RVS4000 not Port forwarding

Similar Messages

• Rvs4000 ip port forwarding

  Hi,
  i have a little problem with the configuration of my rvs 4000 router;
  1 - I have purchased 8 static ip address with my adsl contract, from 213.136.137.234 to 213.136.137.241
  2 - wan settings of my rvs4000 are like below:
  Connection Type:
  Static IP
  Interface:
  Up
  IP Address:
  213.136.137.234
  Subnet Mask:
  255.255.255.248
  Default Gateway:
  213.136.137.233
  DNS1:
  62.94.0.41
  DNS2:
  62.94.0.42
  3 - now my problem; i have already configured several port fowarding using "single port forwarding" function of my router but with this metho i can only forward internet request arriving to 213.136.137.234. How can i do port forwarding for my other ip addresses?
  Thank you

  With this router, you will not be able to port forward to those public ip addresses.  This router does not support that function.  What you would need is one of our rv series routers, like the rv042, rv082, or the rv016.  With these devices you can do what is called one to one nat  and reference a public address to a private address behind the firewall.  The rvs4000 router does not have that function.

• Can not port forward on WRT54GS v6 "You cannot use the router IP"

  Hello, I'm trying to open a port number, but when I try to use my router's IP, the following message appears
   "You cannot use the router IP, network, or broadband address"
  [IMG]http://i45.tinypic.com/107qond.jpg[/IMG]
  My ADSL was working as a NAT behind a NAT connection, so I had to change my Local IP Address to 192.168.2.1.
  Router: WRT54GS v6 firmware 1.52.8 (latest)  -  Bellsouth router: Westell 6100
  Microsoft Windows [Version 6.1.7600]
  Ethernet adapter Local Area Connection:
     Connection-specific DNS Suffix  . : launchmodem.com
     Link-local IPv6 Address . . . . . : fe80::40a9:a76e:61b3:6435%11
     IPv4 Address. . . . . . . . . . . : 192.168.2.100
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 192.168.2.1
  So, please help me, how can I open ports on my router? =[
  PS: I tried to use 192.168.2.100, and even though it lets me use it, it still seems not to open that port... my IP is dynamic.

  Generally: NAT behind NAT is a bad idea. There is usually no need for double NAT. Either configure the ADSL router as bridge and use the WRT for your internet connection or set up the WRT as simple access point behind the ADSL router.
  It's also unclear to me what is working or not. First I thought you can't set up forwarding at all because you get that error message. Then, in your PS you write you tried to use 192.168.2.100 and that seemed to be possible. The IP address to forward to must be the IP address of the computer to which you want to forward. Thus 192.168.2.100 is exactly the IP address you have to set up. Does this work or not?
  Also remember: with double NAT you must set up two forwardings: first on the ADSL router then on the WRT. Port forwarding is necessary to allow incoming traffic through NAT. All incoming traffic arrives on the ADSL router. Thus setting up port forwarding on the WRT only won't do a thing.
  It's also not recommend to use dynamic IPs for forwarding destinations. Dynamic IP addresses may change over time and that requires you to adjust forwardings accordingly. It's better to reserve fixed IP addresses (if your WRT supports this) or set a static IP address on the computer outside the DHCP address pool.

• WRT400n Not Port Forwarding Even With Correct Settings

  As the title of this post says I have the port forwarding settings correctly set for FTP (and other ports) but no luck. I'm not dumb, I know computers and routers. Even after hard reset, firmware upgrade and setup, still not working. Confirming with third party port scanner that ports not open even though they are setup, enabled and DMZ a few tries. Not firewall issue, worked fine with my previous tomato router setup. I should have never upgraded. Any suggestions other than buying a new router AGAIN?

  I would suggest you to upgrade/reflash the router's firmware and re-configure the router.
  You can download the firmware from linksys website.On the router setup page,Click on the Administration tab to upgrade the firmware.After upgrading the firmware...Press and hold the reset button for 30 seconds...Release the reset button...Unplug the power cable from your router, wait for 30 seconds and re-connect the power cable...Now re-configure your router...

