Does Port Forwarding Differ in AEXn from other routers?

Similar Messages

• Port forwarding for Warcraft 3 - no other posts have helped me solve this :

  Hi everyone,
  At risk of flogging a dead horse, I am having trouble with port forwarding/port mapping on my new AEBS and need help.
  Warcraft 3 requires ports 6112-6119 open, which I had successfully set up through the Router Management Interface of my router (Speedstream 536 v6). Since I've set up the airport and run the router through it, I've been unable to host/join games on Warcraft, due to ports not being open.
  I've since gone back in to the router setup and attempted to configure it. I've tried sending the open port traffic to the base station, to the computer, and a combination of each, but nothing seems to fix it.
  Aside from port forwarding, it is working fine. My internet connection is flawless (a little slower than before airport ... or perhaps my imagination?), my Wii and XBOX360 both find the network fine (360 hard wired over ethernet due to wireless security issues ... see other threads!), but I can't play my warcraft games.
  The help system (and some of the other threads on here) direct me to the Airport Utility -> Advanced -> Port Mapping. The problem is that on my advanced pane I only see:
  - Logging and SNMP
  - Bonjour
  - IPv6
  I've tried restarting the AEBS but get no joy. Is there something I'm doing that is fundamentally wrong? Can anyone help me? I'm not sharing the connection with any other computers, just wii and xbox, if that makes any difference.
  If there's anything else you'd need to know, please ask me.
  I look forward to your responses, and any help is most appreciated.
  Regards,
  GH

  The IP address of my iMac is 10.0.0.1; the address of the Speedtouch is 10.0.0.138; the AEBS is 10.0.0.2, and the xbox360 (which the speedtouch sees as "Generic device") is 10.0.0.4.
  On the speedtouch setup page, there's a lot of long-winded gibberish which I don't really understand, but perhaps it'll be of some use to someone more knowledgable on the topic. Each device has the following information:
  iMac (which it lists as Unknown-00-11-24-bb-ef-96):
  Information
  Status: Active
  Type: Generic Device
  Connected To: ethport1 (Ethernet)
  Addressing
  Physical Address: 00:11:24:bb:ef:96
  IP Address Assignment: DHCP
  IP Address: 10.0.0.1
  Always use the same address: No
  DHCP Lease Time: 0 days, 16:34:40
  Connection Sharing
  Game or Service
  War3
  Warcraft III
  (This is what I had named the settings which opened ports 6112-6119 on TCP and UDP respectively. As stated, it worked fine before the airport came along, and I've since tried removing and reinstating with no success).
  Airport-Extreme
  Information
  Status: Active
  Type: Generic Device
  Connected To: ethport1 (Ethernet)
  Addressing
  Physical Address: 00:16:cb:c2:c3:2c
  IP Address Assignment: DHCP
  IP Address: 10.0.0.2
  Always use the same address: No
  DHCP Lease Time: 0 days, 16:38:05
  Connection Sharing
  There is no game or service assigned to this device.
  Xbox360
  Unknown-00-17-ab-4f-fa-a6
  Information
  Status: Active
  Type: Generic Device
  Connected To: ethport1 (Ethernet)
  Addressing
  Physical Address: 00:17:ab:4f:fa:a6
  IP Address Assignment: DHCP
  IP Address: 10.0.0.4
  Always use the same address: No
  DHCP Lease Time: 0 days, 16:31:45
  Connection Sharing
  There is no game or service assigned to this device.
  Does any of this help at all?

• Does Anyone Know How to Buy from Other Countries' iTunes

  Hey, I was just wondering if anyone knows how to buy from other countries' iTunes, because I live in the US and have a US credit card, but alot of the songs I want only seem to be available on the French site.
  Does anyone know if theres some sort of way around this? Would it be possible to, say, buy French iTunes gift cards?

