How to port forward on a Cisco 851w - TechRepublic
TechRepublic | Forums | IT Employment
IT Employment
Question
August 25, 2008 at 05:36 PM
#2149187
mark720

How to port forward on a Cisco 851w

by mark720 . Updated 17 years, 9 months ago

hello, new here and just starting to study for my ccna. i have an 851w
that i bought for practice. i set it up with a config tool i found on this
site, now i need to open a specific port (tcp and udp) for an
application on one of my hosts. i tried what i thought the command
would be but it didn’t seem to work, can someone give me some
advice on what commands i should enter? here is my config, thanks!

Router#sh start
Using 4349 out of 131072 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$k8yk$BW
enable password 7 02
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
aaa session-id common
!
resource policy
!
ip subnet-zero
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.2.1 192.168.2.99
!
ip dhcp pool Internal-net
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
domain-name mark720.com
lease 4
!
ip dhcp pool VLAN20
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
domain-name mark720.com
lease 4
!
!
ip cef
ip inspect name MYFW tcp
ip inspect name MYFW udp
no ip domain lookup
ip domain name mark720.com
vpdn enable
!
!
!
crypto pki trustpoint TP-self-signed-4011360482
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4011360482
revocation-check none
rsakeypair TP-self-signed-4011360482
!
!
crypto pki certificate chain TP-self-signed-4011360482
certificate self-signed 01 nvram:IOS-Self-Sig#3204.cer
username &&&&& privilege 15 password 7 11
!
!
!
bridge irb
!
!
interface FastEthernet0
spanning-tree portfast
!
interface FastEthernet1
spanning-tree portfast
!
interface FastEthernet2
spanning-tree portfast
!
interface FastEthernet3
spanning-tree portfast
!
interface FastEthernet4
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
no cdp enable
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
encryption vlan 20 mode ciphers tkip
!
ssid LabWLAN
vlan 20
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 14126
!
ssid mark720
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii 7 02150D10
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0
24.0 36.0 48.0 54.0
channel 2412
station-role root
no dot11 extension aironet
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no snmp trap link-status
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.20
description Guest wireless LAN – routed WLAN
encapsulation dot1Q 20
ip address 192.168.2.1 255.255.255.0
ip access-group Guest-ACL in
ip nat inside
ip virtual-reassembly
no snmp trap link-status
!
interface Vlan1
description Internal Network
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dialer1
ip address negotiated
ip access-group Internet-inbound-ACL in
ip inspect MYFW out
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication pap callin
ppp pap sent-username ****@*****.net password 7 127977
ppp ipcp dns request
ppp ipcp address accept
!
interface BVI1
description Bridge to Internal Network
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
ip http secure-server
ip nat inside source list 1 interface Dialer1 overload
!
ip access-list extended Guest-ACL
deny ip any 192.168.1.0 0.0.0.255
permit ip any any
ip access-list extended Internet-inbound-ACL
permit udp any eq bootps any eq bootpc
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any traceroute
permit gre any any
permit esp any any
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
dialer-list 1 protocol ip list 1
!
control-plane
!
bridge 1 route ip
banner motd ^C
This is a secure system. Unauthorized access is prohibited.
^C
!
line con 0
exec-timeout 0 0
password 7 0205
logging synchronous
no modem enable
line aux 0
line vty 0 4
exec-timeout 0 0
password 7 000
logging synchronous
!
scheduler max-task-time 5000
end

This discussion is locked

All Comments