• Time Capsule Does Not Port Forward FTP Ports

  Hey there,
  I recently purchased a Time Capsule, and I found out that while it fixes the NAT-PMP bug found in my previous AirPort Extreme Base Station (Gigabit-N), it introduces a new problem which makes it refuse to forward port 21 properly.
  It seems to me that the Time Capsule has some sort of FTP server built in, and is either enabled but closes connection on client connection, or disabled but still listens for client connection.
  This message is what I get when I connect to my IP via FTP from the WAN side (FTP port forwarded to a local machine with an IP 10.0.0.8):
  421 Service not available, remote server has closed connection.
  When it is accessed from the LAN of course, I can connect to 10.0.0.8 with no problem. However, what is interesting is if I connect to the Time Capsule via FTP I get this as well:
  421 Service not available, remote server has closed connection.
  Thus, I am 100% certain that the FTP message I see when I connect from WAN is from the Time Capsule instead of the machine I port forwarded to.
  Apple needs to fix this annoying problem and at the same time fixes some VPN issues I'm having with my Nortel VPN client (4.68). It was all working when I had the AirPort Extreme Base Station.

  I am having a problem establishing an FTP session that is started with my FTP Client (CuteFTP) on my local network and attempting to connect to an FTP Server with one of my hosting providers. My first few attempts used FTPS (Secure FTP) as that is what I typically use when transferring FTP packets over the net. Well, this didn't work so I thought maybe the Time Capsule had a problem inspecting the encrypted packets so I switched to standard clear-text FTP just to see if the Time Capsule handles FTP session management functions correctly. This didn't work either. I'm using PASV FTP and have never had a problem before with my CISCO Router or with another consumer-based NAT router. I don't believe that the Server on the Internet gets the initial request on port 21 as I believe the Time Capsule is not allowing the packet to pass and my FTP Client spits back an error message : "Couldn't access FTP service " "Connection Failed". I have also used "Terminal" and initiated the ftp utility and attempted to connect to the same server and receive the following error message : "421 Service not available, remote server has closed connection.". I have attempted to put my computer in the DMZ by using the Default Host feature on the Time Capsule but that resulted in the same errors. I believe that I have tried most of the settings available on the Time Capsule to attempt to get this to work but no luck yet. If the packet is getting through to the server and the response back on the current ephemeral port is not getting through the Time Capsule I'm really hoping the solution is not having to port map all ephemeral ports as this is in the tens of thousands. Has anyone successfully established an FTP Session (Secure or Not) from your local client through the Time Capsule to a Server on the Internet. If so, could you help by providing any Time Capsule settings that were required for this to function properly....Thanks in Advance.
  Note: I have attempted to ftp to several different public ftp servers on the Internet and get the same error results. I have no problems ftping to local serverson my local network.

• WRT54GC - Orb app not port forwarding

  When trying to configure an app for port forwarding sometimes it will time out. In the App and Gaming section I will specify the app name, the start and end port number and finally enable it. When I click save settings it will just wait and wait and eventually time out. I got the same results w/ both IE7 and Firefox.
  Right now I'm trying to configure Orb by using the following specs
  orb1 80-80 enabled
  orb2 554-554 enabled
  orb3 13398-13401 enabled
  When I click Save Settings the browser will just wait and eventually time out. I finally got it to work by applying the settings one at a time. But when I got to the 3rd setting (orb3 13398-13401 enabled) the browser times out. No matter how many times I try won't apply.
  What am I doing wrong?

  Can you just leave the port 80 and put in the others? see if it accepts that...and you can try to upgrade your routers firmware...some firmwares previously had problems i think....
  "You tried your best and you failed miserably! "

• RV180W not port forwarding

  Hi I have an RV 180W. Problem is that I'd like to forward a range of ports but cannot seem to achieve this. One minute the router is forwarding and the next the port is closed. Some of these are custom ports while others like ftp behave in the same way. Any ideas?          

  Wrong forum, post in "small business routers". You can move your post using the actions panel on the right.

• RVS4000 Router - Port forwarding problems

  I added an alternate RDP port number for a machine. Port 8080, reboothed the server. I set port forewarding of the public side 8080 to the private side 8080 to 192.168.1.100. It works one day the next stops. When I try to RDP from work to my foreward IP it fails. But if I try from within the firewall LAN it works, and THEN it starts to work from my RDP session at work. Weird. anyone encounter the same thing? I just bought this router 2 days ago.
  I did notice in the "Basic settings" area that port 8080 is used for "Remote Management" but neither the option "Enable" nor the option "Disable is selected.
  Should I disable it?

