I have a Cisco 887VA connected to our BT Business Broadband line.
We also have another modem on a seperate connection which also handles our DHCP.
The Cisco is plugged into our network switch, as is the BT modem for our other internet connection.
A select few machines in our office are going to be manually configured to use the cisco as the default gateway so all internet traffic goes through our 2nd internet connection.
We want our Cisco modem to be able to port forward to a web server on our network.
I can ping the webserver internally via the iOS on the Cisco, and can also ping 8.8.8.8 from the iOS and the cisco responds to pings from over the internet, so the connection is working fine.
However, I cannot understand how to port forward TCP 80 from our public IP address (213.123.210.162) to our webserver local address (172.16.0.202)
I have ready about changing NAT pools, NAT inside, NAT outside, IP routes – I just cant get anything to work.
I connected to the cisco using a serial cable and done the 'debug ip nat' command, and when trying to connect via the public IP, the serial console shows the originating IP address, my public IP address, and the webserver IP address, and hangs for a moment before telling me something about 'NAT expiring' or 'NAT expired'
The BT modem is on 172.16.0.1 (also our DHCP) server
The Cisco is on 172.16.0.2 (DHCP disabled)
Our webserver is on 172.16.0.202
Below is our config and I would be grateful if anyone can shed some light on this for me.
Current configuration : 2073 bytes
!
! Last configuration change at 10:50:13 UTC Tue May 20 2014
! NVRAM config last updated at 10:51:32 UTC Tue May 20 2014
! NVRAM config last updated at 10:51:32 UTC Tue May 20 2014
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service internal
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
enable password *MYPASSWORD*
!
no aaa new-model
!
memory-size iomem 10
crypto pki token default removal timeout 0
!
!
ip source-route
!
!
!
!
!
ip cef
ip inspect WAAS flush-timeout 10
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
username cisco privilege 15 password 0 *MYPASSWORD*
!
!
!
!
controller VDSL 0
modem ukfeature
!
!
!
!
!
!
!
!
interface Ethernet0
no ip address
no fair-queue
!
interface ATM0
no ip address
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Vlan1
ip address 172.16.0.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp chap hostname *MYBROADBAND@USERNAME*
ppp chap password 0 *MYBROADBANDPASSWORD*
no cdp enable
!
interface Dialer1
no ip address
shutdown
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source list 100 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 ATM0
ip route 0.0.0.0 0.0.0.0 Dialer0
!
access-list 1 permit 172.16.0.0 0.0.0.255
access-list 100 permit ip 172.16.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password *MYPASSWORD*
login
Best Answer
First of all, remove the line:
you don't need it, the default gw should point to Dialer0 only.
As for port forwading, this should work for port 80:
Basically,
172.16.0.202
is your local IP,80
is your local server port,interface Dialer0
means whatever IPDialer0
gets from ISP (I think you can also put your public IP here, but withinterface Dialer0
you guarantee that even if ISP changes your IP, NAT will work), and the final80
is the outside port.