Port Forward in Cisco series 800

Similar Messages

• Help: Port forward in Cisco SOHO 97

  Hi there!
  I have a Cisco SOHO 97.
  The IP is: 10.0.0.1/24
  Gw: 0.0.0.0
  *Default route via DIALER1
  I also have a RV042 configured as VPN Server (PPTP and IPSec).
  The IP is: 10.0.0.2/24
  I need help to configure the router to I be able to connect to VPN server from OUTSIDE-WORLD.
  I imagine I need Port forwarding from Cisco SOHO to RV042.
  I hope for possibles answers!
  Thanks!

  Sorry i found the issue.
  The problem was that, i wanted to redirect port 443 (https) to an private address.
  But by default port 443 is reserved to access ASA via https for management.
  I just reserved another port 888 for https management access and now i can redirect port 443 normaly as i wanted.
  Using this command: http server enable 888
  Germain

• Problem with cisco series 800 router and SMTP

  Hello,
  we bought a 877 cisco router and have some problem with SMTP.
  I try to read all forum and KB about but do not find any solution.
  the problem is that when i try to send any email from client (windows mail) i receive a error 533: you need to supply the correct username and password.
  when trying throught hmailserver i receive an email "undeliverable" with this error in body:
  Error Type: SMTP
  Remote server (62.149.128.202) issued an error.
  hMailServer sent: EHLO Globalnet
  Remote server replied: 502 unimplemented (#5.5.1)
  receving email work correctly.
  i'm already using smtp auth, and with my old router everything work fine.
  so i beleive is a config problem, maybe with ESMTP (ehlo)?.
  i attach my config:

  Dear sirs
  Thank you for answer so quickly
  I download this document from Cisco “Configuring the (Remote) Common Application Programming Interface for Cisco 800 Series Router”.
  I have a Lan with Asterisk IP-PBX , the Cisco router have a BRI to public exchange (ISDN) , the router act like a DCP (ISDN- Device Control Protocol) server and listen (DCP messages) in 2578 port.
  I need o know the contents of the TCP frame that carry (ISDN-TCP, the DCP messages) to put a SIP client to talk with PSTN/ISDN using the router. I want to write a software module in Asterisk that translate SIP in (ISDN-DCP) to connect the SIP Phones to the PSTN/ISDN using the BRI ports of the Cisco router. I need to now the contents of this message to dialogue with RCAPI server of the router.
  If forum is the right place perhaps to put this, Could you give me a better place, a mail or other forum to receive the speciation of (ISDN-DCP)
  thank you
  With kinds Regards
  João Pereira Rosa

• Port Forwarding for Cisco ASA 5505 VPN

  This is the Network
  Linksys E2500 ---> Cisco ASA 5505 ---> Server
  I beleive I need to forward some ports to the asa to use the IPsec VPN I just setup. I had the SSL VPN working but only needed to forward 443 for that....I assume that IPsec tunnel is a specific port.
  Thank You

  For IPSec VPN, you need to port forward UDP/500 and UDP/4500, and remember to enable NAT-T on the ASA.
  Command to enable NAT-T on ASA:
  crypto isakmp nat-traversal 30

• How to Port Forward on Cisco 1900 Router?

  We have a cisco 1900 router. I m new to cisco routers commands, recently started learning. I need to forward all requests coming from port 1723 from outside to inside server ip. I check "show running-config" and I see already forwarded ports and ip like below,
  ip nat pool onlyone xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask 255.255.255.252
  ip nat inside source list 1 pool onlyone overload
  ip nat inside source static tcp 192.168.0.xx 22 xxx.xxx.xxx.xxx 22 extendable
  ip nat inside source static tcp 192.168.0.xx 80 xxx.xxx.xxx.xxx 80 extendable
  ip nat inside source static tcp 192.168.0.xx 80 xxx.xxx.xxx.xxx 96 extendable
  ip nat inside source static tcp 192.168.0.xx 443 xxx.xxx.xxx.xxx 443 extendable
  ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx
  where xxx.xxx.xxx.xxx is public facing IP.
  so what is the command to add "ip nat inside source static tcp 192.168.1.xx 1723 <public-ip> 1723 extendable" to currnetly working settings?
  I am currently reading below but no luck so far...
  http://www.cisco.com/en/US/docs/routers/access/1900/software/configuration/guide/software_configuration.pdf
  I have found this
  http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094e77.shtml#topic7
  interface ethernet 0
  ip address 172.16.10.1 255.255.255.0
  ip nat inside
  !--- Defines Ethernet 0 with an IP address and as a NAT inside interface.
  interface serial 0
  ip address 200.200.200.5 255.255.255.252
  ip nat outside
  !--- Defines serial 0 with an IP address and as a NAT outside interface.
  ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80
  !--- Static NAT command that states any packet received in the inside
  !--- interface with a source IP address of 172.16.10.8:8080 is
  !--- translated to 172.16.10.8:80.
  How do I know if "interface ethernet 0" and "interface serial 0" will work for me?

