1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

about a web service via wan

Discussion in 'Routing & Switching' started by fffrrr, Mar 23, 2010.

  1. fffrrr

    fffrrr New Member

    1
    0
    1
    This is the scenario:


    LAN

    Server
    (using IIS service)
    [/WebFileAsp] <----------------------> ( Router ) <---------> INTERNET

    private IP 10.10.10.2...................public IP 200.1.2.3


    I want to enter through port 80 using the public ip (200.1.2.3) to a page (/WebFileAsp) on a server (10.10.10.2). I've entered the next command on the router to enable the nating:

    # ip nat inside source static tcp 10.10.10.2 80 200.1.2.3 80 extendable

    but I thing is not enought. I mean, by the LAN, if I enter on the url "http://10.10.10.2/WebFileAsp" I can see and access to the service, but if I enter by out of the LAN on the url "http://200.1.2.3/WebFileAsp" I cant, I mean, the browser doesnt find the page.
    in fact, actually I can access to other web service via WAN through other public IP using the next line:

    # ip nat inside source static tcp 10.10.10.1 80 200.1.2.4 80 extendable

    like note, the firewall is disable to test this service.

    if you need guys, here come the sh runn:

    Building configuration...

    Current configuration : 6571 bytes
    !
    !
    interface FastEthernet0/0
    description *** INTERFACE A INTERNET **
    ip address 200.1.2.4 255.255.255.240
    ip nat outside
    ip virtual-reassembly
    duplex auto
    speed auto
    !
    interface FastEthernet0/1
    description TRUNK_SWITCH
    no ip address
    duplex auto
    speed auto
    !
    interface FastEthernet0/1.10
    description *** VLAN DATA USERS ***
    encapsulation dot1Q 10
    ip address 10.10.1.10 255.255.255.128
    ip nat inside
    ip virtual-reassembly
    !
    interface FastEthernet0/1.11
    description *** VLAN DATA SERVERS ***
    encapsulation dot1Q 11
    ip address 10.10.1.90 255.255.255.192
    ip nat inside
    ip virtual-reassembly
    !
    interface FastEthernet0/1.20
    description *** VLAN VOICE USERS ***
    encapsulation dot1Q 20
    ip address 10.20.1.10 255.255.255.128
    ip nat inside
    ip virtual-reassembly
    !
    interface FastEthernet0/1.21
    description VLAN *** VOICESERVERS ***
    encapsulation dot1Q 21
    ip address 10.20.1.90 255.255.255.192
    ip nat inside
    ip virtual-reassembly
    !
    interface Serial0/0/0
    no ip address
    shutdown
    clock rate 2000000
    !
    interface Serial0/0/1
    no ip address
    shutdown
    clock rate 2000000
    !
    !
    ip route profile
    ip route 0.0.0.0 0.0.0.0 200.1.2.4
    !
    ip nat inside source route-map NONAT interface FastEthernet0/0 overload
    ip nat inside source static tcp 10.10.10.2 80 200.1.2.3 80 extendable
    ip nat inside source static tcp 10.10.10.1 80 200.1.2.4 80 extendable
    !
    ip access-list standard REDISTRIBUTION
    deny 0.0.0.0
    permit any
    !
    ip access-list extended PHONELIST
    permit ip any 10.20.14.0 0.0.0.31
    ip access-list extended REMOTEVPN
    permit ip 192.168.3.0 0.0.0.255 10.10.14.0 0.0.0.31
    permit ip 10.10.0.0 0.0.63.255 10.10.14.0 0.0.0.31
    permit ip 10.20.0.0 0.0.63.255 10.10.14.0 0.0.0.31
    permit ip 192.168.21.0 0.0.0.255 10.10.14.0 0.0.0.31
    permit ip 192.168.33.0 0.0.0.255 10.10.14.0 0.0.0.31
    ip access-list extended TO_INET
    deny ip 10.10.0.0 0.0.63.255 10.10.14.0 0.0.0.31
    deny ip 10.20.0.0 0.0.63.255 10.10.14.0 0.0.0.31
    deny ip 10.20.0.0 0.0.63.255 10.20.14.0 0.0.0.31
    deny ip 192.168.3.0 0.0.0.255 any
    deny ip 10.10.0.0 0.0.63.255 192.168.21.0 0.0.0.255
    deny ip 10.20.0.0 0.0.63.255 192.168.33.0 0.0.0.255
    permit ip 10.10.1.0 0.0.0.255 any
    permit ip 10.20.1.128 0.0.0.127 any
    ip access-list extended TO_INTERNET
    permit ip 10.10.1.0 0.0.0.255 any
    permit ip 10.20.1.0 0.0.0.255 any
    permit ip 10.2.1.0 0.0.0.255 any
    !
    !
    route-map NONAT permit 10
    match ip address TO_INET
    !
    !
    !
    !
    control-plane
    !
    !
    !
    line con 0
    logging synchronous
    line aux 0
    line vty 0 4
    transport input telnet
    !
    scheduler allocate 20000 1000
    end


    Here is my doubt. How can I enable the access to this specific page by internet?
    I'll appreciate a lot the support. Thanks.
     

Share This Page

Loading...