Problem to open ports in Cisco RV016

Hello everyone,
I have a Cisco RV016 router, with some ports configured in "Setup --> UPnP". Currently I have problems to configure new ports. I can create the service in "Service Management", but when I add this service to the list, I press "Save" and the router close the session. I need to re-login the router, and it don't save the changes.
However, if I add a service that was already exists before having this problems, the router save the changes (But the router close the session too).
The router has the last version of firmware since the first run.
Anyone has the same problem? Or how to solve it?
Thanks and regards

Hello,
Yes, I tried with different computers and different browsers (Firefox and Internet Explorer). I contact with Cisco Support and their solution is reset the router to factory settings, and configure manually all the options. Is possible that the configuration files are corrupted.
I can't reset it now, when I do I will tell you the result.
Regards

Similar Messages

Problem with opening/port forwarding some ports but not others

I read the Faq and the first few pages of the forums but couldnt find anything.
I am using the Port Forwarding (WRT54G, Firmware 4.20.7) to my network camera to try to open up ports 80, 554, 5556 and 5558.
Using the network toolbox at Blackcode.com I then check the ports to see if they are open.
Port 554 seems to be open. Port 80, 5556 and 5558 do not appear to be open.
I am using the correct external IP address (I can toggle port 554 open and closed and test that). Toggling Blocking Anon Internet Requests Of/Off makes no difference to the result.
I have checked with my ISP and they dont claim to block those ports.
Any thoughts on what this could be? Is there a way to test if its my ISP? If it is my ISP, is there a workaround?
Thanks for any help.

Are you sure the camera does listen on those port at the time you did this tests? Are those ports open inside your LAN, too?
5556 and 5558 look like RTP ports which may only be active after the channels have been established through RTSP.
Forwarding of port 80 is known to be an issue on various routers as the router allocates port 80 for the web interface. Sometimes it helps to change the remote management port on the router from 80 to 8080 or something else. You may even have to enable remote management to get this active.
If this does not work you have to reconfigure port 80 on your server to a different port if possible.
Message Edited by gv on 08-21-2007 12:28 AM

Hi guys, I am having problems with open ports in OSX tiger

Hi, I have a home network and my computers have suspicious ports open, I dont know what they are , or if I have to close them or not.
Here is a local nmap scan
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2006-09-16 11:43 CLT
Interesting ports on 192.168.0.100:
Not shown: 1678 closed ports
PORT STATE SERVICE
22/tcp open ssh --> I enabled SSH for remote login into this one.
5000/tcp open UPnP ( what is this ?! )
Interesting ports on 192.168.0.101:
Not shown: 1678 closed ports
PORT STATE SERVICE
427/tcp open svrloc ( what is this ?! )
548/tcp open afpovertcp ( have to disable file sharing here)
MAC Address: 00:05::3A (Apple Computer)
Interesting ports on 192.168.0.102:
Not shown: 1676 closed ports
PORT STATE SERVICE
427/tcp open svrloc( what is this ?! )
548/tcp open afpovertcp (have to disable filesharing... TOO)
3689/tcp open rendezvous( what is this ?! )
5000/tcp open UPnP( what is this ?! )
MAC Address: 00:C8:E8:6A (Apple Computer)
Interesting ports on 192.168.0.103:
Not shown: 1677 closed ports
PORT STATE SERVICE
515/tcp open printer
631/tcp open ipp ( what is this ?! )
5000/tcp open UPnP ( what is this ?! )
MAC Address: 00:16:CB:B7:DB (Apple Computer)
I would really appreciate any kind of help
Thanks!

Here's a list of "Well Known" TCP and UDP Ports Used By Apple Software Products...
http://docs.info.apple.com/article.html?artnum=106439
427 is SLP for Network Browser.
631 is Mac OS X Printer Sharing.
3689 is iTunes Sharing.
5000 is something to do with Windows...
http://www.grc.com/port_5000.htm
Might I suggest HenWen for watching/controlling your Ports/Activity?...
http://www.apple.com/downloads/macosx/networking_security/henwen.html

How do I identify the ports to open on my cisco router from Rogers to allow access through my apple tv - I am not using wireless!