  the router is already setup and working for 2 years. all i need to do  add a simple port forward from public ip to internal server. Following  make sense to accomplish what i m trying to do. Lets assume 1.2.3.4 is  my office public static ip and 192.168.0.10 is my internal server. All  requests will come from some Ip lets say 25.24.23.22:1723 to  1.2.3.4:1723 and router will forward this request to 192.168.0.10:1723.  This is all i m trying to accomplish. I m not setting up a new router.  Some rules are already there. Therefore below seem to be what i need. All I need is how to identify "interface ethernet 0" & "interface serial 0". I understand the inside and outside details. All i have to find is how to replace ethernet 0 and serial 0 with what i have in my router setup.
  interface ethernet 0
  ip address 172.16.10.1 255.255.255.0
  ip nat inside
  !--- Defines Ethernet 0 with an IP address and as a NAT inside interface.
  interface serial 0
  ip address 200.200.200.5 255.255.255.252
  ip nat outside
  !--- Defines serial 0 with an IP address and as a NAT outside interface.
  ip nat inside source static tcp 172.16.10.8 8080 172.16.10.8 80
  !--- Static NAT command that states any packet received in the inside
  !--- interface with a source IP address of 172.16.10.8:8080 is
  !--- translated to 172.16.10.8:80.

• Lost ability to connect through port forwarding after cisco guest software install

  Using Remote Admin 2.2 software to remote into work computer.
  E1000 I installed the cisco guest software on my pc and configured the guest about 2 months ago.
   Needed to get into office PC this past weekend and connection fails.
  Have a static IP address on router.  forward a single port to my office machine within the router.
  Get nothing but an error on connection.  Router is 2.1.02 build 6Jan 15, 2013.
  Log file shows nothing on the incoming log?  dynamic ip at home...
  Another office worker, on the same internal network,  has gotomypc running and port forwarding setup on router and he is still working fine, he can access his pc from home.  The only change I have made to router was the cisco connect for guest access.
  Is it possible this is stopping my remote admin?
  thanks kevin

  Hey kevboac! Make sure that the computer you're using to access the remote computer is connected to the main wireless network and not to the Guest network. Being connected to the Guest network will prevent you from doing File and Printer Sharing, and Remote Access. Hope this helps!

• Port Forwarding for Cisco camera WVC80N and AirPort Extreme

  I have set up my camera to the Apple AirPort Extreme on a Windows 8 computer, but now get an error saying, "The setup wizard cannot set up TZO DDNS with your network for remote viewing." After clicking on the Learn How to Remotely View my Camera, it suggests I need to get Port Fowarding for my router" And iot suggests my router password is incorrect which it is not. Any help for a BEGINNER would be appreciated. I cannot find the IP address for the camera or my computer either.
  Cisco support is NO help at all. ANY help would be appreciated. PLEASE MAKE IT SIMPLE. I can set it up on my MAC desktop also if that is better. Thanks so much

  gnsmith wrote:
  I have a D-Link DCS-920 I would like to view over the internet using my Airport Extreme.
  Welcome to Apple's discussion groups.
  According to the manual for that device (available here
  ftp://ftp.dlink.com/Multimedia/dcs920/Manual/dcs920manual100.zip
  you should set the port number that the camera uses to something other than port 80. You'd then use AirPort Utility (the "Advanced" panel, "Port Mapping" tab) to map that TCP port and the camera's "private IP address" to a public TCP port. (I'm not sure what to use for "Service". You might try "Personal Web Sharing". It may also not matter once you chance the port number.) You'll need to know the WAN ("public") IP address of your AirPort Extreme. With that done you should be able to view the camera at that WAN IP address and the declared public port.