  No, you cannot due to Licensing and copyright issues, which vary from country to country. Unless you have a billing adress in France, you will not be able to purchase from the French iTunes store. Having a gift card from there will not help, because you need to also have a French Billing adress. Sorry,
  Rachyl

• Port forwarding between two servers from Same subnet

   Hi,
  We have a Cisco ASA 5520 Version 8.4(3). There exists a site to site VPN tunnel between us and a client and the client sends us the data to our local host/server 10.x.x.20 on port 52944. So 10.x.x.20 gets data on port 52944. We want to forward this data to a test server 10.x.x.21( same subnet IP) on port 52945. so basically I want to forward traffic from 10.x.x.20:52944 to 10.x.x.21:52945.
  Is this possible. I am a new bee to the networking and still learning. Excuse me if this sounds silly. 
  I know we can add one more ACL in the VPN tunnel and add this test server IP in the ACL. but, then I have to ask the clinet to change their ACL too. I dont want to do this. So I want to wrok around it. Any help or suggestions is much appreciated.
  Thanks in advance :)
  This is my first ticket in the support community.
  cs

  VMs have nothing to do with it, as long as there's network communication between the servers.
  As I said, there must be a service or application listening on that port for it to respond. For example, try this:
  C:\> telnet
  When the telnet prompt opens, type in:
  open mail.messaging.microsoft.com 25
  If it works, you should see this:
  220 CH1EHSMHS035.bigfish.com Microsoft ESMTP MAIL Service ready at Thu, 7 Feb 2013 00:57:33 +0000
  That means that Microsoft's mail servers are LISTENING on port 25 and it responded. And note, telnetting to port 25 is a non-default telnet port, because port 23 is the default telnet port. When you type in a space and then a port number, you're telling
  the telnet client to use that port.
  That is the SAME THING if some sort of application or service is listening on port 8444 on that other server you're trying to telnet to. If there is no app or service listening, it will just time out.
  And no, installing the TELNET service on that sercver will NOT answer to any port other than 23. The telnet service by default, uses TCP 23, unless you specify otherwise.
  So once again, what service or app on that server is supposed to be listening on 8444?
  Ace Fekay
  MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
  This post is provided AS-IS with no warranties or guarantees and confers no rights.

• Interference from other routers?

  I live in a high rise apartment block. All my neigbours are using Linksys routers as well. I have installed a Wireless-N router model WRT300N which is supposed to cover a large floor area. My iMac which is located in another room about 20 feet away cannot pickup my router signal during peak hours and only picks up signals from my neighbours' routers which are all password protected as is my own router. The iMac Airport can only pick up the signal from my router before 8.00am and late at night when my neighbours are not using their computers.  When I try to switch the iMac Airport to pick up my own router signal during peak hours, it gets timed out without connectivity. Sometimes, the iMac cannot even detect the signal from my router and only picks up my neigbour's routers. I have better luck with picking up my own router signal using my PC laptop but I would prefer to use the Mac if only I could get connectivity. How can I minimize interference from my neighbours' routers or improve the connectivity of my linksys router to the iMac?
  Thanks in advance for any helpful suggestions.

  If you haven't already Set your Network Name (SSID) to something other than Linksys If your iMac has and Airport Extreme card, and you don't have other non N devices that need to connect wirelessly to your router, set the router's Network Mode to N only. You can try switching between Wide-40MHz Channel, and Standard-20MHz, and see if one or the other works better. 40MHz uses two channels so it might help you, but it might also knock out your neighbors. It may also fail if you set it to that and there's too much interference, in which case you might have better luck with 20MHz.

• How to copy UserProperties from origin message when doing reply, forward or reply all?

  is there a way to auto copy the UserProperties from origin message when doing reply, forward, reply all or any other operation? (if exists)

  And to handle the Reply / Forward / ReplyAll events, you need to track the selected items (use Explorer.SelectionChange event) and messages displayed in inspectors (use Application.Inspectors.NewInspector event). Keep in mind that more than one message
  can be selected or displayed at a time, so you will need to dynamically track the list of items that can fire the Reply / Forward / ReplyAll events.
  Dmitry Streblechenko (MVP)
  http://www.dimastr.com/redemption
  Redemption - what the Outlook
  Object Model should have been
  Version 5.5 is now available!

