Port Forwarding hh3
i realy need to get some ports forwarded through my hh3 ive come from a hh2 with wireless dropping and internet dropouts to a hh3 that dosnt seem to port forward
help please
Hi,
Sorry I cannot help you, but I thought I would support you by saying me and my friend (me on HH3 and him on HH2) both have the same problem. It used to do it fine, but recently, not sure how recent, but recently, it simply will not open.
I think it is a firmware problem, so maybe some mods can clarify what is casing this issue or direct us to a list of things that completely prevent ports being forwarded. I have tried a full Power Cycle, full Factory Reset even, losing all my other open ports.
Help or clarification would be great about now!
Thanks, Stefano
Similar Messages
-
HH3 Type B port forwarding not working.
Hi there.
I have searched absolutely everywhere for a solution to my problem before posting here. Basically port forwarding isn't working at all on my HH3 Type B router.
I've read all about the problems people have had with the Type A's but as far as I see nobody seems to have a problem with the Type B in regards to port forwarding or loopback.
I've set up port fowarding on many different routers with many different ISP's so I don't think it's something I'm doing, or rather, not doing but you never know.
These are the steps I take when setting up port forwarding:
Firstly setting up my static IP (obviously only needed to be done once) which I've chosen one outside of the routers DHCP range as I've always done in the past. Then I open the router screen, go to Settings / Advanced Settings / Port Forwarding / Supported Applications and click "Add new game or application".
I then enter a name, change "Copy existing game or application" to "No", and then change the "Protocol" to UDP or TCP as needed (also have tried using "Any" too with no luck). Next add a "Port Range" for example 12345 - 12345 then add "Translate To" 12345 - 12345 (port ranges obtained from portforward.com per application) then click "Add" and repeat for additional ports as needed.
Once that is all done, click "Apply" then go to Port Forwarding / Configuration or go to Home Network, select the applicable device and choose the newly added application from the "Port Forwarding" drop down list (and choose applicable device if doing it from Port Forwarding / Configuration). Click "Add" once application is selected.
Add additional applications where needed then finally click "Apply" to store the forwarded ports.
Close router page and port forwarding should be fully setup and working.
That's basically how I would do it anyway, but I also checked on portforward.com and it says pretty much the same and on these forums as well as a few other sites and I see nothing different but port forwarding still isn't working.
In my router "Event Log" it does show "The Port Forwarding entry of [xxx.xxx.x.xx] has been added or modified.".
My Firmware version is V100R001C01B036SP03_L_B. Last updated 19/05/13.
I have no firewall on my pc and the one enabled on the router is set to default but have also tried disabling it. Have tried enabling DMZ as suggested in various places with no luck and have tried changing UPnP settings again with no luck.
So if anybody has any suggestions I am all ears because this is bugging me so much as there are a few applications and games that require port forwarding and are pretty useless without it really.
Thank you.If you follow the instructions on this page, it should work. Please see note about CG-NAT.
Port forwarding problems
There are some useful help pages here, for BT Broadband customers only, on my personal website.
BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones. -
HH3 port forwarding for Squeezebox Controller
Hi,
I followed the instructions from slimdevices about setting up the 3 specific TCP and UDP ports for port forwarding, and not using the DMZ. I got my external IP address from "whatsmyip", and I couldn't connect my Squeezebox Controller through the HH3 to the Squeezebox server running on my NAS. The help desk in India fowarded all TCP and UDP ports, activated the DMZ and switched the firewall off! Somewhat dangerous I felt. It still didn't work, so I've re-enabled the firewall, and switched off the DMZ.
Is there an simple test to check whether the HH3 is doing as requested? I've tried pinging the external IP address from my office/work PC and a neighbour's PC but there's no response.
Any suggestions gratefully received.
TIA
Graham Doddsgdodds wrote:
Some more information - I've just realised that the HH3 (and maybe the whole of BTBroadBand?) uses dynamic IP addresses. I have to put the IP address of the remote library (the HH3 and NAS in this case) into the Controller, so if this changes while I'm away from base, I won't know what IP address to set for the library, and if I use a dynamic DNS, I can't enter the text into the Controller! What am I supposed to do?