  OK, this morning I was able to get in and all ports worked.
  Pardon my ignorance but how do I save the logs to a text file? Remember, I have never used this router before.
  "If the router is denying connections we should be able to see that with those two logs."
  Funny you mention that. I had 5 IP's in my log, traced them back all 5 to china. So last night I blocked the entire inetnum range with the "IP Based ACL".
  IPS reports the following...
  Attacker
  No
  IP                 Address
  Frequency
  1
    221.195.73.68
    14
  2
    125.65.112.161
    8
  3
    210.83.80.190
    6
  4
    218.24.197.194
    4
  5
    218.6.15.138
    3
  Attacked Category
  No
  Category
  Frequency
  1
  DoS / DDoS
  46
  2
  Buffer Overflow
  1
  3
  Access Control
  0
  4
  Scan
  0
  5
  Trojan Horse
  0
  6
  Other
  0
  7
  P2P
  0
  8
  IM
  0
  9
  Virus Worm
  0
  10
  Web Attacks
  0

• Xbox 360/one problem and port forwarding

  For a couple months now (since I got my AirPort Extreme) I have not been able to connect to a certain friend on xbox. I can connect to anybody else however. The only way we can (kind of) connect is if somebody else is host and we both connect to him.
  My NAT type is Moderate. When I try to test my connection on my xbox it says that I can connect but I am limited in matchmaking (this is joining games and using voice chat, which is the problem named above for my particular friend). The xbox shows the error and suggests that I enable UPnP or open the port 3074.
  The problem is that I have already have! I gave my xbox a static IP and forwarded the port 3074 to that IP.
  (I have also tried forwarding all the ports that xbox live uses to the xbox. These being:
  Port 88 (UDP)
  Port 3074 (UDP and TCP)
  Port 53 (UDP and TCP)
  Port 80 (TCP)
  as found on the xbox website...  https://support.xbox.com/en-US/xbox-360/networking/network-ports-used-xbox-live
  I made sure to put them in the right text boxes for UDP and TCP so that is not the problem either.)
  I know that the AirPort Extreme does not support UPnP but does have a similar thing called NAT Port Mapping Protocol which was already enabled. (I tried all possibilities of enabling/disabling NAT...Protocol and port forwarding/not port forwarding.)  ---  This is not the solution as I see it
  In short: My xbox tells me to open port 3074. I already have. It still tells me to open it and still won't work.
  I posted this on the apple discussion page (instead of the xbox discussion page) because I know that it's not an xbox problem. When I had my old linksys router it worked perfectly.

  I have this exact same question and problem.  I know this doesn't help, but would appreciate any updated information if you find an answer.  I'll keep working on this also and let you know if I find an anwer.

• Port Forwarding Twice?

  (Also posted in Airport discussions)
  I have previously used port forwarding via an AEn to access my Mac Pro while away. I have now installed a Mac mini Server and continue to use the Mac Pro as a client. Port forwarding now directs all incoming requests to the server for e-mail, file sharing, and web services, which I wish to continue. However, I'd also like to continue to access the other box, where I have telephony software installed requiring access to a phone jack (and the Mac mini is in a closet...). Is there a way to to access both the Mac mini Server and the Mac Pro? Thanks.
  C.

  Hi Charles
  Here's how I do it.
  First I do not "Port Forward" to my server. I use NAT which sends all default traffic to the server.
  I use Port Forwarding to route to other machines.
  The internal IP of my server is 10.0.1.253, and I believe that is the default NAT setting on a AE
  If you went to www.mydomain.com you would hit my Xserver's web services
  If you went to www.mydomain.com:81 you would be directed to the web services on my MacPro.
  In Port Mapping I used port 81 as the Public Port, the internal IP of my MacPro of 10.0.1.200, and of course use a private port of 80.
  As an example, for one machine I use Public Port 547 for AFP, 5901 for VNC, and 27 for FTP.
  Well known" TCP and UDP ports used by Apple software products

• SA 540 Can't get port forwarding to work.

