Question

  • Creator
    Topic
  • #2239359

    Open ports on Cisco 871W

    Locked

    by synapse_z ·

    Hi,

    I’m new to the world of Cisco. I recently bought an 871W router to become familiar with cisco products. Thanks to George Ou’s template and David Davis’ articles I was up and running in no time. I had to modify some things in order for it to work in my situation but it’s mosly unchanged.

    I need to be able to open a port for certain services to work (VPN, Remote desktop, Web server, etc). I changed the Internet-inbound-ACL to allow these services. I am using NAT and confirmed it works by going to http://www.whatismyip.com.

    For example:

    remark Allow SSL
    60 permit tcp any host 192.168.100.253 eq 443
    remark Allow Web
    100 permit tcp any host 192.168.100.130 eq 80

    NAT Statements:
    ip nat inside source list 1 interface FastEthernet4 overload
    ip nat inside source static tcp 192.168.100.253 443 interface FastEthernet4 443
    ip nat inside source static tcp 192.168.100.254 22 interface FastEthernet4 22
    ip nat inside source static tcp 192.168.100.253 1723 interface FastEthernet4 1723
    ip nat inside source static tcp 192.168.100.130 80 64.81.XX.X1 80 extendable
    ip nat inside source static 192.168.100.130 64.81.XX.X1
    ip nat inside source static 192.168.100.112 64.81.XX.X2
    ip nat inside source static 192.168.100.114 64.81.XX.X3
    ip nat inside source static 192.168.100.111 64.81.XX.X4
    ip nat inside source static 192.168.100.118 64.81.XX.X5

    No matter what I do I can’t seem to reach any service behind to router. I know they’re up because it works on the LAN. Any help would be appreciated. Thanks.

All Answers

  • Author
    Replies
    • #2466930

      Clarifications

      by synapse_z ·

      In reply to Open ports on Cisco 871W

      Clarifications

    • #2466883

      You need to do port forwarding

      by synner ·

      In reply to Open ports on Cisco 871W

      You need to forward your ports on your edge router to the devices offering those services inside your network.

      • #2466871

        I only have one router

        by synapse_z ·

        In reply to You need to do port forwarding

        This is my edge router. By changing the ACL I thought I was forwarding the ports. If I’m missing something here could you provide and example. Thanks.

    • #2475472

      Ok I figured it out.

      by synapse_z ·

      In reply to Open ports on Cisco 871W

      I got it to work by opening the port for all computers no just the specific one. For example:

      inbound-ACL:
      60 permit tcp any any eq 443

      then forward the port:
      ip nat inside source static tcp 192.168.100.253 443 interface FastEthernet4 443

      for some reason it didn’t like me opening for just the one specific host. Less secure but at least it works.

Viewing 2 reply threads