If you have a PC that would be on while you are away from home you can used no-ip.com and run a small bit of software that updates them so that you just have a standard URL all the time. -
I have a Home Hub 3, Software version 4.7.5.1.83.8.45 (Type A).
I'm trying to get remote access to a CCTV camera. Will port forwarding ever work?there is an update to the HH3a firmware being rolled out at this time this link explains more http://community.bt.com/t5/BT-Infinity/Hub-3A-Upgrade-Info-Rollout-starting-7-November/td-p/689584
If you want to say thanks for a helpful answer,please click on the Ratings star on the left-hand side If the reply answers your question then please mark as ’Mark as Accepted Solution’ -
Home Hub 3 absolutely refuses to port forward!
I'm not new to networking and know all that must be done to forward a port on a router, but the HH3 constantly tells me that any port I try to forward for any device on my network is in conflict with another device/port range/etc even though it will never let you set up a device/range to be forwarded in the first place for there to be any conflict with.
How can I get around this? Looking around it seems version A of the HH3 has this problem and I seem to have this version A.
How do I go about getting a new/working one sent?People have been sucessful by using very short device names, and static IP adresses. Then mapping the application to the IP address of the device, and not its name.
Solutions are posted all over this forum, but a good place to start would be.
http://community.bt.com/t5/BB-Speed-Connection-Issues/Home-Hub-3-Port-Forwarding-NOT/td-p/154757
and
Port forwarding and Loopback DO work!
There are some useful help pages here, for BT Broadband customers only, on my personal website.
BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones. -
Home Hub 3 Port forwarding for Netgear Stora
Hi,
I have had a Negear Stora on my home network with a HH3 for about 6 months. Up untill about 10 days ago, all was good, however now when i try to access it remotely via the mystora.com web portal, i am getting the following error messages
Stora is Online,
but cannot be accessed remotely.
Your Stora is not currently accessible. This may be for several reasons:
• Your ISP is not allowing Internet traffic to your Stora
• A firewall is blocking internet access to your Stora
• Port forwarding is not correctly configured on your router, or UPnP is disabled
I have enabled UPnP and have turned of the firewall off, but still no joy.
Is anybody else having this issue? Can somebody please guide me threw the port forwarding as i dont want to braak anything else.
Thanks in advance
WThere is a guide to port forwarding on this page.
Port forwarding problems
If you need more specific help, then please ask me.
There are some useful help pages here, for BT Broadband customers only, on my personal website.
BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones. -
Home Hub 3 Port Forwarding Issue - Question to BT
Question to BT
Hello i have recently joined BT Infinity and have hit the issue of the Port Forwarding not working. My HH3 is on the following version of software. Will this version automatically upgrade to the latest version of firmware and will this fix my port forwarding issue?
As i work in IT (Cisco Network Eng) i need to be able to access several devices/services at home and this is a real pain for me. If you think that this could drag on as some posts have indicated could you please let me know and i will either get a draytek or throw in a cisco 1841.
Thank you
Dean.
Current firmware:
V100R001C01B031SP09_L_B
Last updated:
Unknownrequiem wrote:
Question to BT
Hello i have recently joined BT Infinity and have hit the issue of the Port Forwarding not working. My HH3 is on the following version of software. Will this version automatically upgrade to the latest version of firmware and will this fix my port forwarding issue?.........
Thank you
Dean.
Current firmware:
V100R001C01B031SP09_L_B
Last updated:
Unknown
Hi Dean
By the look of it you've got the type B version of the HH3 with current firmware.
From http://bt.custhelp.com/app/answers/detail/a_id/13073
The latest versions of the firmware are:
BT Home Hub 3 – Software version 4.7.5.1.83.8.57.1.3 (Type A) or V100R001C01B031SP09_L_B
Please Click On any Text in Blue as that automatically links to information.
PC (NDEGR) -
Port Forwarding Rule Added Via UPnP
14:24:13, 27 May.
(2110048.260000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->57902, internal ports: 57902, internal client: 192.168.1.65
14:23:34, 27 May.
(2110008.940000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->57902, internal ports: 57902, internal client: 192.168.1.65
14:22:53, 27 May.
