How to do it in CISCO

I have the following setup:
Private network <-> SW <-> CISCO VPN <-> ISP MODEM
I have configured VPN part and is working correctly. I have a computer in the private network at static address 192.168.1.100  and an application is running on it on 8100 tcp port for clients.
Now I need to connect from the Internet to the application on 192.168.1.100 on port 8100.
How to configure CISCO router to forward traffic coming in tcp port 8100 to machine 192.168.1.100??
ISP Modem is going to handover all the traffic to CISCO device.
Thank You

Hi Karthik,
I need this to work so that
outside users should be able to access 192.168.1.100:8100 using http://PublicIP:8100 without using VPN at all
And VPN users should be able to access using http://192.168.1.100:8100
I am new to CISCO and committed to setup this for a customer. I got the VPN configured correctly by reading help. If I can do this last configuration, I am saved.
Thank you for your time
My Router Configuration Follows
sh run
Building configuration...
Current configuration : 5416 bytes
! Last configuration change at 17:58:55 CSTime Mon Aug 20 2012 by csi
! NVRAM config last updated at 17:58:24 CSTime Mon Aug 20 2012 by csi
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname Router
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
enable secret 5 $1$KJWP$wujENW/75bJnnoUxGXYJE0
aaa new-model
aaa authentication login default local
aaa authentication login vpn_xauth_ml_1 local
aaa authentication login sslvpn local
aaa authorization network vpn_group_ml_1 local
aaa session-id common
memory-size iomem 10
clock timezone CSTime -6
clock summer-time CSTime date Mar 11 2012 2:00 Nov 4 2012 2:00
crypto pki trustpoint TP-self-signed-986700165
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-986700165
revocation-check none
rsakeypair TP-self-signed-986700165
crypto pki certificate chain TP-self-signed-986700165
certificate self-signed 01
  3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 39383637 30303136 35301E17 0D313230 38313631 38353134
  375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3938 36373030
  31363530 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  A4AD22DF ECCB9372 C3E88024 318D7181 C2BE73E1 DB6F0B70 4A2781FF A0AB108D
  FEDD1EE5 C9C761A6 A9738299 684F25AC FC56F107 4FD43297 4D0D248B C431D0E2
  1A53D9B3 B0BCF9CF 7DF157FD 517594D0 B05FCD98 681D5A66 B48265FE BF353F47
  84FDA0C5 1A46E55D 40429810 B0A0D3A8 153FAD0A 78538AE0 657467FD FD44E6ED
  02030100 01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D
  11041B30 19821750 69636179 756E652E 796F7572 646F6D61 696E2E63 6F6D301F
  0603551D 23041830 16801491 5CACBE40 0996DFCE 1B9C67C3 9316041C 40FB8130
  1D060355 1D0E0416 0414915C ACBE4009 96DFCE1B 9C67C393 16041C40 FB81300D
  06092A86 4886F70D 01010405 00038181 003F26CD 9FA486C5 F71250F6 FC7E44F8
  CC1C15AC 1364CCA1 2E23CACA D123F78B F4B933EB 73648D75 A2C0B17A 28FAAC18
  7CAAB60E 9E5A49C3 50217868 BEFA30F5 6F36A04B BE41FE65 7C684DB9 10320AA1
  77D0BBC4 7216C6F6 20564AE2 8F46A06B 85AED401 9DB59ABF 6B360531 153BA6E1
  ECBF1F55 D4AF489A 70276D39 D13AF574 C5
        quit
ip source-route
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.1.1 192.168.1.25
ip dhcp excluded-address 192.168.1.100
ip dhcp excluded-address 192.168.1.222
ip dhcp excluded-address 192.168.1.254
ip dhcp pool ccp-pool
   import all
   network 10.10.10.0 255.255.255.248
   default-router 10.10.10.1
   lease 0 2
ip dhcp pool Internal_Network
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.254
   dns-server 192.168.100.1
ip cef
ip domain name yourdomain.com
ip name-server 192.168.100.1
no ipv6 cef
license udi pid CISCO881-K9 sn FTX1604828M
username csi privilege 15 secret 5 $1$G4wK$PRgc9k9omH9X8s1u37lkh1
username RemoteUser secret 5 $1$EWRQ$vPW7kG3jNhqwHTiL8IsBx0
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp policy 2
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp client configuration group RemoteAccessSupport
key Router_WWTP
pool VPN-Pool
acl VPN-Access-List
crypto isakmp profile vpn-isakmp-profile-1
   match identity group RemoteAccessSupport
   client authentication list vpn_xauth_ml_1
   isakmp authorization list vpn_group_ml_1
   client configuration address respond
   virtual-template 2
crypto ipsec transform-set encrypt-method-1 esp-3des esp-sha-hmac
crypto ipsec profile VPN-Profile-1
set transform-set encrypt-method-1
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
ip address 192.168.100.3 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface Virtual-Template2 type tunnel
ip unnumbered FastEthernet0
tunnel mode ipsec ipv4
tunnel protection ipsec profile VPN-Profile-1
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.1.254 255.255.255.0
no ip redirects
no ip unreachables
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
ip local pool VPN-Pool 192.168.1.101 192.168.1.150
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 100 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 192.168.100.1
ip access-list extended VPN-Access-List
permit ip 192.168.1.0 0.0.0.255 any
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 100 remark Used for Internet access to Internal N/W
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
no cdp run
control-plane
banner motd ^C----------  Router VPN Router ----------^C
line con 0
exec-timeout 30 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password 7 124A50424A5E5550
transport input telnet ssh
scheduler max-task-time 5000
end

