1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Issues with Cisco 883 Router

Discussion in 'Networking' started by CameronW, Nov 4, 2011.

Thread Status:
Not open for further replies.
  1. CameronW

    CameronW Thread Starter

    Joined:
    May 24, 2011
    Messages:
    31
    Okay, so I'm CCNA certified, but that was like 5 years ago... and I really haven't touched cisco since then.

    That being said, I've configured a router for a Library that I'm doing some volunteer IT work for.

    In a nut shell they have a server that needs to host a public web page. So I needed to create a static route to said server (internal address 192.168.0.20) over port 80. I did this for PORT 80, 443 and 3389 (so I could remote in and configure)

    I have no issue with 3389, works like a charm, but for PORT 80 I can't seem to get it to work.

    I created the static route, and then an extended ACL allowing all traffic to said port.

    If someone who with more current experience could take a look and point out what is probobly an obvious error, that would be helpfull.

    And it's for a good cause too...

    Thanks,

    Here is the run config (i blanked out the outside ip for security reasons... it's obviously the correct ip in my config)

    Building configuration...
    Current configuration : 3730 bytes
    !
    ! Last configuration change at 23:11:44 UTC Mon Oct 24 2011 by bdlmaster
    !
    version 15.1
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    !
    hostname bdlibrary
    !
    boot-start-marker
    boot-end-marker
    !
    !
    security authentication failure rate 10 log
    security passwords min-length 6
    logging buffered 4096
    logging console critical
    enable secret 5 $1$8oh4$qIlyhvwtdUxgb8UY93M0O1
    enable password 7 104C0D150816011F09166E7974796274
    !
    aaa new-model
    !
    !
    aaa authentication login local_auth local
    !
    !
    !
    !
    !
    aaa session-id common
    !
    memory-size iomem 10
    crypto pki token default removal timeout 0
    !
    !
    ip source-route
    no ip gratuitous-arps
    !
    !
    !
    !
    !
    ip cef
    no ip bootp server
    ip domain name bdlibrary.ca
    ip inspect audit-trail
    ip inspect udp idle-time 1800
    ip inspect dns-timeout 7
    ip inspect tcp idle-time 14400
    ip inspect name autosec_inspect cuseeme timeout 3600
    ip inspect name autosec_inspect ftp timeout 3600
    ip inspect name autosec_inspect http timeout 3600
    ip inspect name autosec_inspect rcmd timeout 3600
    ip inspect name autosec_inspect realaudio timeout 3600
    ip inspect name autosec_inspect smtp timeout 3600
    ip inspect name autosec_inspect tftp timeout 30
    ip inspect name autosec_inspect udp timeout 15
    ip inspect name autosec_inspect tcp timeout 3600
    login block-for 5 attempts 5 within 5
    no ipv6 cef
    !
    !
    multilink bundle-name authenticated
    license udi pid CISCO881-SEC-K9 sn FGL152828KL
    !
    !
    username ******* password 7 094E4A05140404060E1E45787B757977
    !
    !
    !
    !
    ip ssh time-out 60
    ip ssh authentication-retries 2
    !
    !
    !
    !
    !
    !
    !
    interface FastEthernet0
    switchport access vlan 3
    !
    interface FastEthernet1
    switchport access vlan 3
    !
    interface FastEthernet2
    switchport access vlan 2
    !
    interface FastEthernet3
    switchport access vlan 2
    !
    interface FastEthernet4
    ip address dhcp
    no ip proxy-arp
    ip nat outside
    ip inspect autosec_inspect out
    ip virtual-reassembly in
    duplex auto
    speed auto
    !
    interface Vlan1
    no ip address
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly in
    shutdown
    !
    interface Vlan2
    ip address 192.168.1.254 255.255.255.0
    ip nat inside
    ip virtual-reassembly in
    !
    interface Vlan3
    ip address 192.168.0.254 255.255.255.0
    ip nat inside
    ip virtual-reassembly in
    !
    ip forward-protocol nd
    no ip http server
    ip http authentication local
    no ip http secure-server
    !
    !
    ip nat inside source list 1 interface FastEthernet4 overload
    ip nat inside source static tcp 192.168.0.20 80 ***.***.***.*** 80 extendable
    ip nat inside source static tcp 192.168.0.20 443 ***.***.***.*** 443 extendable
    ip nat inside source static tcp 192.168.0.20 3389 ***.***.***.*** 3389 extendable
    ip route 0.0.0.0 0.0.0.0 FastEthernet4
    ip route 0.0.0.0 0.0.0.0 dhcp
    !
    ip access-list extended autosec_firewall_acl
    permit udp any any eq bootpc
    deny ip any any
    !
    logging esm config
    logging trap debugging
    logging facility local2
    access-list 1 permit 192.168.0.0 0.0.0.255
    access-list 1 permit 192.168.1.0 0.0.0.255
    access-list 101 permit tcp any 192.168.0.0 0.0.0.255 eq www
    access-list 101 permit tcp any 192.168.0.0 0.0.0.255 eq 3389
    access-list 101 permit tcp any 192.168.0.0 0.0.0.255 eq 443
    dialer-list 1 protocol ip permit
    no cdp run
    !
    !
    !
    !
    !
    !
    control-plane
    !
    banner motd ^CEND) This is private property. GET OUT ^C
    !
    line con 0
    exec-timeout 5 0
    login authentication local_auth
    no modem enable
    transport output telnet
    line aux 0
    exec-timeout 15 0
    login authentication local_auth
    transport output telnet
    line vty 0 4
    password 7 110B1D091A13181801386A7678626466
    login authentication local_auth
    transport input telnet ssh
    !
    end
     
  2. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    79,941
    First Name:
    Terry
    Don't know if this will be helpful at all, but I'll post it anyhow.

    I had one router (think it was a Belkin) that would allow me to forward port 80, but would ignore the forwarding. If I had remote management enabled I'd get the router's login page and if remote management was disabled I'd just get a "no answer."
     
  3. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,302
    Have you verified your target server is in fact listening on ports 80 and 443? Also, I don't see anywhere in your config that the ACL 101 is being applied to any interface.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1025453

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice