Dear All,
Please help, I bought a Cisco router 1941 for home and for my lab, after configuring port-forwarding.
I can access my home server form outside with my domain name( www.my domain.nl) but cannot access my home server in my local lan.
This is my configuration below:
no ipv6 cef
ip source-route
ip cef
!
!
!
ip dhcp excluded-address 10.1.10.0 10.1.10.10
ip dhcp excluded-address 10.1.20.0 10.1.20.10
ip dhcp excluded-address 10.1.30.0 10.1.30.10
ip dhcp excluded-address 10.1.40.0 10.1.40.10
!
ip dhcp pool VLAN10
network 10.1.10.0 255.255.255.0
default-router 10.1.10.254
dns-server 8.8.8.8 8.8.4.4
domain-name computers.local
!
ip dhcp pool VLAN20
network 10.1.20.0 255.255.255.0
default-router 10.1.20.254
dns-server 8.8.8.8 8.8.4.4
domain-name computers.local
!
ip dhcp pool VLAN30
network 10.1.30.0 255.255.255.0
default-router 10.1.30.254
dns-server 8.8.8.8 8.8.4.4
domain-name computers.local
!
ip dhcp pool VLAN40
network 10.1.40.0 255.255.255.0
default-router 10.1.40.254
dns-server 8.8.8.8 8.8.4.4
domain-name computers.local
!
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1941/K9 sn FCZ182191UE
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
encapsulation dot1Q 1 native
ip address 10.1.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.10
encapsulation dot1Q 10
ip address 10.1.10.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.20
encapsulation dot1Q 20
ip address 10.1.20.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.30
encapsulation dot1Q 30
ip address 10.1.30.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.40
encapsulation dot1Q 40
ip address 10.1.40.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 10 interface GigabitEthernet0/0 overload
ip nat inside source static tcp 10.1.10.19 80 interface GigabitEthernet0/0 80
ip nat inside source static tcp 10.1.10.19 5000 interface GigabitEthernet0/0 5000
ip nat inside source static tcp 10.1.10.19 443 interface GigabitEthernet0/0 443
ip nat inside source static tcp 10.1.10.19 6690 interface GigabitEthernet0/0 6690
ip nat inside source static tcp 10.1.10.19 5001 interface GigabitEthernet0/0 5001
ip nat inside source static tcp 10.1.10.19 1900 interface GigabitEthernet0/0 1900
ip nat inside source static udp 10.1.10.19 1900 interface GigabitEthernet0/0 1900
ip route 0.0.0.0 0.0.0.0 99.99.99.1
!
access-list 10 permit 10.1.10.0 0.0.0.255
access-list 10 permit 10.1.20.0 0.0.0.255
access-list 10 permit 10.1.30.0 0.0.0.255
access-list 10 permit 10.1.40.0 0.0.0.255
At first glance, it doesn’t look like the configuration is at fault. I assume your home server is on IP address 10.1.10.19 correct? Are you having trouble accessing it from all four internal subnets or are you able to access it from the 10.1.10.0/24 subnet?
Secondly, your outside IP address is obtained via DHCP. Is this IP address a public or private address? I’d like to know a little more about how you reach the Internet. Do you have some CPE equipment (DSL or Cable modem) that is connected to the 1941 or are you connected with another technology?
It would also help if you were to show us the output of the show IP route command as well (with appropriate changes to any routable IP addresses).
Hi Laz,
My Cisco 1941 router is connected to my ISP modem, which i asked my ISP to set the modem as a bridge.
So everything is like going direct to my Cisco 1941 router.
AM only haveing problem access my server from all my 4 lan network, from the internet is no problem.
This the route output Below:
Gateway of last resort is 94.209.168.1 to network 0.0.0.0
S* 0.0.0.0/0 [254/0] via 94.209.168.1
10.0.0.0/8 is variably subnetted, 11 subnets, 2 masks
C 10.1.1.0/24 is directly connected, GigabitEthernet0/1.1
L 10.1.1.254/32 is directly connected, GigabitEthernet0/1.1
C 10.1.10.0/24 is directly connected, GigabitEthernet0/1.10
L 10.1.10.254/32 is directly connected, GigabitEthernet0/1.10
C 10.1.20.0/24 is directly connected, GigabitEthernet0/1.20
L 10.1.20.254/32 is directly connected, GigabitEthernet0/1.20
C 10.1.30.0/24 is directly connected, GigabitEthernet0/1.30
L 10.1.30.254/32 is directly connected, GigabitEthernet0/1.30
C 10.1.40.0/24 is directly connected, GigabitEthernet0/1.40
L 10.1.40.254/32 is directly connected, GigabitEthernet0/1.40
S 10.254.212.1/32 [254/0] via 94.209.168.1, GigabitEthernet0/0
94.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 94.209.168.0/23 is directly connected, GigabitEthernet0/0
L 94.209.168.133/32 is directly connected, GigabitEthernet0/0
Thanks for the clarification. I tried labbing up your scenario but I was unable to reproduce your situation. Even after I statically assigned a NAT translation for the 10.1.10.19 server, I was still able to access it internally. I suggest you try the following:
Check the NAT translations on the router to see what active translations exist.
Check to see if you have lost all connectivity to the server or only to those ports that you have created a static NAT translation for. Attempt to ping or create a telnet or FTP client on the server and see if you’re able to connect
If you remove the specific NAT translation for port 443 are you able to connect from any of the four LANs?
It is indeed strange because you have lost connectivity even from the same subnet, where you don’t even go through the router to get to the server itself. Test the above to see if they shed any light on the subject.