Similar Messages

  • How can I connect a Cisco 7940 phone to a trixbox via SIP

    how can I connect a Cisco 7940 phone and CIsco 7970 to a trixbox via SIP

    ...by configuring the trixbox according to the required configuration and changing your firmware on the phones to SIP{
    =============================
    Please remember to rate useful posts, by clicking on the stars below.
    =============================

  • How to Recover Password on Cisco 2960 Switch?

    How to Recover Password on Cisco 2960 Switch? Who knows, please tell me the detail steps, thank you very much!

    You can find the detail steps on this article, hope can solve your problem.
    http://www.briefingwire.com/pr/how-to-recover-password-on-cisco-2960-switch
    and as I research, the WS-C2960X-48TS-L on sale on 3anetwork.com now, get a quote for the big discount.
    WS-C2960X-48TS-L
    http://www.3anetwork.com/cisco-ws-c2960x-48ts-l-price_p1542.html

  • How to sync clock of Cisco ASA 5505 from NTP Server on internet

    Hi there!
    i've setup a site, with cisco ASA 5505. It has public ip also.
    i want to sync the clock of firewall from on ntp server on internet, or with internal domain controller that is inside LAN.
    The firewall has public IP also.
    how can i do this?
    Regards!

    Hello Lasandro,
    This should do it!
    http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/basic_hostname_pw.html#wp1236530
    Looking for some Networking Assistance? 
    Contact me directly at [email protected]
    I will fix your problem ASAP.
    Cheers,
    Julio Carvajal Segura
    http://laguiadelnetworking.com

  • How to configure VPN with Cisco ASA 5505 behind Actiontec MI424WR

    I'm trying to test my Cisco VPN client from my workplace to my home where I have a Cisco ASA 5505 (VPN server) behind the Actiontec MI424WR.  I'm able to Ping the Actiontec external IP.  I also have Port Forwarding for IKE and IPSec configured on the Actiontec, but I cannot establish the VPN connection.
    What do I need to configure on the Actiontec to make this work?
    Also, when I test this at home, the MI424WR acts as the DHCP server for my laptop and the Cisco outside interface.  At home, I'm able to establish the VPN connection from my laptop to the ASA, allowing me to see a shared drive behind the ASA.  However, at home, I cannot go to the Internet while using the VPN client.
    Thanks for any help.
    Steve
    Solved!
    Go to Solution.

    http://www.dslreports.com/faq/verizonfios/3.0_Networking
    those are the best sample config's and resources on how to set the FiOS network
    Bridging is possible but difficult.  That link will give you great info on it.
    Are you a FiOS customer that has phone/internet/tv
    or no tv?   or no phone?    You have to be careful on your configuration or you might lose some TV features and functionality, like the Interactive Program Guide, or the VOD or the Widgets.
    Sorry the Portforwarding wasn't enough to resolve your issue, I am not sure that it's a Actiontec config you are looking for, from my understanding of Cisco's and FiOS it may be something behind the cisco that is causing an issue.  You may want to reach out to the Cisco admin that manages that, and find out if there are additional ports that are required and then you can come back and configure those ports too.