I only have spotty access at best through m Apple TV to itunes, netflix and utube. I am Rogers subscriber (feel my pain) and am now using their CISCO DCP3825 router. Apple TV purchased this past Christmas. I am not using wireless. No issues prior to replacing my old router and Rogers modem to go to DCP3825.
Apple TV is up to date - updated by connecting to my Macbook Pro.
Rogers tech support was of no help - suggested I open some ports - where do I go for the list(s)?
Any help would be much approeciated.

did this search for you
https://www.google.dk/search?client=opera&q=control+open+ports+on+cisco+router&s ourceid=opera&ie=utf-8&oe=utf-8&channel=suggest#client=opera&hs=N7P&channel=sugg est&sclient=psy-ab&q=+open+ports+on+cisco+router&oq=+open+ports+on+cisco+router& gs_l=serp.3..0i7l3.16726.16726.0.16996.1.1.0.0.0.0.49.49.1.1.0...0.0...1c.1.9.ps y-ab.olPaFzjSlmE&pbx=1&bav=on.2,or.r_cp.r_qf.&bvm=bv.45175338,d.bGE&fp=43d9a4347 e8aaeda&biw=1535&bih=773
this may be of intrest
http://www.tek-tips.com/viewthread.cfm?qid=1163449

Open ports problem ASA5505

Hi everyone.
I'm trying to open ports on a specific host but I can't make it work.
I tried to make it clear as possible,
Thanks for helping.
There is my config:
Result of the command: "show run"
: Saved
ASA Version 9.1(3)
hostname ciscoasa
enable password *** encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd *** encrypted
names
interface Ethernet0/0
switchport access vlan 2
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
interface Vlan1
nameif inside
security-level 100
ip address 1.1.1.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address MY-FIREWALL-IP 255.255.255.240
boot system disk0:/asa913-k8.bin
ftp mode passive
object network obj_any
subnet 0.0.0.0 0.0.0.0
object network LAN-SITE-B
subnet 1.1.2.0 255.255.255.0
object network LAN-SITE-A
subnet 1.1.1.0 255.255.255.0
object network Firewall-SITE-B
host VPN-SITE-B-IP
object network SERVER01
host 1.1.1.2 (MY SERVER THAT I WANT TO ACCESS FROM OUTSIDE)
object-group service ALL-IP tcp-udp
description ALL-IP
port-object range 1 65535 (FOR TESTING PURPOSE, I'M TRYING TO OPEN ALL PORTS ON THIS HOST)
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list outside_cryptomap extended permit ip object LAN-SITE-A object LAN-SITE-B
access-list outside_access_in extended permit object-group TCPUDP any host MY-HOST-PUBLIC-IP (DIFFERENT FROM THE OUTSIDE INTERFACE) object-group ALL-IP
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (inside,outside) source static LAN-SITE-A LAN-SITE-B destination static LAN-SITE-B LAN-SITE-A no-proxy-arp route-lookup
object network obj_any
nat (inside,outside) dynamic interface
object network SERVER01
nat (inside,outside) static MY-HOST-PUBLIC-IP (DIFFERENT FROM THE OUTSIDE INTERFACE)
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 MY-GATEWAY 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
no user-identity enable
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 1.1.1.0 255.255.255.0 inside
http 0.0.0.0 0.0.0.0 outside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec ikev1 transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec ikev1 transform-set ESP-DES-SHA esp-des esp-sha-hmac
crypto ipsec ikev1 transform-set ESP-DES-MD5 esp-des esp-md5-hmac
crypto ipsec ikev2 ipsec-proposal DES
protocol esp encryption des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal 3DES
protocol esp encryption 3des
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES
protocol esp encryption aes
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES192
protocol esp encryption aes-192
protocol esp integrity sha-1 md5
crypto ipsec ikev2 ipsec-proposal AES256
protocol esp encryption aes-256
protocol esp integrity sha-1 md5
crypto ipsec security-association pmtu-aging infinite
crypto map outside_map 1 match address outside_cryptomap
crypto map outside_map 1 set pfs
crypto map outside_map 1 set peer SITE-B
crypto map outside_map 1 set ikev1 transform-set ESP-AES-128-SHA ESP-AES-128-MD5 ESP-AES-192-SHA ESP-AES-192-MD5 ESP-AES-256-SHA ESP-AES-256-MD5 ESP-3DES-SHA ESP-3DES-MD5 ESP-DES-SHA ESP-DES-MD5
crypto map outside_map 1 set ikev2 ipsec-proposal AES256 AES192 AES 3DES DES
crypto map outside_map interface outside
crypto ca trustpool policy
crypto ikev2 policy 1
encryption aes-256
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 10
encryption aes-192
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 20
encryption aes
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 30
encryption 3des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 policy 40
encryption des
integrity sha
group 5 2
prf sha
lifetime seconds 86400
crypto ikev2 enable outside
crypto ikev1 enable outside
crypto ikev1 policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh timeout 5
ssh key-exchange group dh-group1-sha1
console timeout 0
dhcpd auto_config outside
dhcpd address 1.1.1.100-1.1.1.125 inside
dhcpd dns 24.200.241.37 24.201.245.77 interface inside
dhcpd enable inside
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
group-policy GroupPolicy_SITE-B internal
group-policy GroupPolicy_SITE-B attributes
vpn-tunnel-protocol ikev1 ikev2
username MY-USER password *** encrypted privilege 15
tunnel-group SITE-B type ipsec-l2l
tunnel-group SITE-B general-attributes
default-group-policy GroupPolicy_SITE-B
tunnel-group SITE-B ipsec-attributes
ikev1 pre-shared-key *****
ikev2 remote-authentication pre-shared-key *****
ikev2 local-authentication pre-shared-key *****
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:f5d698f2b08e98028f2d487a42c7187e
: end