(2109967.800000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->57902, internal ports: 57902, internal client: 192.168.1.65
14:22:10, 27 May.
(2109925.160000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->57902, internal ports: 57902, internal client: 192.168.1.65
14:21:37, 27 May.
(2109892.130000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->57902, internal ports: 57902, internal client: 192.168.1.65
14:21:06, 27 May.
(2109861.170000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->57902, internal ports: 57902, internal client: 192.168.1.65
14:20:26, 27 May.
(2109820.740000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->57902, internal ports: 57902, internal client: 192.168.1.65
Hi guys, would anyone be able to tell me what the above messages in my HH3's log mean? My connection has been fine but I would like to know why this is happening every few seconds.
At first I thought it was because of a certain program I was using but it happens even when this program isn't running so I just don't know!! Any help is appreciated.
EDIT: So I'm guessing it's something to do with having UPnP turned on. The reason I'm asking is because I've seen other people's logs and they aren't filled with this message.Thanks, TommyBobbins.
I will turn off UPnP and see what happens.
I checked the logs again my computer has a lease of 192.168.1.64 - this IP address is also showing the same error in the logs. I suspect the other IP address, ending in 65 is my Dad's computer. He uses Windows and I use Mac.
I'll keep you posted.
EDIT: Just turned off UPnP and that was OK. I checked a program called uTorrent and it says the incoming TCP port (54488) is working.....I find this strange as I have portforwarding turned off... :s
Any ideas?
EDIT AGAIN:
Just wanted to add this in:
18:54:38, 27 May.
(2126273.250000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->52503, internal ports: 52503, internal client: 192.168.1.65
18:53:53, 27 May.
(2126228.130000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->52503, internal ports: 52503, internal client: 192.168.1.65
18:53:20, 27 May.
(2126194.690000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->52503, internal ports: 52503, internal client: 192.168.1.65
20:34:34, 27 May.
(2132268.320000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->54488, internal ports: 54488, internal client: 192.168.1.64
20:34:31, 27 May.
(2132266.240000) Port forwarding rule deleted via UPnP. protocol: UDP, external ports: any->54488, internal ports: 54488, internal client: 192.168.1.64
20:34:29, 27 May.
(2132264.190000) Port forwarding rule added via UPnP. protocol: TCP, external ports: any->54488, internal ports: 54488, internal client: 192.168.1.64
20:34:27, 27 May.
(2132262.050000) Port forwarding rule deleted via UPnP. protocol: TCP, external ports: any->54488, internal ports: 54488, internal client: 192.168.1.64
As you can see it happens on different ports and UDP and TCP ports....
Hasn't happened in the 20mins or so I've had UPnP turned off. Still, I am curious as to what causes this. -
BT Infinity, Home Hub 3, CCTV, Port Forwarding
Hi,
I have a HH3 on Infinity and have set up my CCTV DVR on port forwarding as per the online guide (by adding a new game/application):
http://bt.custhelp.com/app/answers/detail/a_id/32211
Initially everything works fine when accessing the CCTV via the external unique URL provided by Samsung. But after say a week or so I'm unable to access the CCTV from outside the network. When logging into it on the local IP address it works fine so I know it's not an internal setup issue. But I can't seem to figure out why it would start working fine externally, then suddenly stop?
Would the HH3's device limit have an impact on this?
Any advice would be much appreciated.
ThanksYou need to give the CCTV DVR, a static IP address, as DHCP does not always work properly for very long.
These pages may help, as they deal with one popular system, you should be able to adapt it for your system.
You nedd some form of DDNS service, as your public IP address will change.
Apollo Zeus CCTV - Port forwarding, plus iPad and PC instructions.
A general guide is on this page.
Port forwarding problems
There are some useful help pages here, for BT Broadband customers only, on my personal website.
BT Broadband customers - help with broadband, WiFi, networking, e-mail and phones. -
Odd port forwarding messages ?
I'm getting lots and lots of these in my HH3 log - any ideas
11:46:04, 28 Oct.
(707643.010000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->53759, internal ports: 53759, internal client: 192.168.1.103
11:46:02, 28 Oct.