• RV042 Port forwarding stops working when Firewall is enabled

  Hey all,
  I have a RV042 router on a single WAN and an internal LAN. I have configured port forwarding as follows:
  HTTP[TCP/80~80]->10.0.0.6
  HTTPS[TCP/443~443]->10.0.0.6
  IMAP[TCP/143~143]->10.0.0.5
  IMAP SSL[TCP/993~993]->10.0.0.5
  SMTP SSL[TCP/587~587]->10.0.0.5
  Everything works just fine when I have the firewall DISABLED. However, when I enable it the behaviour is erratic. 1 out of 10 attempts to connect to ANY port forwarded works. Almost all attempts time out.
  Notice that this happens even if using only the default firewall rules (which should be bypassed by the port forwarding as I read in other posts).
  My second try was to create firewall rules manually, overriding the default ones. I tried adding rules from source WAN1 (where my connection is) to ANY and to SINGLE IP's on every port. Nothing seems to work.
  I don't know what I'm doing wrong, this is really bugging me. I had to turn the firewall off so we can access our servers from outside the office. This shouldn't have to be done.
  Do you know anything I could try?
  Best regards,
  Theo
  EDIT:
  Just found out that my firewall is getting LOTS and LOTS of Blocked - SYN Flood entries. I think this is why we are having trouble with the firewall. Could this be the problem? I have no idea where all these SYN packets are coming from since they appear with spoofed IPs or come from different bots all over.

  Hi Theo, if you want to over ride the default state table, you need to first make firewall rules to block all access then make your permission rules.
  Such an example would be-
  Action Deny
  Service All
  Source interface WAN
  Source IP any
  Destination IP any
  Save
  Action Permit
  Service RDP
  Source interface WAN
  Source IP -xx.xx.xx.xx
  Destination IP - xx.xx.xx.xx
  Save
  As for your concern about the syn flood, it can be a likely cause of your problems. Does the logging facility of the router give any indications?
  -Tom
  Please mark answered for helpful posts

• How connect to oracle RAC via the RSG using port forwarding

  Hi all,
  I got a problem trying to connect to oracle RAC via the RSG using port forwarding .
  on command line i sue to connect :
  sqlplus 'username/password@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=tcp)(HOST=firstRACnode)(PORT=1521))(ADDRESS=(PROTOCOL=tcp)(HOST=secondRACnode)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=MSDP)))'
  but when using port forwarding i forward the port 1521 to a local port and make ssh to the DB node ( as normal with other nodes but not RAC) but it never work with me for this situation
  can any one give me a help ifthere is any changes should be done on the server side , or if any one faced such a problem and found a solution
  Thanks,
  Prathap.

  782011 wrote:
  I got a problem trying to connect to oracle RAC via the RSG using port forwarding .
  on command line i sue to connect :
  sqlplus 'username/password@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=tcp)(HOST=firstRACnode)(PORT=1521))(ADDRESS=(PROTOCOL=tcp)(HOST=secondRACnode)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=MSDP)))'Not exactly sure what you are attempting, but if you doing port forwarding via ssh, the basic approach is as follows:
  Step 1
  Create a ssh tunnel from local machine to remote db server. Forward any local port (should not be a well known port or a port in the private/dynamic port range) to connect to the database server's listener port. If the ssh tunnel is into the db server itself, the connection (port forwarding) can be on localhost (as the Listener should be listening on it). Alternatively use a public IP of that db server.
  Example (using OpenSSH on Ubuntu 9.4):
  Local server port 1527 tunneled to port 1521 on database server 192.168.0.100 using o/s account johnd (we connect to port 1521 on db server via 127.0.0.1):
  ssh -X -f -N -o ServerAliveInterval=3 -L 1527:127.0.0.1:1521 [email protected]
  Step 2
  Run sqlplus and connect to the local fowarded port on localhost, using the applicable connection settings (e.g SID/Service Name, etc).
  sqlplus scott/tiger@"(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=127.0.0.1)(PORT=1527)) (CONNECT_DATA=(SID=orcl) (SERVER=dedicated)))"Note that the Listener must not hand our connection off - as the case would be when using RAC for example and connecting via a Service Name and not a SID. We need the Listener that accepts our connection to immediately hand us over to the database instance (via either a dedicated server or a shared server dispatcher process).

• Port Forward: Conflicts with all of them.

