I have a Cisco 2811 that is connected via FA 01 to a Netgear wireless/router. Everything work fine. I am trying to allow web traffic to get to the web server which sit behind my Netgear/wireless router. Can someone tell me the CLI statement to allow port forwarding via tcp 80 that will router traffic through the Cisco 2811 throught the Netgear/wireless router and to the web server. I know that the Netgear/wireless router has its own firewall and NAT stuff and am wondering if that could be the problem. Everytime I attempt to connect the web server with the current setup from the outside I get the Cisco login page. It says something like priviledge 15 login or something of the sort. I can see that traffic is hitting the Cisco router but not getting through the WGR614L. Help?

well you'll only get the login box if you sent packets *TO* the router, not through it. you're all in private address land there right? so there's no natting to be done on the 2811 from what i can see.

Hi,

Best is to forward all traffic to the firewall, and let the firewall forward port 80 to the webserver

first make sure telnet to the router will work from the outside (if needed)
ip nat inside source static tcp iplan ipwan 23
Remove all natting if present
no ......
forward everything to the firewall
ip nat inside source static ip-server ipwan extendable

ip-server should be ip-firewall

I'm assuming that the Netgear box is a home Wireless Access Point / router. It is very likely that it is this that is blocking the traffic. It will most likely be set up to drop any unsolicited packets from the internet.

It is actually my friends setup. Thanks for all the replies. What everyone is saying is what I suspected from the beginning in that the Cisco router is either configured correctly to route packets through the router and the Netgear Home wireless/router is dropping stuff or that simply the router is not forwarding correctly. I will have my friend connect his web server to a WIC switch port to see if the router is actually forwarding to the web server. Like Robhogg said it is probaly the Netgear wireless/router that is causing the problem. If that is the case then what a major security flaw in the Cisco IOS. Why would it allow a login to the Cisco router after the forwarded packets are either dropped by the Netgear wireless/router or the Cisco router not routing correctly. Why would that be happening?

>Why would it allow a login to the Cisco router after the forwarded packets are either dropped by the Netgear wireless/router or the Cisco >router not routing correctly. Why would that be happening?

Because the router is configured to use port 80 for http login to configure it
You should disable this, and eventualy enable telnet for configuration

no ip http server
no ip http secure-server

you can use the accesslist so only a certain IP or IPrange can access the routerconfiguration via telnet

Here is the Cisco Router Config:

The LAN interface FA 0/0 is a 192.168.1.0 subnet and the Netgear is a 192.168.2.0. Is this the correct statement to forward port 80 traffic to the IIS server which is 192.168.2.4 which sits behind the Netgear wireless router?

looks OK
only,

ip http server
to disable webaccess for configuration.
should be
no ip http server

to enable telnet access
ip nat inside source static tcp 192.168.1.1 23 Ethernet1 23

I will look into this issue a little further.

no no no no no telnet is evil. do not ever use telnet. don't use it. do not enable it.

I Agree, but then you need to configure ssh on the cisco,
however for that you need a Data Encryption Standard (DES) or triple DES (3DES) IPSec encryption version of the IOS.
I don't know if they want to have access from the outside.

yes, so use ssh, job done. just need a k9 image.

can you give me a quick how-to on disable telnet on the Cisco router?

or

line vty 0 4
transport input none

or
transport input ssh

if you want just ssh access