(707641.000000) Port forwarding rule added via UPnP. protocol: UDP, external ports: any->53759, internal ports: 53759, internal client: 192.168.1.103
11:45:39, 28 Oct.
Host 38:e7:d8:06:83:23 connected to SSID 'BTHub3-CWC8' at 54 MbpsHi whoosh,
I used to also get lots of these, mainly from only one laptop. You could check which one by checking the device list to see which one is on 192.168.1.103. You could turn off UPnP, I did - No more events will be logged, without any issues.
-+-No longer a forum member-+- -
Home Hub 5 (type A) Port Forwarding
Does any one know if port forwarding can be set up for ports 8080 & 8081 on the HH5 (type A). Each time I try all I get is this message,
Conflict, The game or application you've selected conflicts with an an application () you've already assigned to anoter device. Please remove the othe applicaion or select the same device.
Port forwarding worked for these ports on HH3 (type B).
Have read the notes BT give for port forwarding, do not seem to work for HH5 (type A), what should I try to do, go back to using modem & HH3 (type B) or request BT to change HH5 (type A) for a type Bthis link may offer further help http://forumhelp.dyndns.info/networking/portforward.html
If you want to say thanks for a helpful answer,please click on the Ratings star on the left-hand side If the reply answers your question then please mark as ’Mark as Accepted Solution’ -
Port Forwarding for RDP 3389 is not working
Hi,
I am having trouble getting rdp (port 3389) to forward to my server (10.20.30.20). I have made sure it is not an issue with the servers firewall, its just the cisco. I highlighted in red to what i thought I need in my config to get this to work. I have removed the last 2 octets of the public IP info for security .Here is the configuration below:
TAMSATR1#show run
Building configuration...
Current configuration : 11082 bytes
version 15.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
hostname TAMSATR1
boot-start-marker
boot system flash:/c880data-universalk9-mz.152-1.T.bin
boot-end-marker
logging count
logging buffered 16384
enable secret
aaa new-model
aaa authentication login default local
aaa authentication login ipsec-vpn local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization console
aaa authorization exec default local
aaa authorization network groupauthor local
aaa session-id common
memory-size iomem 10
clock timezone CST -6 0
clock summer-time CDT recurring
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-1879941380
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1879941380
revocation-check none
rsakeypair TP-self-signed-1879941380
crypto pki certificate chain TP-self-signed-1879941380
certificate self-signed 01
3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383739 39343133 3830301E 170D3131 30393136 31393035
32305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38373939
34313338 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BD7E 754A0A89 33AFD729 7035E8E1 C29A6806 04A31923 5AE2D53E 9181F76C
ED17D130 FC9B5767 6FD1F58B 87B3A96D FA74E919 8A87376A FF38A712 BD88DB31
88042B9C CCA8F3A6 39DC2448 CD749FC7 08805AF6 D3CDFFCB 1FE8B9A5 5466B2A4
E5DFA69E 636B83E4 3A2C02F9 D806A277 E6379EB8 76186B69 EA94D657 70E25B03
542D0203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603
ip dhcp excluded-address 10.20.30.1 10.20.30.99
ip dhcp excluded-address 10.20.30.201 10.20.30.254
ip dhcp excluded-address 10.20.30.250
ip dhcp pool tamDHCPpool
import all
network 10.20.30.0 255.255.255.0
default-router 10.20.30.1
domain-name domain.com
dns-server 10.20.30.20 8.8.8.8
ip domain name domain.com
ip name-server 10.20.30.20
ip cef
no ipv6 cef
license udi pid CISCO881W-GN-A-K9 sn
crypto vpn anyconnect flash:/webvpn/anyconnect-dart-win-2.5.3054-k9.pkg sequence 1
ip tftp source-interface Vlan1
class-map type inspect match-all CCP_SSLVPN
match access-group name CCP_IP
policy-map type inspect ccp-sslvpn-pol
class type inspect CCP_SSLVPN
pass
zone security sslvpn-zone
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
crypto isakmp policy 20