• Port Forward Config Cisco 1841

  I am trying to have my domain (jjkkcc.org) get directed to my server from my Cisco 1841.  I have godaddy DNS configured to my static IP to my router, and I just want to make sure I have my router configured correctly so the WWW traffic is passed to my web server (192.168.1.250).
  Cisco1841#show run
  Building configuration...
  Current configuration : 1715 bytes
  version 12.4
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname Cisco1841
  boot-start-marker
  boot system usbflash0:c1841-advipservicesk9-mz.124-12.bin
  boot-end-marker
  no aaa new-model
  clock timezone PSD -8
  ip cef
  ip domain name jjkkcc.com
  ip name-server 68.105.28.16
  ip name-server 68.105.29.16
  ip name-server 8.8.8.8
  ip name-server 8.8.4.4
  ip name-server 192.168.1.250
  username woodjl1650 privilege 15 password 0 henry999
  interface FastEthernet0/0
  ip address 192.168.1.6 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  duplex auto
  speed auto
  interface FastEthernet0/1
  ip address 24.234.XXX.XXX 255.255.255.224
  ip nat outside
  ip virtual-reassembly
  duplex auto
  speed auto
  ip route 0.0.0.0 0.0.0.0 24.234.XXX.XXX
  no ip http server
  no ip http secure-server
  ip nat inside source list NAT interface FastEthernet0/1 overload
  ip nat inside source static tcp 192.168.1.250 80 interface FastEthernet0/1 80
  ip nat inside source static tcp 192.168.1.10 3074 interface FastEthernet0/0 3074
  ip nat inside source static udp 192.168.1.10 3074 interface FastEthernet0/0 3074
  ip access-list standard NAT
  permit 192.168.1.0 0.0.0.255
  ip access-list extended WEB
  permit tcp any any eq www
  snmp-server community public RW
  snmp-server trap link ietf
  snmp-server location Las Vegas, NV, USA
  snmp-server contact Jonathan Wood - Network Admin
  snmp-server chassis-id Cisco1841-Router
  snmp-server host 192.168.1.155 version 2c public
  control-plane
  line con 0
  line aux 0
  line vty 0 4
  login local
  transport input ssh
  scheduler allocate 20000 1000
  end

  These two lines look incorrect because of the interface:
  ip nat inside source static tcp 192.168.1.10 3074 interface FastEthernet0/0 3074
  ip nat inside source static udp 192.168.1.10 3074 interface FastEthernet0/0 3074
  F0/0 is your lan interface. Wouldn't you want those attached to fa0/1?
  HTH,
  John
  *** Please rate all useful posts ***

• Cisco ASA 5512, IP NVR port forwarding

  Hi,
  i have Cisco 5512 ASA with version 8.6(1)2. i have one IP NVR for ip cameras.
  please help me how to configure port forwarding in cisco asa in CLI?
  I have static IP on ASA 94.56.178. 222 and NVR IP 10.192.192.100
  thank you so much.

  ASA#
  Phase: 1
  Type: ROUTE-LOOKUP
  Subtype: input
  Result: ALLOW
  Config:
  Additional Information:
  in   94.56.178.222   255.255.255.255 identity
  Phase: 2
  Type: ACCESS-LIST
  Subtype:
  Result: DROP
  Config:
  Implicit Rule
  Additional Information:
   Forward Flow based lookup yields rule:
   in  id=0x7fffa2969000, priority=0, domain=permit, deny=true
          hits=11524, user_data=0x9, cs_id=0x0, use_real_addr, flags=0x1000, protocol=0
          src ip/id=0.0.0.0, mask=0.0.0.0, port=0
          dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, dscp=0x0
          input_ifc=OUTSIDE, output_ifc=any
  Result:
  input-interface: OUTSIDE
  input-status: up
  input-line-status: up
  output-interface: NP Identity Ifc
  output-status: up
  output-line-status: up
  Action: drop
  Drop-reason: (acl-drop) Flow is denied by configured rule
  please advise 

• RVS4000 Port Forwarding not working

  I am trying to forward ports through my RVS4000 however I have been unable to get it to work.
  I have enabled the firewall and set the ports mapping to the correct address and enabled them, however I can't reach any devices.
  All advice gratefully received :>)
  NM

  When troubleshooting Port forwarding on any device we use tools like Nmap on a outside machine looking in at your network, and http://www.canyouseeme.org/ to see if on the server or device you are using if the outside world can see the ports open. There is no known bug or issue with port forwarding on this device as long as you are on the latest firmware. If Nmap and canyouseeme is not showing the ports open you need to look at the internal workings of the network. I.E. does the same ports work on the inside of your network, second is what is between the RVS4000 and the Internet. Other routers or switches, Modem, and ISP. We have seen everyone of the previous devices block ports. When using Nmap or canyouseeme the ports should be open.
  Do you have a topology of your network and what ports you are trying to port forward?
  Cisco Small Business Support Center
  Randy Manthey
  CCNA, CCNA - Security