Hi Jouni,
Thanks for helping again,
Looks like i'm getting the same problem.
ciscoasa# show run access-list
access-list outside_cryptomap extended permit ip object LAN-SITE-A object LAN-SITE-B
access-list OUTSIDE-IN extended permit ip any object SERVER01
ciscoasa#
ciscoasa# show run access-group
access-group OUTSIDE-IN in interface outside
ciscoasa#
ciscoasa# packet-tracer input outside tcp 1.1.1.1 12345 MY-SERVER01-PUBLIC-IP 12345
Phase: 1
Type: UN-NAT
Subtype: static
Result: ALLOW
Config:
object network SERVER01
nat (inside,outside) static MY-SERVER01-PUBLIC-IP
Additional Information:
NAT divert to egress interface inside
Untranslate MY-SERVER01-PUBLIC-IP/12345 to 1.1.1.2/12345
Phase: 2
Type: ACCESS-LIST
Subtype:
Result: DROP
Config:
Implicit Rule
Additional Information:
Result:
input-interface: outside
input-status: up
input-line-status: up
output-interface: inside
output-status: up
output-line-status: up
Action: drop
Drop-reason: (acl-drop) Flow is denied by configured rule

Can't update iOS 8 on my iPhone5 through iTunes on Windows 8 (error 3004, 3194). Updated host file, opened port 80, 443; turned off security system and firewall, etc. But nothing works. How to solve this problem?

Can't update iOS 8 on my iPhone5 through iTunes on Windows 8 (error 3004, 3194). Updated host file, opened port 80, 443; turned off security system and firewall, etc. But nothing works. How to solve this problem?

Hi the_mad_movies,
It seems like this article will be the best option for addressing this issue:
Error 3194, Error 17, or "This device isn't eligible for the requested build"
http://support.apple.com/kb/ts4451
Thanks for coming to the Apple Support Communities!
Cheers,
Braden

Problem opening port 5900

Hello,
I have been unable to open port 5900 on a WRT54 or on my current WRT150N router despite spending over 2 hours with tech support. If anyone thinks they can help me please reply.
current config:
distributes fixed IP, 69.2.240.211, traffic to an internal network, 192.168.1.xxx
port 22 open and forwarded
port 80 open and forwarded
port 5900 - nothing
Let me know if you need further details.
Thanks - denis

Logically if you are able to open ports 22 and 80 your router should also be able to open 5900...If not you can just upgrade the Firmware on the router and retry...