  • How to increase built-in cisco vpn peer response timer?

    Hi,
    I use OS x in-built cisco vpn client to connect to work VPN.
    The VPN server, or perhaps the radius server, takes a long time to return a response. OS X always try for 10 seconds, then drop the conneciton when no response from the remote peer. When I use cisco vpn client on a windows machine, the vpn client has a setting to allow for 90 seconds remote peer response time. It works fine using cisco vpn client.
    I prefer to use os x as my primary working environment, so I need to fix this problme. My question is how to increase the phase 1 & 2 timer for vpn under 10.6.7. I have tried to change racoon.conf phase 1 & phase 2 timer, but it made no difference. OS X only try for 10 seconds.
    Any ideas? (besides asking work people to fix the server or radius problem)
    Thanks
    jmsherry123

    i have the same problem ... certificate is imported in keychain, but cant select it when setup vpn connection

  • How to reset password on Cisco CSS 11501?

    Hi,
    I have changed the password for the Admin user (which was SuperUser) but when I changed it I forgot to add "SuperUser" at the end, now I don't have SuperUser access to the CSS 11501.
    Can anyone shade some light on this problem and explain how can I reset the password for a SuperUser?
    Thanks in Advance,
    Shai

    Hi Shai,
    You need to reboot the CSS. When prompt, hit any key to go into the Offline Diagnostic Menu.
    When you get in the menu, you will go to Administrative options and create an additional Admin user. When you do this, DO NOT use "admin", use something totally different.
    Get out of the Offline DM and reboot the CSS. When the CSS comes up, login as the new user (which will have Superuser rights) and run the "username" cli to change the password of "admin" and add the superuser part this time.
    Regards
    Pete Knoops
    Cisco Systems

  • How to bridge a linksys cisco E1200 series router?

    I have recently purchased a linksys cisco E1200 series router and would like to know how to bridge the connection to my xbox

    purchase 881w, get rid of linksys. That should do it.
    Sent from Cisco Technical Support iPad App

  • How do you backup a Cisco 2950 IOS image?

    I cant find anywhere on Cisco's website on how to do this or anywhere else for that matter.

    Hector,
    The copy tftp method is the most commonly used method to copy files from flash to a TFTP server or vice versa. But if you have CMS (cluster management suite) instlled on your flash, there will be an associated html folder and many other files that are extracted in flash. To upload these files, along with the IOS image, you will need to use the following command.
    archive upload-sw tftp:///IOS-CMS2950.tar
    This will compress all the files (IOS and CMS files) together in a tar (compressed) format and upload it to the TFTP server specified by
    Copying each of the above files individually will consume a lot of time.

  • How many Voice connections can cisco 2821 support?

    Good day.
    I have a cisco 2821 with EVM slot, NME-X slot and two HWIC slots. I have 4 port FXOs on the two HWIC slots. The EM-HDA-8FXS module on the EVM slot can handle 8 FXS connections. Please i would like to know if there is an EVM module that can do FXO connections and also how many voice connections can this router handle in total. Can the EM-HDA-8FXS module handle both FXS and FXO connections?
    Hope someone can help me out. My deadline has already passed.
    Regards,
    Obinna.

    Hi, already replied to this in the appropriate forum.
    Please do not open duplicate threads.