• Cisco 5520 ASA Port Forward to Endian Firewall VPN Question

  Hello,
  We have had a VPN operational on our Endian Firewall which uses OpenVPN server on port number 1194.  We recently purchased a Cisco 5520 ASA to put in front of our Endian Firewall and I am still hoping to use our current Endian Firewall VPN server.  So I am thinking the easiest way to make this happen is to port forward all vpn traffic through the ASA to our Endian Firewall to access the VPN.  Anyhow, I am just hoping someone with higher knowledge can let me know if this is the best course of action or if there is another easier or more efficient way of doing this?
  Thanks for your comments in advance I am new to cisco technology,
  Joe        

  Wrong forum, post in "Secuirity - Firewalling". You can move your posting with the Actions panel on the right.

• HELP!! Cisco RV180 Port Forwarding

  Someone please advise as to this is the first time I've tried to setup port forwarding using the Cisco RV180 Router. I have a Cisco RV180 Router, a Ruckus 7055 access point and a power distribution unit. I'd like to be able to access the router remotely and also the devices behind the router (the ruckus access point and the power distribution unit). I'm assuming that I'll need to assign the Cisco RV180 router a static IP address and I'm assuing that this static address should be assigned to the WAN port? I'd also like to configure port forwarding so that I can access the ruckus and the PDU remotely also. I've tried assigning a static IP address to the WAN port of the RV180 but I cannot ping this device remotely. Anyone have any advice on accessing the RV180 remotely? I've populated all of the correct fields for the WAN settings (ip, gateway, subnet, etc.) , and my static ip address is valid.Thank you in advance.

  Hello sirflex,
  As you have mentioned you need to configure a static nat for the devices which you have done when you configure a port forwarding.
  Have you configured access rules under firewall>access Rules. Add the access rules for the ping and the Http and Https services.
  Can you capture the packets at the WAN port while you are pinging the WAN port and the firmware version on the device.
  Which mode are you running the device gateway or router. You can check it under Netwroking>Routing>Routing Mode.
  Thanks,
  Prithvi
  Please mark answered and rate for helpful posts.

• Cisco Ironport S160 Port forwarding

  Hi,
  We've got a device within the network which needs to send data out to a website on port 5009. We've setup the following to allow the traffic
  - Identity with the interal IP as  member and bypass the proxy (the device can only be configured with the Proxy IP and port, no logins)
  - Added Port 5009 n HTTP Ports to Proxy
  - Added the destination IP n L4 Traffic allow list
  We are still not able to route the traffic.
  We then tried to get the traffic coming in the other way. We've asked the ISP to put in a port forwarding to forward traffic on Port 5019 to the device. This is also not working. We can get to the device on the internal Port without any issues. The question does the IronPort need to be configured to allow the traffic coming in? We dont have any other incoming port forwarded traffic.

  Hello,
  I will need a quick explanation on how your environment is laid out for your Web Content Appliance.
  1. Is your proxy transparent or explicitly proxied? Do you have multiple proxies that you are load balancing?
  2. If it is explicit, do you use a PAC file or is the proxy configured in the network configuration?
  3. If it is transparent, what do you use to redirect traffic? Is it wccp or L4 redirection? What kind of device are you using to redirect traffic? ASA, Catalyst, Nexus, something else?
  4. Is there any third party devices being used between the proxy and the clients or between the proxy and the outside world?
  5. What are your authentication requirements? How are you authenticating them (NTLMSSP, TUI, or Basic)?
  Thank you for answering these questions.
  Christian Rahl
  Customer Support Engineer
  Cisco Web Content Security Appliance
  Cisco Technical Assistance Center RTP

• RV016 Wired 16 Port Cisco Router Port Forwarding Functions

  Thank you for your time. I have created and attached a Word Document discussing the Cisco Model RV016 16 port wired Router port forwarding functions for your review. I would appreciate your time in reviewing it with your comments and suggestions.
  Thank you very much,
  Eddie LeFiles
  850-471-1271

  Thank you for your time. I have created and attached a Word Document discussing the Cisco Model RV016 16 port wired Router port forwarding functions for your review. I would appreciate your time in reviewing it with your comments and suggestions.
  Thank you very much,
  Eddie LeFiles
  850-471-1271

• Port Forwarding Cisco firewall

  Hi,
  In Cisco Firewall 2900 seires
  trying to use port forwarding
  but not communication please help me.
  Reg
  Manoj.