Help open port on ASA5510 (version 8.3)

Hi all,
I configured ASA to open port 21, 3389, 5900 (outside access in) but when i check port just success : 21 and 3389, Error: 5900
If i configured with only one port 5900 or 3389, is't ok, i don't undesrtand what 's the problem?
ASA5510>
ASA5510> ena
Password: ***********************
ASA5510# show run
: Saved
ASA Version 8.3(1)
hostname ASA5510
domain-name lohoi.local
enable password *********************** encrypted
passwd *********************** encrypted
names
interface Ethernet0/0
description Connect_to_Modem
nameif outside
security-level 0
ip address 10.0.0.2 255.255.255.0
interface Ethernet0/1
description Connect_to_Router2911
nameif inside
security-level 100
ip address 172.16.17.2 255.255.255.240
interface Ethernet0/2
shutdown
no na
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
description Management
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
ftp mode passive
clock timezone ICT 7
dns server-group DefaultDNS
domain-name lohoi.local
object network obj-any
subnet 0.0.0.0 0.0.0.0
object network ftpserver
host 192.168.88.90
description FTP server
object network Remote_Desktop
host 192.168.100.29
object network VNC
host 192.168.100.4
access-list 101 extended permit icmp any any
access-list 101 extended permit icmp any any echo-reply
access-list 101 extended permit tcp any any
access-list outside_access_in extended permit tcp any object ftpserver eq ftp
access-list outside_in extended permit tcp any host 192.168.100.29
access-list outside_in extended permit tcp any host 192.168.100.4
pager lines 24
mtu outside 1500
mtu inside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst
asdm image disk0:/asdm-631.bin
asdm history enable
arp timeout 14400
object network obj-any
nat (inside,outside) dynamic interface
object network ftpserver
nat (inside,outside) static interface service tcp ftp ftp
object network Remote_Desktop
nat (inside,outside) static interface service tcp 3389 3389
object network VNC
nat (inside,outside) static interface service tcp 5900 5900
access-group outside_in in interface outside
route outside 0.0.0.0 0.0.0.0 10.0.0.1 1
route inside 192.168.88.64 255.255.255.224 1
route inside 192.168.100.0 255.255.255.0 172.16.17.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http authentication-certificate inside
http authentication-certificate management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 192.168.100.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username admin password *********************** encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DD
CEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:667cb3ec729681c78ccab9a57abd89df
: end
ASA5510#

ASA5510# show run
: Saved
ASA Version 8.3(1)
hostname ASA5510
domain-name lohoi.local
enable password ****************** encrypted
passwd ****************** encrypted
names
interface Ethernet0/0
description Connect_to_Modem
nameif outside
security-level 0
ip address 10.0.0.2 255.255.255.0
interface Ethernet0/1
description Connect_to_Router2911
nameif inside
security-level 100
ip address 172.16.17.2 255.255.255.240
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
description Management
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
ftp mode passive
clock timezone ICT 7
dns server-group DefaultDNS
domain-name lohoi.local
object network obj-any
subnet 0.0.0.0 0.0.0.0
object network ftpserver
host 192.168.88.90
description FTP server
object network remote_desktop
host 192.168.100.2
object network remote_vnc
host 192.168.100.4
access-list 101 extended permit icmp any any
access-list 101 extended permit icmp any any echo-reply
access-list 101 extended permit tcp any any
access-list outside_access_in extended permit tcp any object ftpserver eq ftp
access-list outside_access_in extended permit tcp any host 192.168.100.4 eq 5900
access-list outside_access_in extended permit tcp any host 192.168.100.2 eq 3389
pager lines 24
mtu outside 1500
mtu inside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asd
asdm history enable
arp timeout 14400
object network obj-any
nat (inside,outside) dynamic interface
object network ftpserver
nat (inside,outside) static interface service tcp ftp ftp
object network remote_desktop
nat (inside,outside) static interface service tcp 3389 3389
object network remote_vnc
nat (inside,outside) static interface service tcp 5900 5900
access-group outside_access_in in interface outside
route outside 0.0.0.0 0.0.0.0 10.0.0.1 1
route inside 192.168.88.64 255.255.255.224 172.16.17.1 1
route inside 192.168.100.0 255.255.255.0 172.16.17.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
http server enable
http 192.168.1.0 255.255.255.0 management
http authentication-certificate inside
http authentication-certificate management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh 192.168.100.0 255.255.255.0 inside
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
username admin password ****************** encrypted privilege 15
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DD
CEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:4f061a213185354518601f754e41494c
: end
ASA5510#
So i configured again, but i'm not to access to 5900 port

