need help on port opening

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Hi guys,

I need your help on port forwarding on CISCOrouter,
I am new to configuring CISCO router, any way I did configuer my
router, now I can internet and send and recieve mail, so this part is
good.
I did try to open these ports on the router; 25 ,22,443,4002
and I did forward these ports to one of my servers. but when I try to
telnet  any of these port I get no anserw at all  or when I try to
access my server (SBS 2003) with remote desktop (port 4002)no
connection is made.
I send you a copy of the router configuration,maybe some of you can
see some mistake in it.
Please let me know where is the problem. ( I did change the IP's for
security reson).


myrouter#sh run
Building configuration...


Current configuration : 4694 bytes
!
version 12.4
no parser cache
service nagle
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname mydomain
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$QRTEUHN$Sb83SiFXpstr562NA/1iQZ/
950
!
aaa new-model
!
!
aaa authentication login userauthen
local
aaa authorization network groupauthor
local
!
aaa session-id common
!
resource policy
!
no ip source-route
ip cef
!
!
!
!
ip tcp mss 1400
no ip domain lookup
ip domain name mydomain.com
ip inspect name myfw cuseeme timeout
3600
ip inspect name myfw http timeout
3600
ip inspect name myfw rcmd timeout
3600
ip inspect name myfw realaudio timeout
3600
ip inspect name myfw tftp timeout
30
ip inspect name myfw udp timeout 15
ip inspect name myfw tcp timeout
3600
ip inspect name myfw h323 timeout
3600
!
!
!
username johndo secret 5 $1$LJB.$ty/
MZ6auSm3khkhAIMGeTsF/
username test secret 5 $1$ub5k$b/
nmlDv4eMdRpKertyueEDL1
!
!
!
crypto isakmp policy 3
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp policy 10
 authentication pre-share
 group 2
crypto isakmp keepalive 10
!
crypto isakmp client configuration group
groepje1
 key 427sieb1
 pool ippool
!
!
crypto ipsec transform-set transset1 esp-3des esp-md5-
hmac
!
crypto dynamic-map dynmap 10
 set transform-set transset1
!
!
crypto map crypmap1 client authentication list
userauthen
crypto map crypmap1 isakmp authorization list
groupauthor
crypto map crypmap1 client configuration address
respond
crypto map crypmap1 20 ipsec-isakmp dynamic
dynmap
!
!
!
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
!
interface ATM0
 no ip address
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 no atm ilmi-keepalive
 pvc 0 8/48
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 ip address 10.0.0.190
255.255.255.0
 ip access-group 102 in
 ip nat insi
 ip inspect myfw in
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 hold-queue 100 out
!
interface Dialer1
 ip address negotiated
 ip access-group 113 in
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication pap callin
 ppp pap sent-username j...@xs4all.net password 7
66141601034200555953
 crypto map crypmap1
!
ip local pool ippool 192.168.10.100
192.168.10.110
ip route 0.0.0.0 0.0.0.0 Dialer1
permanent
!
!
no ip http server
no ip http secure-server
ip nat inside source static tcp 10.0.0.56 7 interface Dialer1
7
ip nat inside source static udp 10.0.0.56 7 interface Dialer1
7
ip nat inside source route-map nonat interface Dialer1
overload
ip nat inside source static tcp 10.0.0.190 22 interface Dialer1
22
ip nat inside source static tcp 10.0.0.180 25 interface Dialer1
25
ip nat inside source static tcp 10.0.0.180 443 interface Dialer1
443
ip nat inside source static tcp 10.0.0.180 110 interface Dialer1
110
ip nat inside source static tcp 10.0.0.180 4002 interface Dialer1
4002
!
access-list 23 permit 82.66.199.22
access-list 23 permit 212.222.20.0
0.0.0.255
access-list 23 permit 10.0.0.0
0.0.0.255
access-list 102 permit ip 10.0.0.0 0.0.0.255
any
access-list 102 permit ip 192.168.10.0 0.0.0.255
any
access-list 102 permit esp any any
access-list 105 deny   ip 10.0.0.0 0.0.0.255 192.168.10.0
0.0.0.255
access-list 105 permit ip 10.0.0.0 0.0.0.255
any
access-list 112 permit tcp any any eq
smtp
access-list 112 permit tcp any any eq 443
access-list 112 permit tcp any any eq pop3
access-list 112 permit tcp any any eq
4002
access-list 112 permit ip host 82.62.160.105
any
access-list 112 deny   ip any any
access-list 113 permit ip 192.168.10.0 0.0.0.255
any
access-list 113 permit esp any any
access-list 113 permit udp any any eq
isakmp
access-list 113 permit tcp host 82.66.199.22 any eq 22
access-list 113 permit tcp 213.222.20.224 0.0.0.7 any eq 22
access-list 113 permit tcp host 193.172.44.45 eq tftp-data any
access-list 113 permit tcp host 194.151.107.40 eq tftp-data any
access-list 113 permit tcp host 194.151.107.44 eq tftp-data any
access-list 113 permit icmp any any
access-list 113 permit tcp any any eq echo
access-list 113 permit udp any any eq echo
access-list 113 deny   ip any any
access-list 115 permit ip any any
access-list 115 permit esp any any
dialer-list 1 protocol ip permit
!
!
!
route-map nonat permit 10
 match ip address 105
!
!
control-plane
!
!
line con 0
 --More--


Re: need help on port opening
Quoted text here. Click to load it

Hi there,

Try this...

int lo0 ip address < whatever address you want to assign>

ip access-list 100 permit <client address range>

route-map static permit 10
 match ip address 100
 set interface Loopback0

interface Vlan1
 ip address 10.0.0.190
255.255.255.0
 ip policy route-map static
 ip access-group 102 in
 ip nat insi
 ip inspect myfw in
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 no ip mroute-cache
 hold-queue 100 out

Best of luck   :)

Have a good day.


Site Timeline