Título: NAT en cisco Publicado por: diegosf en 4 Marzo 2015, 11:10 am Buenos días.
Tengo configurado un router 1801w en pppoe con una ddns (llamémosla ip.noip.org) y varios puertos nat abiertos a diferentes servidores. Si intento acceder desde fuera del router a dichos servidores, funciona perfectamente (ej: ip.noip.org:22). El problema viene cuando intento hacer el mismo acceso (ip.noip.org:22) desde la lan, ya que no me deja. Como se puede abrir un puerto para que sea accesible tanto desde fuera de la lan como desde la misma? Dejo la configuración del router. Current configuration : 4475 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! logging message-counter syslog enable secret 5 $1$Wmh0$crKVoVYco5/DlrWsozxOU0 ! no aaa new-model ! ! dot11 syslog ! dot11 ssid Cembranos vlan 1 authentication open authentication key-management wpa guest-mode wpa-psk ascii 0 password ! ip source-route ! ! ip dhcp excluded-address 192.168.1.1 192.168.1.20 ! ip dhcp pool midhdcp import all network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 194.224.52.6 8.8.8.8 lease infinite ! ip dhcp pool dhcp-lan default-router 192.168.1.1 dns-server 194.224.52.6 8.8.8.8 ! ! ip cef no ip domain lookup no ipv6 cef ! multilink bundle-name authenticated ! ! ! ! ! ! archive log config hidekeys ! ! bridge irb ! ! ! interface ATM0 no ip address no ip redirects no ip proxy-arp no atm ilmi-keepalive pvc 8/32 encapsulation aal5snap pppoe-client dial-pool-number 1 ! bridge-group 1 bridge-group 1 spanning-disabled hold-queue 224 in ! interface BRI0 no ip address encapsulation hdlc shutdown ! interface Dot11Radio0 no ip address ! encryption vlan 1 mode ciphers tkip ! broadcast-key vlan 1 change 60 ! ! ssid Cembranos ! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 station-role root ! interface Dot11Radio0.1 encapsulation dot1Q 1 native no cdp enable bridge-group 1 bridge-group 1 subscriber-loop-control bridge-group 1 spanning-disabled bridge-group 1 block-unknown-source no bridge-group 1 source-learning no bridge-group 1 unicast-flooding ! interface Dot11Radio1 no ip address shutdown speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0 station-role root ! interface FastEthernet0 no ip address shutdown duplex auto speed auto ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface FastEthernet4 ! interface FastEthernet5 ! interface FastEthernet6 ! interface FastEthernet7 ! interface FastEthernet8 ! interface Vlan1 no ip address ip nat inside ip virtual-reassembly bridge-group 1 bridge-group 1 spanning-disabled ! interface Dialer0 ip address negotiated no ip redirects no ip proxy-arp ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 no snmp trap link-status no cdp enable ppp chap hostname adslppp@telefonicanetpa ppp chap password 0 adslppp ! interface BVI1 ip address 192.168.1.1 255.255.255.0 ip nat inside no ip virtual-reassembly ! ip forward-protocol nd ip route 0.0.0.0 0.0.0.0 Dialer0 ip route 81.46.92.0 255.255.254.0 Dialer0 ip route 192.168.134.0 255.255.255.0 Dialer0 ip route 194.224.111.192 255.255.255.192 Dialer0 ip route 213.0.187.192 255.255.255.192 Dialer0 ip route 213.0.190.192 255.255.255.192 Dialer0 ip route 213.0.254.0 255.255.255.192 Dialer0 no ip http server no ip http secure-server ! ! ip nat inside source static tcp 192.168.1.13 80 interface Dialer0 80 ip nat inside source static tcp 192.168.1.254 80 interface Dialer0 11111 ip nat inside source static udp 192.168.1.213 9 interface Dialer0 9 ip nat inside source static udp 192.168.1.100 99 interface Dialer0 99 ip nat inside source static tcp 192.168.1.13 55503 interface Dialer0 55503 ip nat inside source static tcp 192.168.1.13 3306 interface Dialer0 3306 ip nat inside source static udp 192.168.1.13 999 interface Dialer0 999 ip nat inside source static tcp 192.168.1.13 21 interface Dialer0 21 ip nat inside source static tcp 192.168.1.13 445 interface Dialer0 445 ip nat inside source static tcp 192.168.1.113 22 interface Dialer0 22 ip nat inside source list NAT interface Dialer0 overload ! ip access-list standard NAT permit 192.168.1.0 0.0.0.255 ! ! ! ! ! ! ! control-plane ! bridge 1 route ip banner motd ^C ****************************************************************** * * ****************************************************************** ^C ! line con 0 line aux 0 line vty 0 4 password password1234 login transport input ssh ! scheduler max-task-time 5000 ntp server 146.185.21.74 end |