Question

Locked

Port Fowarding Cisco 1841

By mhaun ·
Hey I have a Cisco 1841 with a wan interface, a lan interface with real IP's. I need to configure nat on the lan int. I configured it i can ping the address's but cant SSH to the devices behind the router. Any ideas? here is my config:

Current configuration : 6046 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname WWOCDIA0019
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 warnings
logging console critical
enable password 7 120A1116000919072138
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
aaa session-id common
clock timezone CST -6
dot11 syslog
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address x.x.x.x225
ip dhcp excluded-address x.x.x.x233 x.x.x.x238
!
ip dhcp pool sdm-pool
import all
network x.x.x.x224 255.255.255.240
default-router x.x.x.x225
dns-server x.x.x.x x.x.x.x
!
!
no ip bootp server
no ip domain lookup
ip domain name
ip name-server x.x.x.x
ip name-server x.x.x.x
!
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-20259644
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-20259644
revocation-check none
rsakeypair TP-self-signed-20259644
!
!
crypto pki certificate chain TP-self-signed-20259644
certificate self-signed 02
3082024B 308201B4 A0030201 02020102 300D0609 2A864886 F70D0101 04050030
2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32303235 39363434 301E170D 30393035 32313139 31303335
5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D323032 35393634
3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 81009809
20BC5B2C 47CD7E22 80D8D492 77C2D1C0 B74F77CB 300942B4 E1DD8FC2 23A65C1C
33959206 EBE59EEF F7BB896E 064C389D 6445E6BC 75C8CEF4 D5167F97 2481813C
0A500F70 FC809EFF 6D66BDF0 2097E1A2 0228B5A5 9499FDF5 36F10B79 A1A9EF63
CDB42DC9 DE111347 0BA13312 30BBF858 F2808452 49BD10C0 BF9E8CD0 F2110203
010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603 551D1104
1B301982 1757574F 43444941 30303139 2E57574F 43444941 30303139 301F0603
551D2304 18301680 143A6EC6 33C5B4F1 97FD7C91 6E4130D5 EF1057F2 DF301D06
03551D0E 04160414 3A6EC633 C5B4F197 FD7C916E 4130D5EF 1057F2DF 300D0609
2A864886 F70D0101 04050003 81810015 BD1668BB 23E6F33E AA5DBE59 92A6E522
58F62C49 F70EC000 2637503F F315845D E947FB0B BBFA7EC7 5C58FB05 224DADFA
A70AA020 3A967B1B 6857F1D1 D0530F1B C1D42FC2 C71D7275 C3CB1993 F74D4350
77AFD581 E9C3DEB6 EC3615BA 2378C277 9FB4A498 1CEA49AF 88D2E7ED DECCDFC7
A8762EF3 10B6DFD4 CE532A9E F9F9AA
quit
!
!

archive
log config
hidekeys
!
!
!
!
ip tcp synwait-time 10
!
!
!
interface FastEthernet0/0
description LAN interface
ip address x.x.x.x225 255.255.255.240
ip nat outside
ip virtual-reassembly
ip route-cache flow
speed auto
full-duplex
!
interface FastEthernet0/1
description $ES_LAN$
no ip address
ip nat inside
ip virtual-reassembly
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
description WAN interface 90.dhdu.278288..ob
ip address x.x.x.x 255.255.255.252
encapsulation ppp
ip route-cache flow
service-module t1 timeslots 1-24
!
no ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 x.x.x.x
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Serial0/0/0 overload
ip nat inside source list PAT interface FastEthernet0/0 overload
ip nat inside source static tcp y.y.y.16 22 x.x.x.x226 22 extendable
ip nat inside source static udp y.y.y.16 22 x.x.x.x226 22 extendable
ip nat inside source static tcp y.y.y.16 80 x.x.x.x226 80 extendable
ip nat inside source static udp y.y.y.16 80 x.x.x.x226 80 extendable
ip nat inside source static tcp y.y.y.17 22 x.x.x.x227 22 extendable
ip nat inside source static udp y.y.y.17 22 x.x.x.x227 22 extendable
ip nat inside source static tcp y.y.y.17 80 x.x.x.x227 80 extendable
ip nat inside source static udp y.y.y.17 80 x.x.x.x227 80 extendable
ip nat inside source static tcp y.y.y.18 22 x.x.x.x228 22 extendable
ip nat inside source static udp y.y.y.18 22 x.x.x.x228 22 extendable
ip nat inside source static tcp y.y.y.18 80 x.x.x.x228 80 extendable
ip nat inside source static udp y.y.y.18 80 x.x.x.x228 80 extendable
ip nat inside source static tcp y.y.y.19 22 x.x.x.x229 22 extendable
ip nat inside source static udp y.y.y.19 22 x.x.x.x229 22 extendable
ip nat inside source static tcp y.y.y.19 80 x.x.x.x229 80 extendable
ip nat inside source static udp y.y.y.19 80 x.x.x.x229 80 extendable
ip nat inside source static tcp y.y.y.20 22 x.x.x.x230 22 extendable
ip nat inside source static udp y.y.y.20 22 x.x.x.x230 22 extendable
ip nat inside source static tcp y.y.y.20 80 x.x.x.x230 80 extendable
ip nat inside source static udp y.y.y.20 80 x.x.x.x230 80 extendable
!
ip access-list extended PAT
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.0.255.255
deny ip any 192.168.0.0 0.0.255.255
permit ip any any
!
logging trap debugging
access-list 1 permit x.x.x.x224 x.x.x.7
access-list 100 permit ip any any
access-list 100 permit icmp any host x.x.x.x.98 echo-reply
access-list 100 permit icmp any host x.x.x.x.98 time-exceeded
access-list 100 permit icmp any host x.x.x.x.98 unreachable
access-list 101 permit icmp any host x.x.x.x225 unreachable
snmp-server community ww1_net RO
no cdp run
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
end

in other words the devices that are natd need to have SSH connectivity. They do if your connected internally but not externally

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Share your knowledge
Back to Networks Forum
2 total posts (Page 1 of 1)  

Related Discussions

Related Forums