Open port 916/udp not closeable

A nmap scan from the Internet (WAN) against a Cisco RV120W shows an open port 916/udp. This port remains open even if one writes an explicit access rule for the firewall.
A quick googling shows that this port is probably used to access the firmware of the router from the outside as well as it has been involved in security problems some years ago. See http://osvdb.org/show/osvdb/34520
How can this port be closed?
Michael

Dear Michael,
Thank you for reaching the Small Business Support Community.
I would first suggest you to upgrade to the latest firmware release version 1.0.4.10;
http://software.cisco.com/download/release.html?mdfid=282981372&softwareid=282487380&release=1.0.4.10
If nmap still shows the port opened, I then suggest you to disable the remote management to determine if this is the root of the problem, then contact the Small Business Support Center to have a TAC engineer figure this out;
https://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
Please do not hesitate to reach me back if there is anything I may assist you with.
Kind regards,
Jeffrey Rodriguez S. .:|:.:|:.
Cisco Customer Support Engineer
*Please rate the Post so other will know when an answer has been found.

Cisco RV016 und EWE vDSL

Hallo an alle
wir stehen kurz vor einen wechsel zu EWE Tel, damit wir endlich einen vDSL 35000 leitung bekommen. Nun haben wir einen Fritzbox zugesand bekommen und ich frage mich gerade wie ich das nun mit meine RV016 kommunizieren lassen kann.
Im Moment ist der RV016 mit 2 WAN ports an 2 DSL Modems eingerichtet (Telekom DSL 3000). Ich möchte keine Fritzbox nutzen für mein Firmennetzwerk sondern nach wie vor meine Cisco. Aber ich finde so wenig material darüber wie ich z.b. noch ein WAN Port freischalte und wie ich dieser zu konfigurieren habe damit der mit dieser Fritzbox (die zwingend gebraucht wird laut EWETel).
Es muss doch irgendwie eine einstellung geben das die vDSL leitung über die Fritzbox an mein Cisco ankommt und ich dieser WAN Port dann benutze so wie ich jetzt beide andere Wan ports benutze?
Wenn mir jemanden einen Tipp geben kann wo ich das in irgendwelche Forums finden kann wäre ich sehr dankbar. Wenn es jemanden gibt der das schon hinbekommen hat noch viel mehr.
Greetz
Sosy
ps. das supportforum hier ist mal wieder eine katastrophe, nix ist mit German language auswählen usw. Typisch für solche anbieter.

Hallo Herr Licheva,
es ist mir schon klar, daß ich im WAN immer eintscheiden muss, ob ich über einen vorgeschalteten Router direkt ins Internet will oder PPTP-Verbindung machen möchte. Ich komme aber ins Internet mit der Fritzbox (192.168.1.x) und ich verbinde jetzt den WAN-Port des CISCO-Routers mit einem freien LAN-Port der Fritz-Box. Nun soll der CISCO-Router eine VPN-Verbindung zu dem Portunity-Dienst aufbauen. Über diesen Tunnel bekomme ich dann eine feste IP-Adresse, die ich für den Zugang an einen NAS-Server nutzen möchte.
Das Problem besteht nun darin, daß der CISCO-Router nicht weiß, daß sein Standard-Gateway und sein DNS-Server auf der Fritz-Box liegen. Gibt es überhaupt keine Möglichkeit, dem Cisco-Router zu sagen, wenn er die PPTP-Verbindung aufbauen möchte, möge er die 192.168.1.1 als Gateway und als DNS-Server nutzen ?

Can't forward ports with Cisco EPC3925 and Airport Express and Extreme!

Hello,
I have very big problem, I've been trying for whole day to forward ports for steam and I just can't I tried everything, I have Cisco EPC3925 ( Its main thing I think its router - right ? ) Then I have connected Airport Express to it with ethernet cable ( It's working as DHCP and NAT I have double nat issue in my airport program I don't know what is this ) also Airport Express is set to create a Wi-Fi network, then I have connected Airport Extreme with Wi-fi and set to exceed wi-fi network and can't change anything in it , can't open ports etc. etc. MY COMPUTER is connected to Airport Extreme ( 2nd device ) with cable ! So Im not connecting my computer to internet with wi-fi
Also I've been looking in Airport Express ( the 1st device ) and I saw that there I can open ports , but I opened them and nothing happend ... ports are still closed... Also I've set my computer ip to static , tried everything . And portforward.com site isn't helpfull . Also I tried to set Airport Express ( 1st device ) in bridge mode and nothing happend ( after I set it to bridge mode I can't open ports in airport program )
Please is there anyone that can Help me with this ????
Also I want to say that somehow I dont know how, but I managed to open ports in the past
I need to open all necessary ports because If I can't open them - I can't make a server and people can't join . I really really need help I've spent whole today's saturday to get it to work and this won't work !

