need help with configuration

Hi guys,

I need your help on port forwarding on CISCOrouter, I am new to configuring CISCO router, any way I did configuer my router, now I can internet and send and recieve mail, so this part is good. I did try to open these ports on the router; 25 ,22,443,4002 and I did forward these ports to one of my servers. but when I try to telnet any of these port I get no anserw at all or when I try to access my server (SBS 2003) with remote desktop (port 4002)no connection is made. I send you a copy of the router configuration,maybe some of you can see some mistake in it. Please let me know where is the problem. ( I did change the IP's for security reson).

myrouter#sh run Building configuration...

Current configuration : 4694 bytes ! version 12.4 no parser cache service nagle no service pad service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname mydomain ! boot-start-marker boot-end-marker ! enable secret 5 $1$QRTEUHN$Sb83SiFXpstr562NA/1iQZ/

950 ! aaa new-model ! ! aaa authentication login userauthen local aaa authorization network groupauthor local ! aaa session-id common ! resource policy ! no ip source-route ip cef ! ! ! ! ip tcp mss 1400 no ip domain lookup ip domain name mydomain.com ip inspect name myfw cuseeme timeout 3600 ip inspect name myfw http timeout 3600 ip inspect name myfw rcmd timeout 3600 ip inspect name myfw realaudio timeout 3600 ip inspect name myfw tftp timeout 30 ip inspect name myfw udp timeout 15 ip inspect name myfw tcp timeout 3600 ip inspect name myfw h323 timeout 3600 ! ! ! username johndo secret 5 $1$LJB.$ty/ MZ6auSm3khkhAIMGeTsF/ username test secret 5 $1$ub5k$b/ nmlDv4eMdRpKertyueEDL1 ! ! ! crypto isakmp policy 3 encr 3des authentication pre-share group 2 ! crypto isakmp policy 10 authentication pre-share group 2 crypto isakmp keepalive 10 ! crypto isakmp client configuration group groepje1 key 427sieb1 pool ippool ! ! crypto ipsec transform-set transset1 esp-3des esp-md5- hmac ! crypto dynamic-map dynmap 10 set transform-set transset1 ! ! crypto map crypmap1 client authentication list userauthen crypto map crypmap1 isakmp authorization list groupauthor crypto map crypmap1 client configuration address respond crypto map crypmap1 20 ipsec-isakmp dynamic dynmap ! ! ! ! interface BRI0 no ip address encapsulation hdlc shutdown ! interface ATM0 no ip address no ip route-cache cef no ip route-cache no ip mroute-cache no atm ilmi-keepalive pvc 0 8/48 encapsulation aal5mux ppp dialer dialer pool-member 1 ! dsl operating-mode auto ! interface FastEthernet0 ! interface FastEthernet1 ! interface FastEthernet2 ! interface FastEthernet3 ! interface Vlan1 ip address 10.0.0.190 255.255.255.0 ip access-group 102 in ip nat insi ip inspect myfw in ip virtual-reassembly no ip route-cache cef no ip route-cache no ip mroute-cache hold-queue 100 out ! interface Dialer1 ip address negotiated ip access-group 113 in ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication pap callin ppp pap sent-username snipped-for-privacy@xs4all.net password 7 66141601034200555953 crypto map crypmap1 ! ip local pool ippool 192.168.10.100 192.168.10.110 ip route 0.0.0.0 0.0.0.0 Dialer1 permanent ! ! no ip http server no ip http secure-server ip nat inside source static tcp 10.0.0.56 7 interface Dialer1 7 ip nat inside source static udp 10.0.0.56 7 interface Dialer1 7 ip nat inside source route-map nonat interface Dialer1 overload ip nat inside source static tcp 10.0.0.190 22 interface Dialer1 22 ip nat inside source static tcp 10.0.0.180 25 interface Dialer1 25 ip nat inside source static tcp 10.0.0.180 443 interface Dialer1 443 ip nat inside source static tcp 10.0.0.180 110 interface Dialer1 110 ip nat inside source static tcp 10.0.0.180 4002 interface Dialer1 4002 ! access-list 23 permit 82.66.199.22 access-list 23 permit 212.222.20.0 0.0.0.255 access-list 23 permit 10.0.0.0 0.0.0.255 access-list 102 permit ip 10.0.0.0 0.0.0.255 any access-list 102 permit ip 192.168.10.0 0.0.0.255 any access-list 102 permit esp any any access-list 105 deny ip 10.0.0.0 0.0.0.255 192.168.10.0 0.0.0.255 access-list 105 permit ip 10.0.0.0 0.0.0.255 any access-list 112 permit tcp any any eq smtp access-list 112 permit tcp any any eq 443 access-list 112 permit tcp any any eq pop3 access-list 112 permit tcp any any eq 4002 access-list 112 permit ip host 82.62.160.105 any access-list 112 deny ip any any access-list 113 permit ip 192.168.10.0 0.0.0.255 any access-list 113 permit esp any any access-list 113 permit udp any any eq isakmp access-list 113 permit tcp host 82.66.199.22 any eq 22 access-list 113 permit tcp 213.222.20.224 0.0.0.7 any eq 22 access-list 113 permit tcp host 193.172.44.45 eq tftp-data any access-list 113 permit tcp host 194.151.107.40 eq tftp-data any access-list 113 permit tcp host 194.151.107.44 eq tftp-data any access-list 113 permit icmp any any access-list 113 permit tcp any any eq echo access-list 113 permit udp any any eq echo access-list 113 deny ip any any access-list 115 permit ip any any access-list 115 permit esp any any dialer-list 1 protocol ip permit ! ! ! route-map nonat permit 10 match ip address 105 ! ! control-plane ! ! line con 0 --More--
Reply to
shahin
Loading thread data ...

I suggest you change your password immediately and not post it in public again.

Reply to
Default User

It doesn't matter. It is type 7 passwords that are easy to crack. Type 5 passwords are MD5 hashes, and if you know an efficient way to break MD5 hashes then you have made a major cryptography breakthrough.

formatting link

Reply to
Walter Roberson

hey,

if you do not have anserw to other peopel question stop jerking, you think Iam stupid enough to don't change the pasword hashes before put it on the net? dream on. give anserw or shutup please.

Reply to
shahin

You replied to my posting; could I ask you to clarify whether you were addressing those remarks to me or to someone else?

Reply to
Walter Roberson

Hi Walter,

I am sorry, my remarks was pointed to defult user.

Reply to
shahin

Hi Walter,

I am sorry, my remarks was pointed to defult user.

Reply to
shahin

It's done all the time with brute force attacks. All you need to do is match the hash and you've got your password. Cain & Able

formatting link
can do it.

Reply to
Default User

In that case; Yes, I think you are stupid.

HAND

Reply to
Default User

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.