encr aes 192
authentication pre-share
group 2
crypto isakmp key password
crypto isakmp client configuration group ipsec-ra
key password
dns 10.20.30.20
domain tamgmt.com
pool sat-ipsec-vpn-pool
netmask 255.255.255.0
crypto ipsec transform-set ipsec-ra esp-aes esp-sha-hmac
crypto ipsec transform-set TSET esp-aes esp-sha-hmac
crypto ipsec profile VTI
set security-association replay window-size 512
set transform-set TSET
crypto dynamic-map dynmap 10
set transform-set ipsec-ra
reverse-route
crypto map clientmap client authentication list ipsec-vpn
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
interface Loopback0
ip address 10.20.250.1 255.255.255.252
ip nat inside
ip virtual-reassembly in
interface Tunnel0
description To AUS
ip address 192.168.10.1 255.255.255.252
load-interval 30
tunnel source
tunnel mode ipsec ipv4
tunnel destination
tunnel protection ipsec profile VTI
interface FastEthernet0
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface FastEthernet4
ip address 1.2.3.4
ip access-group INTERNET_IN in
ip access-group INTERNET_OUT out
ip nat outside
ip virtual-reassembly in
no ip route-cache cef
ip route-cache policy
ip policy route-map IPSEC-RA-ROUTE-MAP
duplex auto
speed auto
crypto map clientmap
interface Virtual-Template1
ip unnumbered Vlan1
zone-member security sslvpn-zone
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
arp timeout 0
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
no ip address
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.20.30.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
ip local pool sat-ipsec-vpn-pool 10.20.30.209 10.20.30.239
ip default-gateway 71.41.20.129
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source list ACL-POLICY-NAT interface FastEthernet4 overload
ip nat inside source static tcp 10.20.30.20 3389 interface FastEthernet4 3389
ip nat inside source static 10.20.30.20 (public ip)
ip route 0.0.0.0 0.0.0.0 public ip
ip route 10.20.40.0 255.255.255.0 192.168.10.2 name AUS_LAN
ip access-list extended ACL-POLICY-NAT
deny ip 10.0.0.0 0.255.255.255 10.20.30.208 0.0.0.15
deny ip 172.16.0.0 0.15.255.255 10.20.30.208 0.0.0.15
deny ip 192.168.0.0 0.0.255.255 10.20.30.208 0.0.0.15
permit ip 10.20.30.0 0.0.0.255 any
permit ip 10.20.31.208 0.0.0.15 any
ip access-list extended CCP_IP
remark CCP_ACL Category=128
permit ip any any
ip access-list extended INTERNET_IN
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any unreachable
permit icmp any any time-exceeded
permit esp host 24.153. host 66.196
permit udp host 24.153 host 71.41.eq isakmp
permit tcp host 70.123. host 71.41 eq 22
permit tcp host 72.177. host 71.41 eq 22
permit tcp host 70.123. host 71.41. eq 22
permit tcp any host 71..134 eq 443
permit tcp host 70.123. host 71.41 eq 443
permit tcp host 72.177. host 71.41. eq 443
permit udp host 198.82. host 71.41 eq ntp
permit udp any host 71.41. eq isakmp
permit udp any host 71.41eq non500-isakmp
permit tcp host 192.223. host 71.41. eq 4022
permit tcp host 155.199. host 71.41 eq 4022
permit tcp host 155.199. host 71.41. eq 4022
permit udp host 192.223. host 71.41. eq 4022
permit udp host 155.199. host 71.41. eq 4022
permit udp host 155.199. host 71.41. eq 4022
permit tcp any host 10.20.30.20 eq 3389
evaluate INTERNET_REFLECTED
deny ip any any
ip access-list extended INTERNET_OUT
permit ip any any reflect INTERNET_REFLECTED timeout 300
ip access-list extended IPSEC-RA-ROUTE-MAP
deny ip 10.20.30.208 0.0.0.15 10.0.0.0 0.255.255.255
deny ip 10.20.30.224 0.0.0.15 10.0.0.0 0.255.255.255
deny ip 10.20.30.208 0.0.0.15 172.16.0.0 0.15.255.255
deny ip 10.20.30.224 0.0.0.15 172.16.0.0 0.15.255.255
deny ip 10.20.30.208 0.0.0.15 192.168.0.0 0.0.255.255
deny ip 10.20.30.224 0.0.0.15 192.168.0.0 0.0.255.255
permit ip 10.20.30.208 0.0.0.15 any
deny ip any any
access-list 23 permit 70.123.
access-list 23 permit 10.20.30.0 0.0.0.255
access-list 24 permit 72.177.
no cdp run
route-map IPSEC-RA-ROUTE-MAP permit 10
match ip address IPSEC-RA-ROUTE-MAP
set ip next-hop 10.20.250.2
banner motd ^C
UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED.