Tesserax wrote:
I have Cisco EPC3925 ( Its main thing I think its router - right ? )
Yes, the Cisco EPC3925 is a combination modem and wireless router or gateway device. This is the device that you would need to configure for port forwarding/mapping.
Then I have connected Airport Express to it with ethernet cable ( It's working as DHCP and NAT I have double nat issue in my airport program I don't know what is this )
A "Double NAT" condition is when you have two or more routers in series where they all have NAT enabled. NAT is a service that is intended to allow you to share one Public IP address with multiple Private network clients. This is what allows you to have more than one computer on your local network have the ability to share an Internet access.
Since you have your AirPort Express connected to the Cisco by Ethernet AND the Express is configured to have NAT enabled is why you are getting a Double NAT warning.
Normally you would want all downstream routers to be reconfigured as bridges (NAT & DHCP disabled).
also Airport Express is set to create a Wi-Fi network, then I have connected Airport Extreme with Wi-fi and set to exceed wi-fi network and can't change anything in it , can't open ports etc. etc.
You will need to reconfigure the Express as a bridge. The fact that you have configured the Extreme to extend its wireless range is fine.
Also I've been looking in Airport Express ( the 1st device ) and I saw that there I can open ports , but I opened them and nothing happend ... ports are still closed
You do not want to open ports on the Express. Again, if you reconfigure it as a bridge you won't need to as all of its ports will be opened.
Ok I understand what u said, so I set my airport Express 1st device in bridge mode - if I do that I can surf internet without problems etc. Then when I set it to bridge mode my computer gets adress 192.168.1.X ( My computer gets 13 and I've set it to be static ) so my computer is 192.168.1.13 then -> I open ports for example 2700-27015 ( for steam ) in my router cisco website witch is 192.168.1.1 and in ip adress label I put my computer adress 192.168.1.13 after I do this I reset the router and turn it back on after all this everything should work fine and my ports should be open right?? Well..I've tried it.. after this I can surf internet without problems of course but my ports are still closed ... Im checking them on http://www.canyouseeme.org/ and it says they are closed I've tried with pultiple ports such as 80 .. and it just won't work I don't know why..
Also someone told me to use DMZ on and in ip adress put WAN ip of my airport express ( if its NOT set in bridge mode ) and open ports for my airport ( also I tried to open for my computer too ) - It doesn't work
Please friend tell me you can help me ..
Message was edited by: bolo822

RV215W inbound rules with control ip - cannot open port 25

I have the exact same router, exact same firmware and the this exact same problem. I cannot open port 25 and specify a range of IP addresses. This is simply not working. What do we have to do to get this to work correctly? When I port forward the SMTP service it allows all IP's and works fine. When i try to use an Access Rule, it does not work. Can someone from CISCO help please? Thanks,

It's not just single port forwarding that has bugs, the entire router has bugs and simply does not work as advertised. I have found the following bugs/aspects of this router that just does not work correctly: 1. If you have to open ports, and who doesn’t, this router will eventually stop accepting packets from WAN>LAN. You will still have Internet access but no open ports. A reboot will fix this problem. Oh, by the way, this router has no scheduled reboot option! ••ßThat would be a workaround but a welcome one for this router. 2. Firewall Access rules do not work!! Yep, a Cisco router and basic functionality simply does not work. I called Cisco and even though the tech saw the router not working denied it was a bug! Said we have to do port mirroring, setup a workstation with WireShark and capture packets so we can debug the issues! I told him I would have appreciated if Cisco would have debugged the issues with their router BEFOR they shipped the units. Stay away from Cisco Small Business Routers. I wish I had. And if there are any Cisco die-hards out there willing to prove me wrong, just reply to this and please, prove me wrong that the RV series and specifically the RV215W is not JUNK.

Firewall in 10.5, how to open ports and how to manage?