  Now that the DMZ port doesn't seem to work, I have placed our Web and CRM server on a VLAN. I have created a firewall forwarding rule -> WAN to LAN HTTP allow always and pointed it to the internal IP address.
  When I type in our domain name in the browser I only get the Cisco remote management page, no forwarding to the web server.
  What am I doing wrong?
  I have tried to disable the remote management, but that still doesn't change anything. (btw, how do I change which port the RMON uses, it's grayed out in the setup page)
  SA 540 firmware 1.0.39

  No it does not work from outside my devise, I just get to the RMON page, no forwarding to my Web server at all. I've taken all FW rules away and just have the WAN to LAN allow HTTP "ip address of server" but still nothing.
  I got confirmation that the DMZ/Optional port does not work, I can't SSL from our Apple computers to our Network, and now it seems like we can't get our Web or e-mail servers working either if there is not port forwarding. On top of this, it now also seems like the SA 540 is blocking EDNS packets, slowing down our DNS server. Please tell me that there is something to be done, it can't be that Cisco have put a "Pro" devise out where only 9 out of 10 ports work and that you can not host Web, email or CRM servers because there is no port forwarding, not to mention it only supports IE browsers for SSL.
  I don't mean to sound cranky, but we have spend so much time trying to get this devise to work, please help. (I wish I could give you some logs, but logging doesn't seem to work either)

• How to port forward with AirPort Extreme

  I really just cant find an accurate description in the support community. Err, let me rephrase: I'm not tech-savvy enough to really comprehend all aspects of port forwarding within the AirPort utility.
  I am trying to set up a server for a game (Starbound) and I have been trying for hours to open 1 port. I believe it connects through TCP on port 20125.
  I cant seem to figure out which IP address the utility needs. The router's? Which IP address is the router's if so? How do I see that?
  I wish server was freeware so badly, I've watched videos and tried to replicate the results manually but I just absolutely can't get it. Would really appreciate support on this, as I've never encountered this problem configuring port forwarding in a browser-based scenario.
  Thanks all. All I really need is a walkthrough to open that ONE port.

  For reference the following AirPort User Tip will give you the basics for port forwarding.
  I cant seem to figure out which IP address the utility needs.
  What is required is the IP address of the host device that you want reached from the Internet. In this case it would be the server hosting the Starbound game.
  It is highly recommended that you configure your server with a static Private IP address. You can do this using the DHCP Reservation feature of the AirPort Utility. What this does is assign a dedicated address from the pool of addresses that are provided to local network clients. You will then use this address to populate the IP Address field for the port mapping. Note: Port Forwarding and Port Mapping are used interchangeably. Apple uses Port Mapping.
  To assign a DHCP Reservation:
  Start the AirPort Utility, select the AirPort Extreme, and then, select Edit.
  Select the Network tab.
  Click on the "+" button under the DHCP Reservations window.
  For "Description," enter Starbound or whatever you want to describe this port mapping.
  Reserve Address By: MAC Address
  MAC Address: (Note: This will be the hardware MAC address of the server's Ethernet or wireless interface.)
  IPv4 Address: [enter the desired IP Address that you want to assign the server. It should be from the available pool of DHCP addresses. By default this pool is: 10.0.1.2 thru 10.0.1.200. For example, you can use 10.0.1.100
  Select Save
  Using the reference provided earlier, use the AirPort Utility to define the port mapping that you require. (Note: You should still be on the Network tab.) I filled in the values for you. Note, however; that you may need to change the value for the IP Address field to the address that you set earlier in the DHCP Reservation.

• RVS4000 Port Forwarding not working

  I am trying to forward ports through my RVS4000 however I have been unable to get it to work.
  I have enabled the firewall and set the ports mapping to the correct address and enabled them, however I can't reach any devices.
  All advice gratefully received :>)
  NM

  When troubleshooting Port forwarding on any device we use tools like Nmap on a outside machine looking in at your network, and http://www.canyouseeme.org/ to see if on the server or device you are using if the outside world can see the ports open. There is no known bug or issue with port forwarding on this device as long as you are on the latest firmware. If Nmap and canyouseeme is not showing the ports open you need to look at the internal workings of the network. I.E. does the same ports work on the inside of your network, second is what is between the RVS4000 and the Internet. Other routers or switches, Modem, and ISP. We have seen everyone of the previous devices block ports. When using Nmap or canyouseeme the ports should be open.
  Do you have a topology of your network and what ports you are trying to port forward?
  Cisco Small Business Support Center
  Randy Manthey
  CCNA, CCNA - Security