  • How to configure an external Cisco MDS 9124 Switch

    I have worked with some other Fibre switches before but not Cisco and was wondering if someone can pass me some quick info on how to configure the MDS 9124. I saw the Quick Guide and it briefly talked about config, but do I have to go thru hyperterminal to do the initial IP config? Is there a default one already I can use to get to the WebGUI. Some of the ones I worked with (like the ones that come with the Bladecenter) have a default IP, where I can enter the IP into the web browser and access the GUI right away and start doing configs.
    With the MDS 9124, can I do this? Or do I have to configure IP thru hyperterminal and then install Fabric Manager etc.
    Thanks in advance for any help!

    I assume that you actually read the guide:
    http://www.cisco.com/en/US/docs/storage/san_switches/mds9000/hw/9124/quick/quide/9124QSG.html
    Setup of the network is pretty clear. If the switch is brand new, you have to give it an IP address. Generally just follow the dotted line and don't vary except if you know what you are doing.
    Once its on the network, DM and FM can do the rest.
    The 9124e's don't have serial ports so the OA looks after that for you.

  • How do I monitor a Cisco 1700 Series T1 Serial Port.

    I have a Cisco 1721 Router and I am looking to monitor it for hourly statistics to find max and min speeds.  How would I go about doing this?  I know if I do a show interfaces it shows me all the data since the last time the counters were reset.  Thanks for any help.
    Chad
    Diversified Telecom.

    http://www.paessler.com/
    There are many others.

  • How to Port Forward on Cisco 1900 Router?

    We have a cisco 1900 router. I m new to cisco routers commands, recently started learning. I need to forward all requests coming from port 1723 from outside to inside server ip. I check "show running-config" and I see already forwarded ports and ip like below,
    ip nat pool onlyone xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask 255.255.255.252
    ip nat inside source list 1 pool onlyone overload
    ip nat inside source static tcp 192.168.0.xx 22 xxx.xxx.xxx.xxx 22 extendable
    ip nat inside source static tcp 192.168.0.xx 80 xxx.xxx.xxx.xxx 80 extendable
    ip nat inside source static tcp 192.168.0.xx 80 xxx.xxx.xxx.xxx 96 extendable
    ip nat inside source static tcp 192.168.0.xx 443 xxx.xxx.xxx.xxx 443 extendable
    ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
    where xxx.xxx.xxx.xxx is public facing IP.
    so what is the command to add "ip nat inside source static tcp 192.168.1.xx 1723 <public-ip> 1723 extendable" to currnetly working settings?
    I am currently reading below but no luck so far...
    http://www.cisco.com/en/US/docs/routers/access/1900/software/configuration/guide/software_configuration.pdf
    I have found this
    http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml#topic7
    interface ethernet 0
    ip address 172.16.10.1 255.255.255.0
    ip nat inside
    !--- Defines Ethernet 0 with an IP address and as a NAT inside interface.
    interface serial 0
    ip address 200.200.200.5 255.255.255.252
    ip nat outside
    !--- Defines serial 0 with an IP address and as a NAT outside interface.
    ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80
    !--- Static NAT command that states any packet received in the inside
    !--- interface with a source IP address of 172.16.10.8:8080 is
    !--- translated to 172.16.10.8:80.
    How do I know if "interface ethernet 0" and "interface serial 0" will work for me?

    the router is already setup and working for 2 years. all i need to do  add a simple port forward from public ip to internal server. Following  make sense to accomplish what i m trying to do. Lets assume 1.2.3.4 is  my office public static ip and 192.168.0.10 is my internal server. All  requests will come from some Ip lets say 25.24.23.22:1723 to  1.2.3.4:1723 and router will forward this request to 192.168.0.10:1723.  This is all i m trying to accomplish. I m not setting up a new router.  Some rules are already there. Therefore below seem to be what i need. All I need is how to identify "interface ethernet 0" & "interface serial 0". I understand the inside and outside details. All i have to find is how to replace ethernet 0 and serial 0 with what i have in my router setup.
    interface ethernet 0
    ip address 172.16.10.1 255.255.255.0
    ip nat inside
    !--- Defines Ethernet 0 with an IP address and as a NAT inside interface.
    interface serial 0
    ip address 200.200.200.5 255.255.255.252
    ip nat outside
    !--- Defines serial 0 with an IP address and as a NAT outside interface.
    ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80
    !--- Static NAT command that states any packet received in the inside
    !--- interface with a source IP address of 172.16.10.8:8080 is
    !--- translated to 172.16.10.8:80.