  : Saved
  : Written by enable_15 at 23:01:39.772 UTC Thu Jan 30 2014
  name 10.10.70.X.40 FinalPdf
  name 201.256.x.x Youfinalip
  interface Ethernet0/0
  nameif YOUB
  security-level 0
  ip address 201.256.x.x.254.82 255.255.255.248
  interface Ethernet0/2
  nameif inside
  security-level 100
  ip address 10.10.70.X.1 255.255.255.0
  interface Management0/0
  nameif management
  security-level 100
  ip address 192.168.1.1 255.255.255.0
  management-only
  ftp mode passive
  object-group protocol TCPUDP
  protocol-object udp
  protocol-object tcp
  object-group service ftp tcp
  port-object eq ftp
  port-object eq ftp-data
  port-object eq 14147
  object-group service any tcp-udp
  port-object range 1 65535
  object-group service DM_INLINE_TCP_1 tcp
  group-object ftp
  port-object eq ftp-data
  access-list EXEMPT extended permit ip 10.10.70.X.0 255.255.255.0 192.168.10.0 255.255.255.0
  access-list EXEMPT extended permit ip 10.10.70.X.0 255.255.255.0 10.70.0.0 255.255.0.0
  access-list EXEMPT extended permit ip 10.10.70.X.0 255.255.255.0 192.168.0.0 255.255.0.0
  access-list inside_access_in extended deny object-group TCPUDP any any eq domain
  access-list inside_access_in extended permit ip any any
  access-list YOUB_mpc extended permit ip any any
  access-list YOUB_access_in extended permit object-group TCPUDP any interface YOUB inactive
  access-list YOUB_access_in extended permit tcp any host Youfinalip object-group ftp
  pager lines 24
  logging enable
  logging emblem
  logging asdm-buffer-size 512
  logging buffered debugging
  logging trap debugging
  logging history debugging
  logging asdm debugging
  logging device-id hostname
  logging debug-trace
  logging ftp-bufferwrap
  logging ftp-server 10.10.70.X.251 firwall/ firwall firwall
  logging class auth trap emergencies asdm emergencies
  mtu YOUB 1500
  mtu SIFY 1500
  mtu inside 1500
  mtu WAN 1500
  mtu management 1500
  ip verify reverse-path interface YOUB
  ip verify reverse-path interface inside
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-645.bin
  asdm location Testpdf 255.255.255.255 inside
  asdm history enable
  arp timeout 14400
  global (YOUB) 1 interface
  global (SIFY) 1 interface
  nat (inside) 0 access-list EXEMPT
  nat (inside) 1 10.10.70.X.0 255.255.255.0 dns
  static (inside,YOUB) tcp Youfinalip ftp Testpdf ftp netmask 255.255.255.255
  access-group YOUB_access_in in interface YOUB
  access-group inside_access_in in interface inside
  route YOUB 0.0.0.0 0.0.0.0 201.256.x.x.254.81 1 track 1
  route inside 0.0.0.0 0.0.0.0 10.10.70.X.1 10
  route WAN 10.60.0.0 255.255.255.0 10.70.100.38 1
  route WAN 192.168.8.0 255.255.255.0 10.70.100.38 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa authentication http console LOCAL
  aaa authentication ssh console LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 management
  http 0.0.0.0 0.0.0.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  sla monitor 100
  type echo protocol ipIcmpEcho 4.2.2.2 interface YOUB
  num-packets 3
  frequency 10
  sla monitor schedule 100 life forever start-time now
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  track 1 rtr 100 reachability
  telnet timeout 5
  ssh scopy enable
  ssh 10.10.70.X.0 255.255.255.0 inside
  ssh timeout 5
  console timeout 0
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  username cisco password 3USUcOPFUiMCO4Jk encrypted
  class-map YOUB-class
  match access-list YOUB_mpc
  class-map inspection_default
  match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
  parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
  description ftp
  class inspection_default
    inspect dns preset_dns_map
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect netbios
    inspect tftp
    inspect ip-options
    inspect ftp
  class class-default
    ips inline fail-open
  policy-map YOUB-policy
  class YOUB-class
    ips inline fail-open sensor vs0
  service-policy global_policy global
  service-policy YOUB-policy interface YOUB
  smtp-server 10.10.70.X.18
  prompt hostname context
  no call-home reporting anonymous
  call-home
  profile CiscoTAC-1
    no active
    destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
    destination address email [email protected]
    destination transport-method http
    subscribe-to-alert-group diagnostic
    subscribe-to-alert-group environment
    subscribe-to-alert-group inventory periodic monthly
    subscribe-to-alert-group configuration periodic monthly
    subscribe-to-alert-group telemetry periodic daily
  Cryptochecksum:aace81256bc60bc50469f80cb0c4641a
  : end