• Port Forwarding for RDP 3389 is not working

  Hi,
  I am having trouble getting rdp (port 3389) to forward to my server (10.20.30.20).  I have made sure it is not an issue with the servers firewall, its just the cisco.  I highlighted in red to what i thought I need in my config to get this  to work.  I have removed the last 2 octets of the public IP info for security .Here is the configuration below:
  TAMSATR1#show run
  Building configuration...
  Current configuration : 11082 bytes
  version 15.2
  no service pad
  service timestamps debug datetime msec localtime show-timezone
  service timestamps log datetime msec localtime show-timezone
  service password-encryption
  hostname TAMSATR1
  boot-start-marker
  boot system flash:/c880data-universalk9-mz.152-1.T.bin
  boot-end-marker
  logging count
  logging buffered 16384
  enable secret
  aaa new-model
  aaa authentication login default local
  aaa authentication login ipsec-vpn local
  aaa authentication login ciscocp_vpn_xauth_ml_1 local
  aaa authorization console
  aaa authorization exec default local
  aaa authorization network groupauthor local
  aaa session-id common
  memory-size iomem 10
  clock timezone CST -6 0
  clock summer-time CDT recurring
  crypto pki token default removal timeout 0
  crypto pki trustpoint TP-self-signed-1879941380
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-1879941380
  revocation-check none
  rsakeypair TP-self-signed-1879941380
  crypto pki certificate chain TP-self-signed-1879941380
  certificate self-signed 01
    3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
    69666963 6174652D 31383739 39343133 3830301E 170D3131 30393136 31393035
    32305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38373939
    34313338 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
    8100BD7E 754A0A89 33AFD729 7035E8E1 C29A6806 04A31923 5AE2D53E 9181F76C
    ED17D130 FC9B5767 6FD1F58B 87B3A96D FA74E919 8A87376A FF38A712 BD88DB31
    88042B9C CCA8F3A6 39DC2448 CD749FC7 08805AF6 D3CDFFCB 1FE8B9A5 5466B2A4
    E5DFA69E 636B83E4 3A2C02F9 D806A277 E6379EB8 76186B69 EA94D657 70E25B03
    542D0203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603
  ip dhcp excluded-address 10.20.30.1 10.20.30.99
  ip dhcp excluded-address 10.20.30.201 10.20.30.254
  ip dhcp excluded-address 10.20.30.250
  ip dhcp pool tamDHCPpool
  import all
  network 10.20.30.0 255.255.255.0
  default-router 10.20.30.1
  domain-name domain.com
  dns-server 10.20.30.20 8.8.8.8
  ip domain name domain.com
  ip name-server 10.20.30.20
  ip cef
  no ipv6 cef
  license udi pid CISCO881W-GN-A-K9 sn
  crypto vpn anyconnect flash:/webvpn/anyconnect-dart-win-2.5.3054-k9.pkg sequence 1
  ip tftp source-interface Vlan1
  class-map type inspect match-all CCP_SSLVPN
  match access-group name CCP_IP
  policy-map type inspect ccp-sslvpn-pol
  class type inspect CCP_SSLVPN
    pass
  zone security sslvpn-zone
  crypto isakmp policy 10
  encr aes 256
  authentication pre-share
  group 2
  crypto isakmp policy 20
  encr aes 192
  authentication pre-share
  group 2
  crypto isakmp key password
  crypto isakmp client configuration group ipsec-ra
  key password
  dns 10.20.30.20
  domain tamgmt.com
  pool sat-ipsec-vpn-pool
  netmask 255.255.255.0
  crypto ipsec transform-set ipsec-ra esp-aes esp-sha-hmac
  crypto ipsec transform-set TSET esp-aes esp-sha-hmac
  crypto ipsec profile VTI
  set security-association replay window-size 512
  set transform-set TSET
  crypto dynamic-map dynmap 10
  set transform-set ipsec-ra
  reverse-route
  crypto map clientmap client authentication list ipsec-vpn
  crypto map clientmap isakmp authorization list groupauthor
  crypto map clientmap client configuration address respond
  crypto map clientmap 10 ipsec-isakmp dynamic dynmap
  interface Loopback0
  ip address 10.20.250.1 255.255.255.252
  ip nat inside
  ip virtual-reassembly in
  interface Tunnel0
  description To AUS
  ip address 192.168.10.1 255.255.255.252
  load-interval 30
  tunnel source
  tunnel mode ipsec ipv4
  tunnel destination
  tunnel protection ipsec profile VTI
  interface FastEthernet0
  no ip address
  interface FastEthernet1
  no ip address
  interface FastEthernet2
  no ip address
  interface FastEthernet3
  no ip address
  interface FastEthernet4
  ip address 1.2.3.4
  ip access-group INTERNET_IN in
  ip access-group INTERNET_OUT out
  ip nat outside
  ip virtual-reassembly in
  no ip route-cache cef
  ip route-cache policy
  ip policy route-map IPSEC-RA-ROUTE-MAP
  duplex auto
  speed auto
  crypto map clientmap
  interface Virtual-Template1
  ip unnumbered Vlan1
  zone-member security sslvpn-zone
  interface wlan-ap0
  description Service module interface to manage the embedded AP
