Announcement

Collapse
No announcement yet.

Req. help accessing internal server via external URL - Cisso 877 IOS 12.4

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Req. help accessing internal server via external URL - Cisso 877 IOS 12.4

    Hi all,

    I'm looking for some assistance with a new Cisco 877. I'm very very new to Cisco, but I've set this up via CLI and not SDM.

    My external IP is 78.32.x.x and my internal webserver IP is 192.168.1.50. I can access the internet webserver (80, 443) from outside the network, and I can ping the router's external address from inside the LAN. I only have a single public IP so I'm using NAT.

    I cannot seem to access the internal webserver using the external URL (www.mountainaid.org.uk).

    I have this NAT rule:

    ip nat inside source static tcp 192.168.1.50 80 interface Dialer0 80


    I've done some googling and some sites mention usign the extendable keyword; however that doesn't seem to be valid on this IOS.

    Can anyone assist? The full, santised config is below.

    Many thanks,


    Jim


    Code:
     
    !
    ! Last configuration change at 11:27:19 GMT Fri Jul 24 2009 by root
    ! NVRAM config last updated at 10:31:17 GMT Fri Jul 24 2009 by root
    !
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname MyCisco
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 52000
    !
    aaa new-model
    !
    !
    aaa authentication login default local
    !
    !
    aaa session-id common
    clock timezone GMT 0
    clock summer-time GMT recurring
    !
    !
    dot11 syslog
    ip cef
    !
    !
    no ip dhcp use vrf connected
    ip dhcp excluded-address 192.168.1.1 192.168.1.150
    ip dhcp excluded-address 192.168.1.201 192.168.1.254
    !
    ip dhcp pool CLIENTS
       import all
       network 192.168.1.0 255.255.255.0
       dns-server 192.168.1.1 
       default-router 192.168.1.1 
       lease 0 12
    !
    ip dhcp pool JimDesktop
       host 192.168.1.201 255.255.255.0
       client-identifier 0100.18f3.3d51.62
       dns-server 192.168.1.1 
       default-router 192.168.1.1 
       lease 0 12
    !
    !
    ip domain name XXXX.co.uk
    ip name-server 195.74.113.58
    ip name-server 195.74.113.59
    !
    multilink bundle-name authenticated
    !
    !
    username root privilege 15 password 0 XXXXX
    ! 
    !
    archive
     log config
      hidekeys
    !
    !
    ip ssh version 2
    !
    !
    !
    interface ATM0
     description ADSL Connection
     no ip address
     no atm ilmi-keepalive
     pvc 0 0/38 
      encapsulation aal5mux ppp dialer
      dialer pool-member 1
     !
     dsl operating-mode auto 
    !
    interface FastEthernet0
    !
    interface FastEthernet1
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    !
    interface Vlan1
     description An Teallach LAN
     ip address 192.168.1.1 255.255.255.0
     ip nat inside
     ip virtual-reassembly
     ip tcp adjust-mss 1452
    !
    interface Dialer0
     ip address negotiated
     ip nat outside
     ip virtual-reassembly
     encapsulation ppp
     ip tcp header-compression iphc-format
     ip tcp adjust-mss 1452
     dialer pool 1
     dialer-group 1
     no cdp enable
     ppp authentication pap chap callin
     ppp chap hostname [email protected]
     ppp chap password 0 XXXXX
     ppp ipcp dns request
     ip rtp header-compression iphc-format
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 Dialer0
    !
    !
    no ip http server
    no ip http secure-server
    ip dns server
    no ip nat service sip udp port 5060
    ip nat inside source static tcp 192.168.1.50 25 interface Dialer0 25
    ip nat inside source static tcp 192.168.1.50 80 interface Dialer0 80
    ip nat inside source static tcp 192.168.1.50 443 interface Dialer0 443
    ip nat inside source static tcp 192.168.1.50 995 interface Dialer0 995
    ip nat inside source list 102 interface Dialer0 overload
    !
    ip access-list standard SNMP-ALLOWED
     permit 192.168.1.50
     deny   any
    !
    access-list 102 permit ip 192.168.1.0 0.0.0.255 any
    dialer-list 1 protocol ip permit
    snmp-server community XXXXXXX RW SNMP-ALLOWED
    !
    !
    !
    !
    control-plane
    !
    !
    line con 0
     exec-timeout 0 0
     password password
     no modem enable
     transport output all
    line aux 0
     transport output all
    line vty 0 4
     privilege level 15
     password SSH123
     transport input ssh
     transport output all
    !
    scheduler max-task-time 5000
    scheduler allocate 20000 1000
    ntp clock-period 17175050
    ntp source Dialer0
    ntp server 195.74.96.12
    end
    Code:
    #sh ver
    Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(15)T7, RELEASE SOFTWARE (fc3)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2008 by Cisco Systems, Inc.
    Compiled Thu 14-Aug-08 07:43 by prod_rel_team
    ROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARE
    MyCisco uptime is 3 hours, 57 minutes
    System returned to ROM by power-on
    System restarted at 07:44:26 GMT Fri Jul 24 2009
    System image file is "flash:c870-advipservicesk9-mz.124-15.T7.bin"
    Last edited by jimwillsher; 24th July 2009, 11:50. Reason: Typo in title (should be Cisco)

