modem enable
transport output telnet
line aux 0
exec-timeout 15 0
login authentication local_auth
transport output telnet
line vty 0 4
password 7 110B1D091A13181801386A7678626466
login authentication local_auth
transport input telnet ssh
!
end
 

TerryNet

Terry
Moderator
Joined
Mar 23, 2005
Messages
81,429
Don't know if this will be helpful at all, but I'll post it anyhow.

I had one router (think it was a Belkin) that would allow me to forward port 80, but would ignore the forwarding. If I had remote management enabled I'd get the router's login page and if remote management was disabled I'd just get a "no answer."
 

zx10guy

Trusted Advisor
Spam Fighter
Joined
Mar 30, 2008
Messages
6,665
Have you verified your target server is in fact listening on ports 80 and 443? Also, I don't see anywhere in your config that the ACL 101 is being applied to any interface.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top