  A bit about me: I am an IT professional 20+ years so I know how to port forward
  Situation:
  I had a Actiontec Gen1 router. A technician came out the other day and tried to resolve an upload speed issue. As a result, he replaced the ONT and the Router to a Gen2. He got it all up and running and left. My issue started 20 minutes after he left -- when I sat down to reestablish my port forwards.
  When I tryed creating my first port forward, I got a warning message about a conflict. I looked at the list and all I had were 3 preset entries:
  --Localhost                               TCP Any -> 4567
  --192.168.1.100:63145          Application - TCP Any -> Any
  --192.168.1.100:63145          Application - TCP Any -> 1
  Now, I have done port forwards a lot with my previous router so I was a bit taken back. I did a factory restore on the router and tried to create another port forward - still conflicts.
  I knew something was up so I called Verizon. A tech didn't get anywhere so they put me on the phone with Actiontec. They had me try to create a port forward and got the same results. They said the router was corrupt and to have Verizon send me another.
  I got the new router in today. While the tech was setting it up in the basement, I quickly tried to create a port forward on it and it worked. I was excited and waited for him to connected it to the WAN. Once he did his thing and established outside connectivity, I tried to create another port forward, and it failed. I asked him to give me back my original Gen1 router so I could use it to troubleshoot. He did with the rule that I call him when I was done.
  I got Verizon back on the line and they couldn't help. They then got me on the phone with Actiontec. A couple hours later, they still had no answer. One thing we found though was that they were also not able to connect remotely. They tried 443 and 8080 - nothing worked. I also found that I was able to create UDP port forwards - they worked fine but as soon as I tried any TCP ports, the always came back with a conflict.
  Actiontec said the issue was with Verizon and that I should work with them again, so I called Verizon.
  I got a great tech who was really going the extra mile instead of giving me the infamous "We don't support that". He too couldn't access the router remotely and we tried just about anything under the sun. For giggles, we decided to put my old Gen1 router back in place. He wanted to reset it to factory defaults so we did. I took a screen capture of my original port forwards though first. When we restored it, it was also stating that there is a conflict when I created a new port forward.
  I took a look at my screen capture of my original Gen1 router (this is the one that was originally working over the last year) and I noticed that its 192.168.1.100 entry was set to go to Application - UDP any -> 63146. After resetting it to factory default, Verizon is now setting it to the two setting I documented above.
  So now I am questioning Verizons settings that they are pushing down to the router.
  My next step was to disconnect it from the WAN completely, do a factory reset and see if I can create a port forward. After doing that test, I was able to create port forwards - TCP, UDP -- they all entered without a conflict. As soon as I connected the router to the WAN and Verizon pushed their settings, it broke again.
  The technician did all he could. It is Sunday today and the higher tier techs do not work on Sundays so he said he will have them contact me tomorrow. I sure hope they can resolve this!
  So this is the deal:
  -Go into your router and try to create a port forward. Pick anyone from the list that includes a TCP port. If you get a message stating there is a conflict, you are most likely in the same boat as I. I would bet anything that Verzion cannot access your router remotely too.
  -If you ARE able to create tcp port forwards, then I would highly suggest that you do not do a factory reset. When doing so, I would bet anything that you will no longer be able to create those forwards.
  -if you are able to port forward fine, do me a favor and tell me what your 192.168.1.100 port forwards are that Verizon throws in there. If I were to bet, I would bet that the ones that work are set for Application - UDP any -> 63146; If they don't work, I would bet that they are set to:
  --192.168.1.100:63145          Application - TCP Any -> Any
  --192.168.1.100:63145          Application - TCP Any -> 1
  Anyway, that is my story. I spent a whole weekend with Verizon and I am still not working. Any data from the community will be helpful. I want to know if this is a global issue or if it is only affecting me. I have had this happen with 3 routers, 1 gen1 and 2 gen2's.
  Thanks for your help in advance.
  Solved!
  Go to Solution.

  Finally - a solution. *wipes brow*
  First off, I want to state that the networking group located in the Syracuse - all the other tech need to visit them for a week and learn:
  - How to talk to a customer (what to say and not to say)
  - How routers work, how they can be configured, and what they are capable of. Basically, learn a bit about networking.
  - Listen to the customer - they may know more than you.
  Anyway, thank you very much Syracuse Team!
  While working with the tech (this guy was awesome and actually listened to me about the automatic port forwards that were appearing from Verizon), he decided to to use the RJ45 network WAN connection in addition the COAX. My setup was setup to only use the COAX connection - it's been that way for over a year now.
  The tech turned set it up so that my data was going through the RJ45 and the TV was going through the COAX. When he did this and we reset the router to factory, the Verizon forwarded ports were no longer showing up and as a result, I was able to create ports at will without conflict.
  So beware all of you who are setup to only use the COAX connection. It appears that one of my set top boxes was now throwing in the port forwards that I noted in the original post and those were screwing everything up. Go figure that, eh? I wonder who said that some 14 tech hours ago?
  Anyway - if you are unable to create port forwards without a conflict error, call up Verizon and tell them the issue. If they act like they never heard this, tell them about my situation and that adding the RJ45 connection in addition the COAX is the solution. Just make sure you reset your router to factory when they are done or else those odd port forwards won't clear.
  Peace out and good luck!