  ip unnumbered Vlan1
  arp timeout 0
  interface Wlan-GigabitEthernet0
  description Internal switch interface connecting to the embedded AP
  switchport mode trunk
  no ip address
  interface Vlan1
  description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
  ip address 10.20.30.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly in
  ip tcp adjust-mss 1452
  ip local pool sat-ipsec-vpn-pool 10.20.30.209 10.20.30.239
  ip default-gateway 71.41.20.129
  ip forward-protocol nd
  ip http server
  ip http access-class 23
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip dns server
  ip nat inside source list ACL-POLICY-NAT interface FastEthernet4 overload
  ip nat inside source static tcp 10.20.30.20 3389 interface FastEthernet4 3389
  ip nat inside source static 10.20.30.20 (public ip)
  ip route 0.0.0.0 0.0.0.0 public ip
  ip route 10.20.40.0 255.255.255.0 192.168.10.2 name AUS_LAN
  ip access-list extended ACL-POLICY-NAT
  deny   ip 10.0.0.0 0.255.255.255 10.20.30.208 0.0.0.15
  deny   ip 172.16.0.0 0.15.255.255 10.20.30.208 0.0.0.15
  deny   ip 192.168.0.0 0.0.255.255 10.20.30.208 0.0.0.15
  permit ip 10.20.30.0 0.0.0.255 any
  permit ip 10.20.31.208 0.0.0.15 any
  ip access-list extended CCP_IP
  remark CCP_ACL Category=128
  permit ip any any
  ip access-list extended INTERNET_IN
  permit icmp any any echo
  permit icmp any any echo-reply
  permit icmp any any unreachable
  permit icmp any any time-exceeded
  permit esp host 24.153. host 66.196
  permit udp host 24.153 host 71.41.eq isakmp
  permit tcp host 70.123. host 71.41 eq 22
  permit tcp host 72.177. host 71.41 eq 22
  permit tcp host 70.123. host 71.41. eq 22
  permit tcp any host 71..134 eq 443
  permit tcp host 70.123. host 71.41 eq 443
  permit tcp host 72.177. host 71.41. eq 443
  permit udp host 198.82. host 71.41 eq ntp
  permit udp any host 71.41. eq isakmp
  permit udp any host 71.41eq non500-isakmp
  permit tcp host 192.223. host 71.41. eq 4022
  permit tcp host 155.199. host 71.41 eq 4022
  permit tcp host 155.199. host 71.41. eq 4022
  permit udp host 192.223. host 71.41. eq 4022
  permit udp host 155.199. host 71.41. eq 4022
  permit udp host 155.199. host 71.41. eq 4022
  permit tcp any host 10.20.30.20 eq 3389
  evaluate INTERNET_REFLECTED
  deny   ip any any
  ip access-list extended INTERNET_OUT
  permit ip any any reflect INTERNET_REFLECTED timeout 300
  ip access-list extended IPSEC-RA-ROUTE-MAP
  deny   ip 10.20.30.208 0.0.0.15 10.0.0.0 0.255.255.255
  deny   ip 10.20.30.224 0.0.0.15 10.0.0.0 0.255.255.255
  deny   ip 10.20.30.208 0.0.0.15 172.16.0.0 0.15.255.255
  deny   ip 10.20.30.224 0.0.0.15 172.16.0.0 0.15.255.255
  deny   ip 10.20.30.208 0.0.0.15 192.168.0.0 0.0.255.255
  deny   ip 10.20.30.224 0.0.0.15 192.168.0.0 0.0.255.255
  permit ip 10.20.30.208 0.0.0.15 any
  deny   ip any any
  access-list 23 permit 70.123.
  access-list 23 permit 10.20.30.0 0.0.0.255
  access-list 24 permit 72.177.
  no cdp run
  route-map IPSEC-RA-ROUTE-MAP permit 10
  match ip address IPSEC-RA-ROUTE-MAP
  set ip next-hop 10.20.250.2
  banner motd ^C
  UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED.
  You must have explicit permission to access or configure this device.  All activities performed on this device are logged and violations of this policy may result in disciplinary and/or legal action.
  ^C
  line con 0
  logging synchronous
  line aux 0
  line 2
  no activation-character
  no exec
  transport preferred none
  transport input all
  line vty 0
  access-class 23 in
  privilege level 15
  logging synchronous
  transport input telnet ssh
  line vty 1 4
  access-class 23 in
  exec-timeout 5 0
  privilege level 15
  logging synchronous
  transport input telnet ssh
  scheduler max-task-time 5000
  ntp server 198.82.1.201
  webvpn gateway gateway_1
  ip address 71.41. port 443
  http-redirect port 80
  ssl encryption rc4-md5
  ssl trustpoint TP-self-signed-1879941380
  inservice
  webvpn context TAM-SSL-VPN
  title "title"
  logo file titleist_logo.jpg
  secondary-color white
  title-color #CCCC66
  text-color black
  login-message "RESTRICTED ACCESS"
  policy group policy_1
     functions svc-enabled
     svc address-pool "sat-ipsec-vpn-pool"
     svc default-domain "domain.com"
     svc keep-client-installed
     svc split dns "domain.com"
     svc split include 10.0.0.0 255.0.0.0
     svc split include 192.168.0.0 255.255.0.0
     svc split include 172.16.0.0 255.240.0.0
     svc dns-server primary 10.20.30.20
     svc dns-server secondary 66.196.216.10
  default-group-policy policy_1
  aaa authentication list ciscocp_vpn_xauth_ml_1
  gateway gateway_1
  ssl authenticate verify all
  inservice
  end

