Questions

Open ports on Cisco 871W

+
0 Votes
Locked

Open ports on Cisco 871W

SynapsE_z
Hi,

I'm new to the world of Cisco. I recently bought an 871W router to become familiar with cisco products. Thanks to George Ou's template and David Davis' articles I was up and running in no time. I had to modify some things in order for it to work in my situation but it's mosly unchanged.

I need to be able to open a port for certain services to work (VPN, Remote desktop, Web server, etc). I changed the Internet-inbound-ACL to allow these services. I am using NAT and confirmed it works by going to www.whatismyip.com.

For example:

remark Allow SSL
60 permit tcp any host 192.168.100.253 eq 443
remark Allow Web
100 permit tcp any host 192.168.100.130 eq 80

NAT Statements:
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 192.168.100.253 443 interface FastEthernet4 443
ip nat inside source static tcp 192.168.100.254 22 interface FastEthernet4 22
ip nat inside source static tcp 192.168.100.253 1723 interface FastEthernet4 1723
ip nat inside source static tcp 192.168.100.130 80 64.81.XX.X1 80 extendable
ip nat inside source static 192.168.100.130 64.81.XX.X1
ip nat inside source static 192.168.100.112 64.81.XX.X2
ip nat inside source static 192.168.100.114 64.81.XX.X3
ip nat inside source static 192.168.100.111 64.81.XX.X4
ip nat inside source static 192.168.100.118 64.81.XX.X5


No matter what I do I can't seem to reach any service behind to router. I know they're up because it works on the LAN. Any help would be appreciated. Thanks.
  • +
    0 Votes
    SYNner

    You need to forward your ports on your edge router to the devices offering those services inside your network.

    +
    0 Votes
    SynapsE_z

    This is my edge router. By changing the ACL I thought I was forwarding the ports. If I'm missing something here could you provide and example. Thanks.

    +
    0 Votes
    SynapsE_z

    I got it to work by opening the port for all computers no just the specific one. For example:

    inbound-ACL:
    60 permit tcp any any eq 443

    then forward the port:
    ip nat inside source static tcp 192.168.100.253 443 interface FastEthernet4 443

    for some reason it didn't like me opening for just the one specific host. Less secure but at least it works.

  • +
    0 Votes
    SYNner

    You need to forward your ports on your edge router to the devices offering those services inside your network.

    +
    0 Votes
    SynapsE_z

    This is my edge router. By changing the ACL I thought I was forwarding the ports. If I'm missing something here could you provide and example. Thanks.

    +
    0 Votes
    SynapsE_z

    I got it to work by opening the port for all computers no just the specific one. For example:

    inbound-ACL:
    60 permit tcp any any eq 443

    then forward the port:
    ip nat inside source static tcp 192.168.100.253 443 interface FastEthernet4 443

    for some reason it didn't like me opening for just the one specific host. Less secure but at least it works.