• ActionTec MI424WR / Port Forwarding

  I consider myself pretty tech savvy.  I've configured plenty of Cisco PIX routers so I have some experience.  But for the life of me, I can't get ANY port forwarding working.  I have an ActionTec MI424-WR Rev D router with firmware 4.0.16.1.56.0.10.11.6.  I've read the manual, I've configured port forwarding.  But no matter what port I choose, it never shows as open.  I've called ActionTec twice and they walked me through the steps, which were identical to what I did, and no matter what, the ports are not forwarding.  They appear to be blocked somewhere. 
  I do not have a second router.  The FIOS comes into the ActionTec router and then two of my computers are connected as part of a network.  I am trying to set up a SSH tunnel to one of my home computers.  I've tried the standard port 22, and a bunch of non-standard ports.  I've even tried to get RDP working on 3389 and no joy.  The port forwarding is setup, I've tried medium and low security on the firewall.  From other computers on the network, I can telnet to port 22 using both ip address and dns name and I get my OpenSSH screen.  But it's not availble from outside.  I have tried it with Windows firewall (XP) both on with exceptions and off.  Still no joy.
  I have read that people all over are doing this, but it isn't working for me.  Does anyone have any suggestions on what could be wrong or how to diagnose the problem?  Shields Up says my ports are stealthed.  CanyouSeeMe.org sometimes says connection denied and sometimes says connection timeout.  I don't know what else to try.
  Anyone?

  Okay, problem is partially solved.  I installed CopSSH on my other computer, edited the port forwarding to point to the other computer, and it works.  I never suspected my own computer was the problem.  The question is why?  The only firewall on my computer is Windows firewall (XP), which I've created exceptions for and even tried disabling.  I still wasn't able to access the port.  So something on my machine is blocking ports but I have no idea what.  Does anyone have any ideas where to look?  I turned off Windows Defender and Symantec AV but that didn't help (and then turned them back on).
  TIA for any help

• Cannot get port forwarding to work on EA6500

  Hi,
  I have an EA6500 to replace the old WRT54G. I have an Apach server on my PC. On the WRT54G, I could easily set port forward to the server, it was working fine. But on the EA6500, I simply couldn't get it to work any more. What am I missing?
  TIA

  Thanks for the reply.
  As it turned out for some "security" reasons, EA6500 port forwarding only allows access from outside of the network, but not from netwrok behind the router.  So annoying, however I found this work around
  http://community.linksys.com/t5/Wireless-Routers/EA6500-NAT-Redirection-Bug/td-p/583820/highlight/fa...
  look for poster sflick1's solution, it really works. 

• NAT port forwarding

  I have recently purchased a Cisco 871 router. In the GUI from the installed software, I have been able to configure which ports are forwarded to a specified IP address within my local area network.
  This seems to output a configuration line like this:
  ip nat inside source static tcp 192.168.1.123 1000 interface Dialer0 1000
  However, I can only do this one port at a time. Is there a function or command that I can use to specify a range of ports? For example, I would like to forward tcp ports 1000-2300 to the IP address 192.168.1.123.
  Any help would be appreciated.
  (p.s: I think I posted in the wrong Topic previously)

  Hi
  I own a 2621xm which I have used for port forwarding with NAT overload. from what I can see your options are to forward a port onto the address of your NATed interface with the command:
  ip nat inside source static (tcp/udp) your.inside.ip.address portnumber your.interface.ip.address externalportnumber
  eg
  ip nat inside source static tcp 192.168.1.43 22 194.41.66.2 8022
  would allow me to reach 192.168.1.43 port 22 from outside using 8022 or whatever port you specify in the command.
  alternatively you could change the interface address to one in the same network so that it is seen as a different devicewith a different ip that only has the forwarded port open.
  the final way would be to forward the entire inside address to a new external ip address for example if you have a 192.168.0.0 /24 NATed to 194.41.66.0 /24 through an interface with an ip of 194.41.66.2 you could run the folowing command:
  ip nat inside source static 192.168.1.43 194.41.66.43
  allowing you to communicate with that host as if there was no NAT. from here you can use the access-list feature to close ports that you don't need.
  Hope this helps!
  Barry