I am pulling my hair out with the new firewall in 10.5. In 10.4 I could just set ports as I liked in the control panel, in 10.5 there is no such thing.
I need to for example open port 49999 to allow PageSender to function in my network.
I need to open port 5901 to work with JollyFast VNC, as port 5900 is used by Apple Remote Desktop and the conflict if they both use the same port.
Some of these ports I need permanent open like 59999 and others for one session and than close again, like 5901. Again in 10.4 I made the rule in the pref pane, ticked the box and Bob was your uncle. Now?
I would like to be able to see what ports are open and active on the machine. I have no idea as to where I could see this.
And at the same time I would like to keep the firewall as closed as possible as I am often on line in hotels etc.
So I need help, is there a manual somewhere someone is aware of? Or do you have any answers?

The new Application Firewall does not work in the same way as IPFW (the main firewall in 10.4).
Instead of managing ports, it simply controls the access of applications to any port. Thus, if you want PageSender to receive connections, you simply need to switch the firewall to "Set access for specific services and applications", and then add PageSender to the list, with "Allow incoming connections". When you do this, PageSender will be able to receive connections on any port that it needs to.
If you don't like this method of controlling connections, you can still use IPFW. Apple has removed the GUI, but you can download a GUI application like [NoobProof|http://www.hanynet.com/noobproof> or [WaterRoof|http://www.hanynet.com/waterroof/index.html], and you can then set access for specific ports.
There are no problems with using both IPFW and Application Firewall.
Cheers,
Rodney

Anyone with GrooveAgent or Kontakt3... without problems w opening projects?

Does anyone work with groove agent? (similar issues occur with kontakt3)
There's one day I can't open a project that contains one or more groove agent instances, or it takes long long time to open (15-20min)!! I'm desperate, because I can't find the solution. I can't find a pattern to know when this happens. In activity monitor/logic pro/files and open ports I can see as last open file the following:
/Library/Audio/Plug-Ins/Components/Groove Agent 3.component/Contents/Resources/Groove Agent 3.rsrc
... and nothing else for a long while or till infinite.
((What I'm doing at the moment is to disable core audio, load the project, save it with different name, purge it (this is to delete everything except groove agent track), switch on core audio, cross my fingers, wait, wait, wait more (till plugin is loaded correctly), and bounce that track and import it then in the original project. So now I have two projects, one for GA and another one for the rest!))
This behavior NEVER happen in young projects. Are my projects corrupting with time? I reorganize memory usually and don't think so. What can I do?
I've tried by reinstalling groove agent, checking folders/files permissions, watching the console, everything! but nothing to do. Any idea or help will be fantastic!

mmh, as additional advice, when creating new project and grooveAgent loads fine, the next open files after grooveagent.rsrc are:
/System/Library/Frameworks/QuickTime.framework/Versions/A/Resources/QuickTime.rsrc
/System/Library/Frameworks/QuickTime.framework/Versions/A/Resources/English.lpro j/Localized.rsrc
Do I have to think my problem is something related to quicktime??

Changing the TCP port on async ports in Cisco router

Hello,
My goal is to replace old terminal servers from a factory environment.
These terminal servers act as a aggregation point of terminal equipment (printers and factory automation).
Software used in this factory writes to these devices using ip-address of the terminal server and TCP-port starting at 10001, where the last number is a port number.
The problem is that in Cisco equipment, I can not find a way to change the tcp port to this 1000x. The only option would be to change the softwares TCP-port to Cisco default 200x, but this is not the solution I am looking for. This is because the switchover should be done when the machines are running, and the time window is to short to make changes in the factory software.
Is there a way to change the logical TCP-port for Cisco routers asyncronous lines (HWIC-16A) to 10001-16?
Marko Tuhkunen

So i figured out that i can use the archive tar /create command:
To copy the entire flash towards TFTP:
archive tar /create tftp://X.X.X.X/flash.tar flash:
Now i will have to insert the new flash and probably format it first towards the correct file systems. Then i will have to use the next archive command:
archive tar /xtract "Here i am unsure of the syntax, i want to be copying and extracting the tar I backed up from the old flash"
After these steps are complete can i just reboot the router with the new flash card, won't there be any issues, since the startup config is on the NVRAM it will load the config properly, and i haven't seen any boot parameters but they shouldn't pose any issues since i'm not changing the flash slot.
Thanks for your assistance

Problem to open ports in Cisco RV016

Similar Messages

Maybe you are looking for