I also posted this in r/cisco, but haven't had any luck yet.
This is just a home lab. I'm trying to allow traffic hitting my WAN IP on port 80 and 443 to be forwarded to my LAN server @ 10.0.1.5. Internally on the LAN hitting the server via LAN ip works without issue. I thought I may have a config issue on the server itself - but I've run tcpdump and verified it's not receiving any traffic from WAN.
Output of show ip nat trans:
router01#show ip nat translations Pro Inside global Inside local Outside local Outside global tcp my.wan.ip.addr:80 10.0.1.5:80 --- --- tcp my.wan.ip.addr:443 10.0.1.5:443 --- --- udp my.wan.ip.addr:37236 10.0.1.5:37236 8.8.4.4:53 8.8.4.4:53 ... and this goes on for a while .. etc..
Relevant bits from the running config:
interface GigabitEthernet0/0 description WAN ip address dhcp ip nat outside ip virtual-reassembly in duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/1 description LAN no ip address ip nat inside ip virtual-reassembly in duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/1.1 description MGMT encapsulation dot1Q 1 native ip address 10.0.1.1 255.255.255.0 ip nat inside ip virtual-reassembly in ! ip nat inside source list autoNAT interface GigabitEthernet0/0 overload ip nat inside source static tcp 10.0.1.5 80 interface GigabitEthernet0/0 80 ip nat inside source static tcp 10.0.1.5 443 interface GigabitEthernet0/0 443 ! ip access-list standard autoNAT permit 10.0.1.0 0.0.0.255 permit 10.0.10.0 0.0.0.255 permit 10.0.20.0 0.0.0.255 permit 10.0.30.0 0.0.0.255 permit 10.0.40.0 0.0.0.255 !
Here is a sanitized copy of my full running config:
router01#show run Building configuration... Current configuration : 3615 bytes ! ! Last configuration change at 07:30:54 CDT Wed Jul 25 2018 by [user] ! NVRAM config last updated at 00:50:26 CDT Sun Jul 22 2018 by [user] ! NVRAM config last updated at 00:50:26 CDT Sun Jul 22 2018 by [user] version 15.1 service timestamps debug datetime msec service timestamps log datetime show-timezone year no service password-encryption ! hostname router01 ! boot-start-marker boot-end-marker ! ! ! card type command needed for slot/vwic-slot 0/0 enable password [enpass] ! no aaa new-model clock timezone CST -6 0 clock summer-time CDT recurring clock calendar-valid ! dot11 syslog ip source-route ! ip cef ! ! ip dhcp excluded-address 10.0.1.1 10.0.1.99 ip dhcp excluded-address 10.0.10.1 10.0.10.99 ip dhcp excluded-address 10.0.20.1 10.0.20.99 ip dhcp excluded-address 10.0.30.1 10.0.30.99 ip dhcp excluded-address 10.0.40.1 10.0.40.99 ! ip dhcp pool MGMT network 10.0.1.0 255.255.255.0 default-router 10.0.1.1 dns-server 10.0.1.5 8.8.8.8 domain-name [domain.local] ! ip dhcp pool WORK network 10.0.10.0 255.255.255.0 default-router 10.0.10.1 dns-server 10.0.1.5 8.8.8.8 ! ip dhcp pool HOME network 10.0.20.0 255.255.255.0 default-router 10.0.20.1 dns-server 10.0.1.5 8.8.8.8 domain-name [domain.local] ! ip dhcp pool DMZ network 10.0.30.0 255.255.255.0 default-router 10.0.30.1 dns-server 10.0.1.5 8.8.8.8 domain-name [domain.local] ! ip dhcp pool WLAN network 10.0.40.0 255.255.255.0 default-router 10.0.40.1 dns-server 10.0.1.5 8.8.8.8 ! ! ip domain name [domain.local] ip name-server 10.0.1.5 ip name-server 8.8.8.8 ip name-server 8.8.4.4 ip name-server 208.67.222.222 multilink bundle-name authenticated ! crypto pki token default removal timeout 0 ! ! ! ! username [user] privilege 15 password 0 [userpass] ! ! ip ssh version 2 ! ! ! ! interface GigabitEthernet0/0 description WAN ip address dhcp ip nat outside ip virtual-reassembly in duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/1 description LAN no ip address ip nat inside ip virtual-reassembly in duplex auto speed auto media-type rj45 ! interface GigabitEthernet0/1.1 description MGMT encapsulation dot1Q 1 native ip address 10.0.1.1 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface GigabitEthernet0/1.10 description WORK encapsulation dot1Q 10 ip address 10.0.10.1 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface GigabitEthernet0/1.20 description HOME encapsulation dot1Q 20 ip address 10.0.20.1 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface GigabitEthernet0/1.30 description DMZ encapsulation dot1Q 30 ip address 10.0.30.1 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface GigabitEthernet0/1.40 description WLAN encapsulation dot1Q 40 ip address 10.0.40.1 255.255.255.0 ip nat inside ip virtual-reassembly in ! ip forward-protocol nd ! ! no ip http server no ip http secure-server ip nat inside source list autoNAT interface GigabitEthernet0/0 overload ip nat inside source static tcp 10.0.1.5 80 interface GigabitEthernet0/0 80 ip nat inside source static tcp 10.0.1.5 443 interface GigabitEthernet0/0 443 ! ip access-list standard autoNAT permit 10.0.1.0 0.0.0.255 permit 10.0.10.0 0.0.0.255 permit 10.0.20.0 0.0.0.255 permit 10.0.30.0 0.0.0.255 permit 10.0.40.0 0.0.0.255 ! logging 10.0.1.6 ! ! control-plane ! ! ! line con 0 line aux 0 line vty 0 4 login local transport input ssh ! scheduler allocate 20000 1000 ntp master ntp server 216.239.35.0 source GigabitEthernet0/0 ntp server pool.ntp.org end
No comments:
Post a Comment