Help opening ports and protocol on Cisco 1600

By default all ports are open. What do your ACL's look like so we have an idea on how to help you?

All ports except for a few have already been closed. What are ACL's?

Hi Nathan!

Most likely you already have an access-list configured on the external interface.

This access-list will need to be edited in an editor with the following entries for the ports you mention. I will explain how to do this after the access-list.

access-list 111 permit udp host [vpn_source_ip] eq isakmp host [your_ip] eq isakmp access-list 111 permit udp host [vpn_source_ip] host [your_ip] eq 2746 access-list 111 permit tcp host [vpn_source_ip] host [your_ip] eq 264 access-list 111 permit esp host [vpn_source_ip] host [your_ip]

It might be worth putting this at the end of your access-list to see if any of the ports are still being blocked with the "log" keyword at the end of the statement.

access-list 111 deny tcp any range 0 65535 any range 0 65535 log access-list 111 deny udp any range 0 65535 any range 0 65535 log access-list 111 deny ip any any.

your existing config by typing "show run", this will give you the running configuration of the router.

to see if any connections are being dropped - in telnet/ssh="terminal monitor"

permit entries should be towards the top.

the number 111 in my example to your access-list number.

interface [external] "no ip access-group 111 in" router(config)#no access-list 111

apply it back to the interface. "interface [external]" "ip access-group 111 in"

Now I am not sure but you might need to do some NAT mappings if you are using NAT on the router. Try the above for now and see how you get on.

Rob