• Port Forwarding for RDP 3389 is not working

  Hi,
  I am having trouble getting rdp (port 3389) to forward to my server (10.20.30.20).  I have made sure it is not an issue with the servers firewall, its just the cisco.  I highlighted in red to what i thought I need in my config to get this  to work.  I have removed the last 2 octets of the public IP info for security .Here is the configuration below:
  TAMSATR1#show run
  Building configuration...
  Current configuration : 11082 bytes
  version 15.2
  no service pad
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  hostname TAMSATR1
  boot-start-marker
  boot system flash:/c880data-universalk9-mz.152-1.T.bin
  boot-end-marker
  logging count
  logging buffered 16384
  enable secret
  aaa new-model
  aaa authentication login default local
  aaa authentication login ipsec-vpn local
  aaa authentication login ciscocp_vpn_xauth_ml_1 local
  aaa authorization console
  aaa authorization exec default local
  aaa authorization network groupauthor local
  aaa session-id common
  memory-size iomem 10
  clock timezone CST -6 0
  clock summer-time CDT recurring
  crypto pki token default removal timeout 0
  crypto pki trustpoint TP-self-signed-1879941380
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-1879941380
  revocation-check none
  rsakeypair TP-self-signed-1879941380
  crypto pki certificate chain TP-self-signed-1879941380
  certificate self-signed 01
    3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 31383739 39343133 3830301E 170D3131 30393136 31393035
    32305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38373939
    34313338 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100BD7E 754A0A89 33AFD729 7035E8E1 C29A6806 04A31923 5AE2D53E 9181F76C
    ED17D130 FC9B5767 6FD1F58B 87B3A96D FA74E919 8A87376A FF38A712 BD88DB31
    88042B9C CCA8F3A6 39DC2448 CD749FC7 08805AF6 D3CDFFCB 1FE8B9A5 5466B2A4
    E5DFA69E 636B83E4 3A2C02F9 D806A277 E6379EB8 76186B69 EA94D657 70E25B03
    542D0203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603
  ip dhcp excluded-address 10.20.30.1 10.20.30.99
  ip dhcp excluded-address 10.20.30.201 10.20.30.254
  ip dhcp excluded-address 10.20.30.250
  ip dhcp pool tamDHCPpool
  import all
  network 10.20.30.0 255.255.255.0
  default-router 10.20.30.1
  domain-name domain.com
  dns-server 10.20.30.20 8.8.8.8
  ip domain name domain.com
  ip name-server 10.20.30.20
  ip cef
  no ipv6 cef
  license udi pid CISCO881W-GN-A-K9 sn
  crypto vpn anyconnect flash:/webvpn/anyconnect-dart-win-2.5.3054-k9.pkg sequence 1
  ip tftp source-interface Vlan1
  class-map type inspect match-all CCP_SSLVPN
  match access-group name CCP_IP
  policy-map type inspect ccp-sslvpn-pol
  class type inspect CCP_SSLVPN
    pass
  zone security sslvpn-zone
  crypto isakmp policy 10
  encr aes 256
  authentication pre-share
  group 2
  crypto isakmp policy 20
  encr aes 192
  authentication pre-share
  group 2
  crypto isakmp key password
  crypto isakmp client configuration group ipsec-ra
  key password
  dns 10.20.30.20
  domain tamgmt.com
  pool sat-ipsec-vpn-pool
  netmask 255.255.255.0
  crypto ipsec transform-set ipsec-ra esp-aes esp-sha-hmac
  crypto ipsec transform-set TSET esp-aes esp-sha-hmac
  crypto ipsec profile VTI
  set security-association replay window-size 512
  set transform-set TSET
  crypto dynamic-map dynmap 10
  set transform-set ipsec-ra
  reverse-route
  crypto map clientmap client authentication list ipsec-vpn
  crypto map clientmap isakmp authorization list groupauthor
  crypto map clientmap client configuration address respond
  crypto map clientmap 10 ipsec-isakmp dynamic dynmap
  interface Loopback0
  ip address 10.20.250.1 255.255.255.252
  ip nat inside
  ip virtual-reassembly in
  interface Tunnel0
  description To AUS
  ip address 192.168.10.1 255.255.255.252
  load-interval 30
  tunnel source
  tunnel mode ipsec ipv4
  tunnel destination
  tunnel protection ipsec profile VTI
  interface FastEthernet0
  no ip address
  interface FastEthernet1
  no ip address
  interface FastEthernet2
  no ip address
  interface FastEthernet3
  no ip address
  interface FastEthernet4
  ip address 1.2.3.4
  ip access-group INTERNET_IN in
  ip access-group INTERNET_OUT out
  ip nat outside
  ip virtual-reassembly in
  no ip route-cache cef
  ip route-cache policy
  ip policy route-map IPSEC-RA-ROUTE-MAP
  duplex auto
  speed auto
  crypto map clientmap
  interface Virtual-Template1
  ip unnumbered Vlan1
  zone-member security sslvpn-zone
  interface wlan-ap0
  description Service module interface to manage the embedded AP
  ip unnumbered Vlan1
  arp timeout 0