  Hi,
  I didnt see anything marked with red in the above? (Atleast when I was reading)
  I have not really had to deal with Routers at all since we all access control and NAT with firewalls.
  But to me it seems you have allowed the traffic to the actual IP address of the internal server rather than the public IP NAT IP address which in this case seems to be configured to use your FastEthernet4 interfaces public IP address.
  There also seems to be a Static NAT configured for the same internal host so I am wondering why the Static PAT (Port Forward) is used?
  - Jouni

• Port Forwarding for Minecraft - Port not recognized as open

  I am trying to set up Port Forwarding to host a Minecraft server on a local machine. I am able to connect to Minecraft from within the network, but when I try to use my external IP, it fails. I have port forwarding (supposedly) set up on my Airport Extreme base station, for TCP/UDP port 25565. When I check on canyouseeme.com , it says that the port is not open. Do I have some configuration wrong in Airport Utility? I'm pretty sure it's not something wrong with my Ubuntu box (the one hosting the server) because I am able to connect to it without any problem using it's Internal IP.
  Any help is greatly appreciated.

  I am having this same problem.  My AirPort Utility is v6.2.  I have followed a tutorial labeled for v6.  I cannot open my ports.
  I have a static IP address with the following:
  Router Mode: DHCP and NAT
  I increased the DHCP Range so it would include the static IP address I selected.
  DHCP Reservations
  Description: Minecraft
  Reserve Address By: MAC Address and entered my MAC address
  IPv4 Address: the static IP address that I created in System Preferences- Network
  Port Settings
  Description: Minecraft
  Public UDP Ports: 25565
  Public TCP Ports: 25565
  Private IP Address: same as above which is the same as the statis IP address
  Private UDP Ports: 25565
  Private TCP Ports: 25565
  I also checked with Comcast, my internet provider, to make sure they were not blocking port 25565.  The person on the chat said that that port was open.
  I have been using yougetsignal.com to check if my ports are open and so far nothing.
  Does anyone have any suggestions?