You must have explicit permission to access or configure this device. All activities performed on this device are logged and violations of this policy may result in disciplinary and/or legal action.
^C
line con 0
logging synchronous
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0
access-class 23 in
privilege level 15
logging synchronous
transport input telnet ssh
line vty 1 4
access-class 23 in
exec-timeout 5 0
privilege level 15
logging synchronous
transport input telnet ssh
scheduler max-task-time 5000
ntp server 198.82.1.201
webvpn gateway gateway_1
ip address 71.41. port 443
http-redirect port 80
ssl encryption rc4-md5
ssl trustpoint TP-self-signed-1879941380
inservice
webvpn context TAM-SSL-VPN
title "title"
logo file titleist_logo.jpg
secondary-color white
title-color #CCCC66
text-color black
login-message "RESTRICTED ACCESS"
policy group policy_1
functions svc-enabled
svc address-pool "sat-ipsec-vpn-pool"
svc default-domain "domain.com"
svc keep-client-installed
svc split dns "domain.com"
svc split include 10.0.0.0 255.0.0.0
svc split include 192.168.0.0 255.255.0.0
svc split include 172.16.0.0 255.240.0.0
svc dns-server primary 10.20.30.20
svc dns-server secondary 66.196.216.10
default-group-policy policy_1
aaa authentication list ciscocp_vpn_xauth_ml_1
gateway gateway_1
ssl authenticate verify all
inservice
endHi,
I didnt see anything marked with red in the above? (Atleast when I was reading)
I have not really had to deal with Routers at all since we all access control and NAT with firewalls.
But to me it seems you have allowed the traffic to the actual IP address of the internal server rather than the public IP NAT IP address which in this case seems to be configured to use your FastEthernet4 interfaces public IP address.
There also seems to be a Static NAT configured for the same internal host so I am wondering why the Static PAT (Port Forward) is used?
- Jouni -
ASA 5505 how to create a port forwarding rule
ASA 5505 IOS ver 9.2.3
I need to create a firewall rule that will allow internal services to be accessed externally, but using port forwarding. For example I'd like to enable access to our NAS via ftp external on port 1545 and then have the ASA forward the request to the NAS internally on port 21.
I tried these commands but they didn't work:
object network NAS
host 192.168.2.8
nat (inside,outside) static interface service tcp 21 1545
access-list NASFTP-in permit tcp any object NAS eq 1545
conf t
int vlan 2
access-group NASFTP-in permit tcp any object NAS eq 1545
I really appreciate the help everyone.try this, it worked for me, here is an example of adding a webserver with a ip of 10.10.50.60 and naming it with a object named www-server and forwarding port 80 , the way it works is you need to do three things, u need to "nat it" "foward it" and allow it in "acl"
object network obj-10.10.50.60-1
host 10.10.50.60
nat (inside,outside) static interface service tcp 80 80
object network INSIDE
nat (inside,outside) dynamic interface
object network WWW-SERVER
nat (inside,outside) static interface service tcp 80 80
access-list Outside_access_in extended permit tcp any object WWW-SERVER eq 80
access-group Outside_access_in in interface Outside -
Cisco 5520 ASA Port Forward to Endian Firewall VPN Question
Hello,
We have had a VPN operational on our Endian Firewall which uses OpenVPN server on port number 1194. We recently purchased a Cisco 5520 ASA to put in front of our Endian Firewall and I am still hoping to use our current Endian Firewall VPN server. So I am thinking the easiest way to make this happen is to port forward all vpn traffic through the ASA to our Endian Firewall to access the VPN. Anyhow, I am just hoping someone with higher knowledge can let me know if this is the best course of action or if there is another easier or more efficient way of doing this?