  interface Wlan-GigabitEthernet0
  description Internal switch interface connecting to the embedded AP
  switchport mode trunk
  no ip address
  interface Vlan1
  description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
  ip address 10.20.30.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly in
  ip tcp adjust-mss 1452
  ip local pool sat-ipsec-vpn-pool 10.20.30.209 10.20.30.239
  ip default-gateway 71.41.20.129
  ip forward-protocol nd
  ip http server
  ip http access-class 23
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip dns server
  ip nat inside source list ACL-POLICY-NAT interface FastEthernet4 overload
  ip nat inside source static tcp 10.20.30.20 3389 interface FastEthernet4 3389
  ip nat inside source static 10.20.30.20 (public ip)
  ip route 0.0.0.0 0.0.0.0 public ip
  ip route 10.20.40.0 255.255.255.0 192.168.10.2 name AUS_LAN
  ip access-list extended ACL-POLICY-NAT
  deny   ip 10.0.0.0 0.255.255.255 10.20.30.208 0.0.0.15
  deny   ip 172.16.0.0 0.15.255.255 10.20.30.208 0.0.0.15
  deny   ip 192.168.0.0 0.0.255.255 10.20.30.208 0.0.0.15
  permit ip 10.20.30.0 0.0.0.255 any
  permit ip 10.20.31.208 0.0.0.15 any
  ip access-list extended CCP_IP
  remark CCP_ACL Category=128
  permit ip any any
  ip access-list extended INTERNET_IN
  permit icmp any any echo
  permit icmp any any echo-reply
  permit icmp any any unreachable
  permit icmp any any time-exceeded
  permit esp host 24.153. host 66.196
  permit udp host 24.153 host 71.41.eq isakmp
  permit tcp host 70.123. host 71.41 eq 22
  permit tcp host 72.177. host 71.41 eq 22
  permit tcp host 70.123. host 71.41. eq 22
  permit tcp any host 71..134 eq 443
  permit tcp host 70.123. host 71.41 eq 443
  permit tcp host 72.177. host 71.41. eq 443
  permit udp host 198.82. host 71.41 eq ntp
  permit udp any host 71.41. eq isakmp
  permit udp any host 71.41eq non500-isakmp
  permit tcp host 192.223. host 71.41. eq 4022
  permit tcp host 155.199. host 71.41 eq 4022
  permit tcp host 155.199. host 71.41. eq 4022
  permit udp host 192.223. host 71.41. eq 4022
  permit udp host 155.199. host 71.41. eq 4022
  permit udp host 155.199. host 71.41. eq 4022
  permit tcp any host 10.20.30.20 eq 3389
  evaluate INTERNET_REFLECTED
  deny   ip any any
  ip access-list extended INTERNET_OUT
  permit ip any any reflect INTERNET_REFLECTED timeout 300
  ip access-list extended IPSEC-RA-ROUTE-MAP
  deny   ip 10.20.30.208 0.0.0.15 10.0.0.0 0.255.255.255
  deny   ip 10.20.30.224 0.0.0.15 10.0.0.0 0.255.255.255
  deny   ip 10.20.30.208 0.0.0.15 172.16.0.0 0.15.255.255
  deny   ip 10.20.30.224 0.0.0.15 172.16.0.0 0.15.255.255
  deny   ip 10.20.30.208 0.0.0.15 192.168.0.0 0.0.255.255
  deny   ip 10.20.30.224 0.0.0.15 192.168.0.0 0.0.255.255
  permit ip 10.20.30.208 0.0.0.15 any
  deny   ip any any
  access-list 23 permit 70.123.
  access-list 23 permit 10.20.30.0 0.0.0.255
  access-list 24 permit 72.177.
  no cdp run
  route-map IPSEC-RA-ROUTE-MAP permit 10
  match ip address IPSEC-RA-ROUTE-MAP
  set ip next-hop 10.20.250.2
  banner motd ^C
  UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED.
  You must have explicit permission to access or configure this device.  All activities performed on this device are logged and violations of this policy may result in disciplinary and/or legal action.
  ^C
  line con 0
  logging synchronous
  line aux 0
  line 2
  no activation-character
  no exec
  transport preferred none
  transport input all
  line vty 0
  access-class 23 in
  privilege level 15
  logging synchronous
  transport input telnet ssh
  line vty 1 4
  access-class 23 in
  exec-timeout 5 0
  privilege level 15
  logging synchronous
  transport input telnet ssh
  scheduler max-task-time 5000
  ntp server 198.82.1.201
  webvpn gateway gateway_1
  ip address 71.41. port 443
  http-redirect port 80
  ssl encryption rc4-md5
  ssl trustpoint TP-self-signed-1879941380
  inservice
  webvpn context TAM-SSL-VPN
  title "title"
  logo file titleist_logo.jpg
  secondary-color white
  title-color #CCCC66
  text-color black
  login-message "RESTRICTED ACCESS"
  policy group policy_1
     functions svc-enabled
     svc address-pool "sat-ipsec-vpn-pool"
     svc default-domain "domain.com"
     svc keep-client-installed
     svc split dns "domain.com"
     svc split include 10.0.0.0 255.0.0.0
     svc split include 192.168.0.0 255.255.0.0
     svc split include 172.16.0.0 255.240.0.0
     svc dns-server primary 10.20.30.20
     svc dns-server secondary 66.196.216.10
  default-group-policy policy_1
  aaa authentication list ciscocp_vpn_xauth_ml_1
  gateway gateway_1
  ssl authenticate verify all
  inservice
  end

