Having trouble getting to my web server 70.x.x.99 behind a Cisco 871 router.
Here is my config. The WAN is DHCP, but my IP is pretty much static. It won't change unless i change routers. So the IP is the 65.x.x.163.
I can telnet to 65.x.x.163 and it appears to be listening on port 80. I can't tell whether its some sort of internal server on the Cisco or my web server. But still can't the web server from the outside. From the LAN address its fine.
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ETH-WAN$
ip address dhcp client-id FastEthernet4
ip access-group WANinbound in
ip access-group WANoutbound out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
crypto map SDM_CMAP_1
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 70.x.x.1 255.255.255.0
ip access-group VLANin in
ip access-group VLANout out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
ip classless
ip route 168.x.x.190 255.255.255.255 FastEthernet4
ip route 168.x.x.192 255.255.255.255 FastEthernet4
ip route 168.x.x.9 255.255.255.255 FastEthernet4
ip route 168.x.x.35 255.255.255.255 FastEthernet4
!
ip http server
ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
ip nat inside source static tcp 70.x.x.99 80 65.x.x.163 80 extendable
ip nat inside source static tcp 70.x.x.123 1723 65.x.x.163 1723 extendabl
e
ip nat inside source static tcp 70.x.x.123 3389 65.x.x.163 3389 extendabl
e
!
ip access-list extended VPN1
remark SDM_ACL Category=4
permit ip host 70.x.x.123 host 168.x.x.190
permit ip host 70.x.x.123 host 168.x.x.192
permit ip host 70.x.x.123 host 168.x.x.9
permit ip host 70.x.x.123 host 168.x.x.35
ip access-list extended VLANin
remark LAN in bound ACL
remark SDM_ACL Category=1
permit tcp any any eq www
permit gre any any
permit ip any any
ip access-list extended VLANout
remark VLAN outbound
remark SDM_ACL Category=1
permit gre any any
permit ip any any
ip access-list extended WANinbound
remark SDM_ACL Category=1
permit tcp any eq 70.x.x.99 eq www
permit ip host 168.x.x.35 host 70.x.x.123
permit ip host 168.x.x.9 host 70.x.x.123
permit ip host 168.x.x.192 host 70.x.x.123
permit ip host 168.x.x.190 host 70.x.x.123
permit udp host 168.x.x.194 any eq non500-isakmp
permit udp host 168.x.x.194 any eq isakmp
permit esp host 168.x.x.194 any
permit ahp host 168.x.x.194 any
permit tcp any eq 3389 any eq 3389
permit tcp any eq 1723 any eq 1723
permit gre any any
permit tcp any eq eq www
permit ip any any
ip access-list extended WANoutbound
remark SDM_ACL Category=1
permit icmp any any
permit tcp any eq eq www
permit ip any any
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 70.x.x.0 0.0.0.255
access-list 100 remark SDM_ACL Category=2
access-list 100 deny ip host 70.x.x.123 host 168.x.x.35
access-list 100 deny ip host 70.x.x.123 host 168.x.x.9
access-list 100 deny ip host 70.x.x.123 host 168.x.x.9
access-list 100 deny ip host 70.x.x.123 host 168.x.x.192
access-list 100 deny ip host 70.x.x.123 host 168.x.x.190
access-list 100 permit ip 70.x.x.0 0.0.0.255 any
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 100
!
!
control-plane
!
Here is my config. The WAN is DHCP, but my IP is pretty much static. It won't change unless i change routers. So the IP is the 65.x.x.163.
I can telnet to 65.x.x.163 and it appears to be listening on port 80. I can't tell whether its some sort of internal server on the Cisco or my web server. But still can't the web server from the outside. From the LAN address its fine.
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ETH-WAN$
ip address dhcp client-id FastEthernet4
ip access-group WANinbound in
ip access-group WANoutbound out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
crypto map SDM_CMAP_1
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 70.x.x.1 255.255.255.0
ip access-group VLANin in
ip access-group VLANout out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
ip classless
ip route 168.x.x.190 255.255.255.255 FastEthernet4
ip route 168.x.x.192 255.255.255.255 FastEthernet4
ip route 168.x.x.9 255.255.255.255 FastEthernet4
ip route 168.x.x.35 255.255.255.255 FastEthernet4
!
ip http server
ip http secure-server
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet4 overload
ip nat inside source static tcp 70.x.x.99 80 65.x.x.163 80 extendable
ip nat inside source static tcp 70.x.x.123 1723 65.x.x.163 1723 extendabl
e
ip nat inside source static tcp 70.x.x.123 3389 65.x.x.163 3389 extendabl
e
!
ip access-list extended VPN1
remark SDM_ACL Category=4
permit ip host 70.x.x.123 host 168.x.x.190
permit ip host 70.x.x.123 host 168.x.x.192
permit ip host 70.x.x.123 host 168.x.x.9
permit ip host 70.x.x.123 host 168.x.x.35
ip access-list extended VLANin
remark LAN in bound ACL
remark SDM_ACL Category=1
permit tcp any any eq www
permit gre any any
permit ip any any
ip access-list extended VLANout
remark VLAN outbound
remark SDM_ACL Category=1
permit gre any any
permit ip any any
ip access-list extended WANinbound
remark SDM_ACL Category=1
permit tcp any eq 70.x.x.99 eq www
permit ip host 168.x.x.35 host 70.x.x.123
permit ip host 168.x.x.9 host 70.x.x.123
permit ip host 168.x.x.192 host 70.x.x.123
permit ip host 168.x.x.190 host 70.x.x.123
permit udp host 168.x.x.194 any eq non500-isakmp
permit udp host 168.x.x.194 any eq isakmp
permit esp host 168.x.x.194 any
permit ahp host 168.x.x.194 any
permit tcp any eq 3389 any eq 3389
permit tcp any eq 1723 any eq 1723
permit gre any any
permit tcp any eq eq www
permit ip any any
ip access-list extended WANoutbound
remark SDM_ACL Category=1
permit icmp any any
permit tcp any eq eq www
permit ip any any
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 70.x.x.0 0.0.0.255
access-list 100 remark SDM_ACL Category=2
access-list 100 deny ip host 70.x.x.123 host 168.x.x.35
access-list 100 deny ip host 70.x.x.123 host 168.x.x.9
access-list 100 deny ip host 70.x.x.123 host 168.x.x.9
access-list 100 deny ip host 70.x.x.123 host 168.x.x.192
access-list 100 deny ip host 70.x.x.123 host 168.x.x.190
access-list 100 permit ip 70.x.x.0 0.0.0.255 any
no cdp run
route-map SDM_RMAP_1 permit 1
match ip address 100
!
!
control-plane
!