Announcement

Collapse
No announcement yet.

port forward not working

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • port forward not working

    Hello

    Novice Cisco guy here.
    There was a similar post a while back. Mine is similar but hoping for clarification anyway.

    A while a go I setup a 851w router. Took a while but it appears ok now. The SDM was helpful.
    Here's my situation.
    Web ACT! is setup and working on an XP pc with a fixed ip address on the lan behind the router of course.
    On the lan side, Act is accessed like this

    http://192.168.3.100/apfw

    IIS on the web act pc has been setup with ssl and I was trying to port forward 443 on the router to the ip address of the pc but can't seem to get it working.
    I entered the following in the running config.

    ip nat inside source static tcp 192.168.3.100 443 interface Dialer0 443

    and

    access-list 109 permit tcp any any eq 443

    It doesn't work when I try to access web act like this

    https://external address/apfw

    Anyone else done this.? This is the only way I know how this works. We can get to it via vpn but we want to access it from anywhere without vpn client.

    Is it something in my running config? I thought the "access-list 109" entry does the port opening part on the firewall? If I port scan the external address, I DO see that port 443 is open.

    Running config is included as an attachment. Too long to paste here
    Thanks for any help.
    Attached Files

  • #2
    Re: port forward not working

    HI tdqh,

    I know you said that you can access the server via HTTP on the inside but can you access the server via HTTPS (443) on the inside? I want to make sure that works before going through a bunch of troubleshooting trying to get it to work from the Internet.

    I can tell that SDM has created you a huge & horrible IOS configuration file - what a mess - that isn't your fault though. It just makes it more difficult to troubleshoot. If it was my router, I would wipe the config and start over before trying to troubleshooting the SDM generated config. But that's just me.

    Anyway, here are somethings to try when no one else is using this internet connection. Also - only do them if you have console access to the router.

    1. remove this
    ip inspect SDM_LOW out
    & retest
    2. remove the other 2 NAT statements
    ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
    ip nat inside source route-map SDM_RMAP_2 interface Dialer0 overload
    & retest. If not, put back

    I am pretty sure it has to do with one of these 2 things - either an ACL or inspect or NAT.

    Let us know how it goes.

    Thanks!
    David Davis - Petri Forums Moderator & Video Training Author
    Train Signal - The Global Leader in IT Video Training
    TrainSignalTraining.com - Free IT Training Products
    Personal Websites: HappyRouter.com & VMwareVideos.com

    Comment


    • #3
      Re: port forward not working

      Thanks David;

      Yes its a mess alright. I wish I could start over but I can't really. It ain't mine. See what happens when you let a pc guy loose on a router?


      I will see if i can try those suggestions next time I'm there.


      Ok stupid question time. Sorry its been a while since I've worked on this problem or the IOS.

      1.what exactly are the sdm_low and sdm_rmap statement for? I know to do with sdm (duh)

      2. For editing the running-config... for deleting ...Is it as simple as going into config terminal, then typing "no", then the statement to be deleted?
      Too bad it can't be edited directly ..can it?

      3. And to add something, when I type it in, where and how is it placed in the config file.? How does it know where to place...itself?

      (please go easy on me guys... its not an enterprise environment here. If it were , I certainly wouldn't be this casual about it.)

      Thanks!

      Comment


      • #4
        Re: port forward not working

        Hi there,

        No problem.

        1.what exactly are the sdm_low and sdm_rmap statement for? I know to do with sdm (duh)
        The SDM_LOW goes with the stateful firewall that is configured. Thus, the ACL that you are working with isn't the only thing filtering traffic on this router. The SDM-RMAP is used to define what traffic will have network address translation (also could be related to your issue)
        2. For editing the running-config... for deleting ...Is it as simple as going into config terminal, then typing "no", then the statement to be deleted?
        Too bad it can't be edited directly ..can it?

        Yes, to delete you do a "no" in front of the exact line you want to delete. I usually type NO, then go and copy what I want to delete, then paste it after the no, then press enter. I would have the whole config file in a text file (like you do) before makeing changes so that you can put things back if they don't work.

        3. And to add something, when I type it in, where and how is it placed in the config file.? How does it know where to place...itself?When you enter things in the config, you just need to make sure you are in the right mode. Many command go in the global config mode (you get there by typing config t). The only thing in your config were you need to go into a different mode is to add or remove something on the dialer interface. To do that you would have to type "int dialer 0" from global config mode.
        David Davis - Petri Forums Moderator & Video Training Author
        Train Signal - The Global Leader in IT Video Training
        TrainSignalTraining.com - Free IT Training Products
        Personal Websites: HappyRouter.com & VMwareVideos.com

        Comment

        Working...
        X