  Hi,
  I didnt see anything marked with red in the above? (Atleast when I was reading)
  I have not really had to deal with Routers at all since we all access control and NAT with firewalls.
  But to me it seems you have allowed the traffic to the actual IP address of the internal server rather than the public IP NAT IP address which in this case seems to be configured to use your FastEthernet4 interfaces public IP address.
  There also seems to be a Static NAT configured for the same internal host so I am wondering why the Static PAT (Port Forward) is used?
  - Jouni

• Problems with Port Forwarding for RDP in WebVPN

  Hi,
  I'm hoping somebody can help me solve this problem that's been bugging for weeks. We recently implemented a double-layer firewall architecture. Before that, our users can access RDP via port forwarding on WebVPN or the Cisco VPN client without any problems.
  After we implemented the double-layer firewall architecture, users who are going through the WebVPN and port forwarding for RDP began to experience frequent disconnections, slowness or freezing connections. The users who are using the client are fine.
  I checked the logs and I'm getting repetitive TCP-O for the port forwarding connections for RDP. Additional information: the FW we installed as a 2nd layer is Netscreen. I've already set the policy on it to Any-Any for the meantime to help in troubleshooting but to no avail. 
  I hope somebody can help me in sorting this out as I'm kind of confused on the difference between the port-forwarding for RDP via the WebVPN and the normal RDP via the client.  

  Hi,
  I didnt see anything marked with red in the above? (Atleast when I was reading)
  I have not really had to deal with Routers at all since we all access control and NAT with firewalls.
  But to me it seems you have allowed the traffic to the actual IP address of the internal server rather than the public IP NAT IP address which in this case seems to be configured to use your FastEthernet4 interfaces public IP address.
  There also seems to be a Static NAT configured for the same internal host so I am wondering why the Static PAT (Port Forward) is used?
  - Jouni

• How to port forward with Modem and Router

  I have a Linksys AM300 Modem and a Linksys WRT610N router. 
  I want to forward ports for Call of Duty Modern Warfare 2 and STEAM.
  How do I port forward when I have 2 devices and how can I test that it is working? 

  I would recommend that you reconfigure your AM300 into bridge mode. In bridge mode it operates like a standard modem would do. Then reconfigure the WRT610N for your internet connection, i.e. most likely PPPoE. Now the WRT has a direct connection into the internet. Now you only need to configure port forwarding on the WRT610N.