Thanks for your comments in advance I am new to cisco technology,
JoeWrong forum, post in "Secuirity - Firewalling". You can move your posting with the Actions panel on the right.
-
Hello,
i have a problem with a single port forward with 9.2 ASA (5505). Here is the related config.:
access-list outside_access_in extended permit icmp any any
access-list outside_access_in extended permit tcp any host 10.168.50.5 eq www log
access-list DMZ_in extended permit ip any any
nat (DMZ,outside) source dynamic obj_any interface
nat (DMZ,outside) source static any any destination static VPN_Pool VPN_Pool no-proxy-arp route-lookup
nat (outside,DMZ) source dynamic any interface destination static Public_Server Public_Server service HTTP HTTP
object network Public_Server
nat (DMZ,outside) static interface service tcp www www
access-group outside_access_in in interface outside
access-group DMZ_access_in in interface DMZ
When i try to access the server, the console said ACL drops. The packet tracer said that it dropped in the implicit deny rule. Can you help me what can be the problem?
Thank You!Yes, of course, i can ping, and also from VPN. And also the web service works from VPN, local. Tha packet-tracer said the same, the implicit deny catch it.:
packet-tracer input outside tcp 8.8.8.8 http OUTIFIP http det
Phase: 1
Type: ACCESS-LIST
Subtype:
Result: ALLOW
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0xad2a1718, priority=1, domain=permit, deny=false
hits=89868, user_data=0x0, cs_id=0x0, l3_type=0x8
src mac=0000.0000.0000, mask=0000.0000.0000
dst mac=0000.0000.0000, mask=0100.0000.0000
input_ifc=outside, output_ifc=any
Phase: 2
Type: ROUTE-LOOKUP
Subtype: Resolve Egress Interface
Result: ALLOW
Config:
Additional Information:
in OUTIFIP 255.255.255.255 identity
Phase: 3
Type: NAT
Subtype: per-session
Result: ALLOW
Config:
Additional Information:
Forward Flow based lookup yields rule:
in id=0xad071248, priority=1, domain=nat-per-session, deny=true
hits=1199, user_data=0x0, cs_id=0x0, reverse, use_real_addr, flags=0x0, protocol=6
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=any, output_ifc=any
Phase: 4
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Forward Flow based lookup yields rule:
in id=0xad2a23b8, priority=0, domain=permit, deny=true
hits=883, user_data=0x9, cs_id=0x0, use_real_addr, flags=0x1000, protocol=0
src ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0
dst ip/id=0.0.0.0, mask=0.0.0.0, port=0, tag=0, dscp=0x0
input_ifc=outside, output_ifc=any
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: NP Identity Ifc
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule
Maybe you are looking for
-
Adobe ELEMENTS 9 deaktivieren, nicht löschen
Ich habe 2 Macs und auf denen vorgenanntes Adobe aufgespielt und den Schlüssel eingeben. Rufe ich mein Laptop auf, auf das ich als zweites den Schlüssel eingegeben habe, dann erhalte ich den Hinweis, das ich iaf dem anderen Computer die Software dea
-
Hello All, I have a scenario where I need to change the data from USD to LC? I have this script below to do it. But there are few values in LC but not in USD that I need to zero out before the copy. I tried Clear_destination but it does not seem to w
-
Hi, executing the following query SELECT b.tablespace_name, a.*, TRUNC (a.segment_size / tbs_size * 100, 2) segment_perc_used, b.tbs_freespace, TRUNC (b.tbs_freespace / c.tbs_size * 100, 2) freespace_perc, c.tbs_size FROM (SELECT SUM (BYTES) / 1024 /
-
S_ALR_87011990 dynamic selection
Hello to you all, Does anyone familiar with a note regard adding new fields and having certain fields active as a default in Tcode S_ALR_87011990 asset history sheet? Thanks, Yoav
-
Hi All, My requirement is that when I reconcile a target system, I get around 2k accounts, "UNMATCHED" and "UNKNOWN" in the Account Index. We have users in the IDM. The problem is that we need to link the two accounts (Case of manual correlation). Bu