WWW traffic pass through

[SF18C]

Here is the situation:

I have a DSL connection that uses PPPoE and a dynamic IP that changes every 24 hours. I have a Dynamic DNS entry with MyDynDNS.com that updates my entry every day (IP to URL), so no real problem getting to our URL address. I have a 806 SOHO router connected to the DSL modem and use NAT on the 806. The 806 has to interfaces E0 and E1. E0 is the WAN connection and E1 is the LAN side interface. I have a Win2k Server with IIS5.0 running on IP 10.10.10.100. When ever we use the URL address instead of pulling up our web page we get the web page for the router.

What do I need to do in order to redirect income web requests to the inside address of 10.10.10.100? I tried using an ACL of:
Access-list 101 permit tcp 0.0.0.0 255.255.255.255 10.10.10.100 0.0.0.0 eq 80
IP Access-group 101 in on E0
but that stopped my connection to the internet totally.

What am I doing wrong or what do I need to do get access to our web server from the outside?

 

[SF18C]

Oh yeah here is the current config:

Current configuration : 1778 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Cisco806
!
enable secret 5 **************
!
username ****** password *********
ip subnet-zero
ip name-server 10.10.10.100
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.1 10.10.10.9
!
ip dhcp pool CLIENT
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 10.10.10.100

!
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
!
!
!
interface Ethernet0
description LAN Side
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip tcp adjust-mss 1452
no cdp enable
hold-queue 32 in
hold-queue 100 out
!
interface Ethernet1
no ip address
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname ********
ppp chap password ********
ppp pap sent-username ***** password *******
!
router rip
!
ip nat inside source list 102 interface Dialer1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
ip http server
!
logging source-interface Ethernet0
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 120 0
stopbits 1
line vty 0 4
exec-timeout 0 0
login local
length 0
!
scheduler max-task-time 5000
end

 

[SF18C]

I have been pouring over previous posts and taking any and all advice. i've made a few changes but still not working. I think it may have to do with NAT and Outside addresses, but I'm NOT sure what to do about it.

UPDATED CONFIG

Current configuration : 1649 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname C806
!
enable secret 5
!
username C806 password 7
ip subnet-zero
ip domain-name aden.com
ip name-server 10.10.10.100
ip dhcp excluded-address 10.10.10.100
!
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
!
!
!
interface Ethernet0
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip tcp adjust-mss 1452
no cdp enable
hold-queue 32 in
hold-queue 100 out
!
interface Ethernet1
no ip address
ip nat outside
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname XXXX
ppp chap password XXXX
ppp pap sent-username XXXX password XXXX
!
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static tcp 10.10.10.100 80 interface Dialer1 80
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
!
logging history errors
logging source-interface Dialer1
logging 10.10.10.100
logging 10.10.10.5
access-list 1 permit any
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 120 0
stopbits 1
line vty 0 4
exec-timeout 0 0
login local
length 0
!
scheduler max-task-time 5000
end

 

[Niall22]

I had the same issue so I disabled the http server in my config and that solved it. I can see in your updated config that you have done the same and that should work.
If the http server is disabled you should not be getting the router web page. Niall

 

[SF18C]

Well I thought that would fix it too but now I just get a Page unavailable error.
I still think it may be a NAT issue:
C806#sh ip nat translations

Pro Inside global Inside local Outside local Outside global
tcp 80.132.140.147:80 10.10.10.100:80 --- ---
tcp 80.132.140.147:2270 10.10.10.5:2270 198.133.219.25:80 198.133.219.25:80
tcp 80.132.140.147:2271 10.10.10.5:2271 198.133.219.25:80 198.133.219.25:80
tcp 80.132.140.147:2273 10.10.10.5:2273 198.133.219.25:80 198.133.219.25:80
tcp 80.132.140.147:2275 10.10.10.5:2275 198.133.219.25:80 198.133.219.25:80
tcp 80.132.140.147:2276 10.10.10.5:2276 198.133.219.25:80 198.133.219.25:80

Any ideas?

 

[SF18C]

Fixed it with:
ip nat inside source static 10.10.10.100 interface Dialer1

instead of:
ip nat inside source static tcp 10.10.10.100 80 interface Dialer1 80

now I just have to see what security issues this will bring up!!!

 

[KevinMcKloud]

What if you try:
ip nat inside source static tcp 10.10.10.100 80 interface Dialer1 80 established

Instead of these 2 lines:
ip nat inside source list 102 interface Dialer1 overload
ip nat inside source static tcp 10.10.10.100 80 interface Dialer1 80

without "established" only 1 connection will be permited on that port... established is like 'overload'

Kev, Cisco TAC

 

[KevinMcKloud]

ops, I mean EXTENDED ... instead of "established":

ip nat inside source static tcp 10.10.10.100 80 interface Dialer1 80 extended