  • How access Office LAN via Cisco Router & Switches HELP!!

    Hello everyone!
    For starters I am no Cisco guru but at least find my way around a few things here and there.
    I work as the IT dude for a company with two branches at different geolocations.
    Our local network infrastructure at both HQ and branch offices comprise a Cisco 1941 Router and SF 300 24P Managed switches which hooks up our servers, workstations and VoIP phones.
    The dedicated internet [DI] is connected via a Hughes radio link which belongs to the telco and on a different IP class and connects to interface 0/0 of Cisco 1941. Interface 0/1 is then connected to one of the SF 300 24P managed switches on another IP class for LAN  [192.168.1/24]
    I have three questions.
    1. How do I access for example the File Server on the Corporate LAN from home?
    2. How do I get workstations at branch offices authenticate with Active Directory Server at the HQ?
    3. How do I get to get VoIP phones in branch offices hooked up to HQ VoIP PBX?
    Thank you very much.

    Hello everyone!
    For starters I am no Cisco guru but at least find my way around a few things here and there.
    I work as the IT dude for a company with two branches at different geolocations.
    Our local network infrastructure at both HQ and branch offices comprise a Cisco 1941 Router and SF 300 24P Managed switches which hooks up our servers, workstations and VoIP phones.
    The dedicated internet [DI] is connected via a Hughes radio link which belongs to the telco and on a different IP class and connects to interface 0/0 of Cisco 1941. Interface 0/1 is then connected to one of the SF 300 24P managed switches on another IP class for LAN  [192.168.1/24]
    I have three questions.
    1. How do I access for example the File Server on the Corporate LAN from home?
    2. How do I get workstations at branch offices authenticate with Active Directory Server at the HQ?
    3. How do I get to get VoIP phones in branch offices hooked up to HQ VoIP PBX?
    Thank you very much.

  • How to measure throughput on Cisco 2811

    How do you measure the current throughput on a Cisco 2811 router?
    We will be replacing this unit with a 4000 series one but the new devices limit the amount of throughput and require a license to increase the limit.
    Also, anyone aware of the commands to check the current throughput limit on a 4000 series router?
    thank you guys in anvance
    c

    Disclaimer
    The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
    Liability Disclaimer
    In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
    Posting
    How to measure 2811 throughput?  Note aggregate of all interface bit rates with CPU usage.
    I'm not sure about the 4K, but a show license might show the active license, and if it does, that should tell you the maximum performance.

Maybe you are looking for

  • Adobe Media Core CS6 has stopped working (Premiere Pro Family CS6)

    I have recently upgraded my computer to better run Premiere and Encore but have now encountered the error "Adobe Media Core CS6 has stopped working". The program will then boot even after I choose either of the two options that say they should close

  • Can query serial port with NI MAX, but doesn't work in Labview

    I'm trying to control a Coherent Sapphire 488 with labview. It's connected via a serial to USB converter into the computer. I can communicate with a device using NI MAX, but when I try to run the vi (attached), it works for several queries, but evetu

  • Possible to change the name of shared folders?

    I deleted the original shared public folder that looks like "User's Public Folder". When I went to add the Public Folder back it ends up being shared with the name "Public". Is it possible to change this name to something more descriptive? I have sev

  • Db migration from Solaris 8i to windows 10g

    There is requirement to move db from solaris8(dbversion8170 to window Server 2003 (10204 already installed) DB is about 80gb big, what would be the best approach ? I am thinking to create new db on windows, and export and import data.....any concerns

  • Mac Mini (mid 2010) horizontal screen flicker after new RAM installation

    Hi, trying to help someone fix their mid 2010 mac mini here. The model he bought came with 4GB of RAM; but he upgraded and put 8GB of RAM in. (the kingston variety KVR1066D3D4R7S/4GI 4GB DDR3-1066 I think) Before the RAM there were no display problem