Most likely you already have an access-list configured on the external interface.
This access-list will need to be edited in an editor with the following entries for the ports you mention. I will explain how to do this after the access-list.
It might be worth putting this at the end of your access-list to see if any of the ports are still being blocked with the "log" keyword at the end of the statement.
access-list 111 deny tcp any range 0 65535 any range 0 65535 log access-list 111 deny udp any range 0 65535 any range 0 65535 log access-list 111 deny ip any any.
your existing config by typing "show run", this will give you the running configuration of the router.
to see if any connections are being dropped - in telnet/ssh="terminal monitor"
permit entries should be towards the top.
the number 111 in my example to your access-list number.
interface [external] "no ip access-group 111 in" router(config)#no access-list 111
apply it back to the interface. "interface [external]" "ip access-group 111 in"
Now I am not sure but you might need to do some NAT mappings if you are using NAT on the router. Try the above for now and see how you get on.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.