1. Home
  2. Cisco Systems
  3. Newbie Question; Cisco 837

Newbie Question; Cisco 837

Hi all,

I have a Cisco 837 that I'm having trouble getting Port Mapping working as expected. My config is:

!version 12.3 no service pad service timestamps debug datetime msec localtime service timestamps log datetime msec localtime service password-encryption service compress-config ! hostname c830 ! boot-start-marker boot-end-marker ! no logging buffered enable secret 5 Blah ! username ajn privilege 15 secret 5 Blah clock timezone GMT 0 clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00 no aaa new-model ip subnet-zero ip domain name internal.neillans.co.uk ip name-server 217.169.20.20 ip name-server 217.169.20.21 ip dhcp excluded-address 10.0.0.101 10.0.0.254 ip dhcp excluded-address 10.0.0.1 ! ip dhcp pool LAN network 10.0.0.0 255.255.255.0 default-router 10.0.0.1 dns-server 217.169.20.20 217.169.20.21 ! ! ip inspect name DEFAULT100 cuseeme ip inspect name DEFAULT100 ftp ip inspect name DEFAULT100 h323 ip inspect name DEFAULT100 netshow ip inspect name DEFAULT100 rcmd ip inspect name DEFAULT100 realaudio ip inspect name DEFAULT100 rtsp ip inspect name DEFAULT100 smtp ip inspect name DEFAULT100 sqlnet ip inspect name DEFAULT100 streamworks ip inspect name DEFAULT100 tftp ip inspect name DEFAULT100 tcp ip inspect name DEFAULT100 udp ip inspect name DEFAULT100 vdolive ip inspect name DEFAULT100 icmp ip audit notify log ip audit po max-events 100 ip ssh version 2 no ftp-server write-enable ! ! ! no crypto isakmp enable ! ! ! ! interface Ethernet0 description $ETH-LAN$$FW_INSIDE$Local Network ip address 10.0.0.1 255.255.255.0 ip access-group 100 in ip nat inside no cdp enable hold-queue 100 out ! interface ATM0 no ip address no atm ilmi-keepalive pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 10 ! dsl operating-mode auto ! interface Dialer0 description $FW_OUTSIDE$Point-to-Point to AAISP Customer Aggregation ip address negotiated ip access-group 101 in ip nat outside ip inspect DEFAULT100 out encapsulation ppp dialer pool 10 ppp authentication chap callin ppp chap hostname blah ppp chap password 7 blah ! ip nat inside source list 1 interface Dialer0 overload ip nat inside source static udp 10.0.0.108 9991 interface Dialer0 9991 ip nat inside source static tcp 10.0.0.107 22 interface Dialer0 9922 ip nat inside source static tcp 10.0.0.108 9991 interface Dialer0 9991 ip nat inside source static 10.0.0.101 1.1.1.1 extendable ip nat inside source static 10.0.0.102 2.2.2.2 extendable ip nat inside source static 10.0.0.103 3.3.3.3 extendable ip nat inside source static 10.0.0.104 4.4.4.4 extendable ip nat inside source static 10.0.0.105 5.5.5.5 extendable ip nat inside source static 10.0.0.106 6.6.6.6 extendable ip classless ip route 0.0.0.0 0.0.0.0 Dialer0 no ip http server ip http authentication local ip http secure-server ! ! access-list 1 permit 10.0.0.0 0.0.0.255 access-list 100 remark auto generated by SDM firewall configuration access-list 100 remark SDM_ACL Category=1 access-list 100 deny ip host 255.255.255.255 any access-list 100 deny ip 127.0.0.0 0.255.255.255 any access-list 100 permit ip any any access-list 101 remark auto generated by SDM firewall configuration access-list 101 remark SDM_ACL Category=1 access-list 101 permit icmp any any echo-reply access-list 101 permit icmp any any time-exceeded access-list 101 permit icmp any any unreachable access-list 101 remark BitTorrent access-list 101 permit udp any host 200.200.200.200 eq 9991 access-list 101 permit tcp any host 200.200.200.200 eq 9991 access-list 101 remark SSH to Dev access-list 101 permit tcp any host 200.200.200.200 eq 9922 log access-list 101 remark SSH to Router access-list 101 permit tcp any any eq 22 log access-list 101 deny ip 172.16.0.0 0.15.255.255 any access-list 101 deny ip 192.168.0.0 0.0.255.255 any access-list 101 deny ip 127.0.0.0 0.255.255.255 any access-list 101 deny ip host 255.255.255.255 any access-list 101 deny ip host 0.0.0.0 any access-list 101 deny ip any any log snmp-server community public RO snmp-server enable traps tty no cdp run ! control-plane ! ! line con 0 logging synchronous login local no modem enable transport preferred all transport output all line aux 0 transport preferred all transport output all line vty 0 4 exec-timeout 15 0 login local transport preferred all transport input ssh transport output all ! scheduler max-task-time 5000 ! end

I am assigned a number of static IP's by my isp (1.1.1.1 to 6.6.6.6 in the above), along side my standard static ADSL ip (200.200.200.200 in the above). I have the additional static IP's mapped to internal IP's via static NAT. Also in the above, you can see that I have tried to map a number of other ports - 9991 and 9922 to other IP's on my network, however, these are to be bound to the same public IP address as my ADSL connection.

But the above does not work - and I can't see why.... 9922 and 9991 remain closed.

Anyone care to give me a pointer?

Regards,

Andy Neillans

Reply to
Andrew Neillans
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.