  • #2
    Re: Req. help accessing internal server via external URL - Cisco 877 IOS 12.4

    So let me get this straight. You want to access www.mountainaid.org.uk using the external url from behind the Cisco?
    If so, you need to setup what called "split-dns".
    CCNA, Network+

    Comment


    • #3
      Re: Req. help accessing internal server via external URL - Cisso 877 IOS 12.4

      Hi Daze,

      Many thanks for taking the time to reply.

      Yes that's exactly what I'm looking to achieve. I do some web developing and we've got 3 or 4 PCs here, and it would be a pain to keep adding HOSTS entires to each PC whenever we add a new web domain.

      Now the ossue with split DNS, as I see it, is that I don't have a local DNS server. I'm using the Cisco as a DNS server, with it forwarding requests to my ISP.

      I'm very new to Cisco, having come from a Netgear world, and my Netgear DGFV338 and SRXN3205 both seemed to do this by default, no configuration was needed. So I'm hoping that split dns (or I've read that "inside to inside NAT" achieves the same) is easy-ish to set up.

      Can you advise or assist at all? I've tried to understand this : http://www.cisco.com/en/US/docs/ios/.../htspldns.html (yesterday, as I wondered if split DNS was my answer) but I've got a bit lost...



      Jim

      Comment


      • #4
        Re: Req. help accessing internal server via external URL - Cisso 877 IOS 12.4

        If you're only needing to access the web servers internally for development why not just access them via their internal ip addresses? This would be a lot simpler than setting up split-DNS.

        Comment


        • #5
          Re: Req. help accessing internal server via external URL - Cisso 877 IOS 12.4

          Hi,

          Unfortunately everything is on the same webserver, so sites are served via host headers.

          HOWEVER.....I seem to have just cracked it!

          I've just managed to set up Split DNS and it's working correctly. External hosts see the websites, and internal hosts resolve to the 192.168 address. So many thanks for the pointers on that!

          For the benefit of anyone in the future, via google, these are the useful bits of my config.

          Code:
          ip host view OverriddenDNS www.firstlocalhost.co.uk 192.168.1.50
          ip host view OverriddenDNS www.secondlocalhost.co.uk 192.168.1.50
          ip host view OverriddenDNS www.thirdlocalhost.co.uk 192.168.1.50
          ip name-server ISP.DNS.IP.ADDRESS
          
           
          interface Vlan1
             ip dns view-group OverriddenDNSViewList
          
          ip dns view OverriddenDNS
             dns forwarder 195.74.113.62
          ip dns view-list OverriddenDNSViewList
             view OverriddenDNS 10
             view default 20
          ip dns server

          Now, if I could just avoid having the hardcoded DNS entries (the 195.74. lines), and forward all entries the the external DNS server automatically.....

          Comment

          Working...
          X