Terminal service port forwarding
i am trying to forward the RDP port to a terminal server inside my LAN. but things are not working for me. Router is 801 ISDN
my config is..
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname edi-ISDN
ip subnet-zero
ip name-server 213.42.20.20
ip name-server 195.229.241.222
isdn switch-type basic-net3
nterface Ethernet0
ip address 192.168.0.254 255.255.255.0
ip nat inside
interface BRI0
no ip address
ip nat outside
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-net3
ppp authentication pap callin
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer idle-timeout 500
dialer string 4004444
dialer hold-queue 10
dialer-group 1
ppp authentication pap callin
ppp pap sent-username xxxxxxx password 7 050E0206751E1E5948
ip nat inside source list 101 interface Dialer1 overload
ip nat inside source static tcp 192.168.0.100 3389 interface Dialer1 3389
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
dialer-list 1 protocol ip permit
line con 0
password cisco
transport input none
stopbits 1
line vty 0 4
password cisco
login
no rcapi server
the ip nat translation output was
Pro Inside global Inside local Outside local Outside global
udp 86.96.130.249:1166 192.168.0.123:1166 86.96.60.5:123 86.96.60.5:123
udp 86.96.130.249:123 192.168.0.100:123 192.168.79.1:123 192.168.79.1:123
tcp 86.96.130.249:3824 192.168.0.123:3824 64.152.73.172:80 64.152.73.172:80
udp 86.96.130.249:123 192.168.0.100:123 192.168.56.1:123 192.168.56.1:123
tcp 86.96.130.249:3389 192.168.0.100:3389 --- ---
udp 86.96.130.249:1143 192.168.0.123:1143 213.42.20.20:53 213.42.20.20:53
edi-ISDN#show ip nat trans
Pro Inside global Inside local Outside local Outside global
udp 86.96.130.249:1166 192.168.0.123:1166 86.96.60.5:123 86.96.60.5:123
udp 86.96.130.249:123 192.168.0.100:123 192.168.79.1:123 192.168.79.1:123
tcp 86.96.130.249:3824 192.168.0.123:3824 64.152.73.172:80 64.152.73.172:80
udp 86.96.130.249:123 192.168.0.100:123 192.168.56.1:123 192.168.56.1:123
tcp 86.96.130.249:3389 192.168.0.100:3389 --- ---
udp 86.96.130.249:1143 192.168.0.123:1143 213.42.20.20:53 213.42.20.20:53
Yes, My terminal server is a Antivirus server, so it connects to the internet for updates.
do i remove the gateway from TS server ?
so what shall i do for default route,?
what is your suggestion?
regards
shoeb
Similar Messages
-
Windows 7 redirecting LPT ports to Terminal Services is broken compaired to Vista and XP
Hello forum
We have encountered an issue with mapping LPT1 ports from any terminal server be it 2003 or 2008, the problem is the same.
Our XP clients and Vista clients works fine. Seems this issue is only present on Windows 7.
We have a program that requires printing to be done on the LPT1 port. The Printer connected to the client is driver less, it uses the raw output from the LPT port. So try not to think of it as a normal printer. We do not require drivers to be installed on
the server or client.
Our XP and Vista clients works perfectly by using: net use LPT1:
\\tsclient\lpt1:
And then printing to the LPT1 port.
When using Windows 7 clients to print, only 512 bytes are forwarded to the printer and the rest of the job is missing. If we print directly to
\\tsclient\lpt1: the print job is working and all is forwarded. But our program cannot print to UNC paths.
So what has changed in between Vista/XP and Windows 7 on the LPT port forwarding subject?
Our printer is a STAR TSP if you would like to know. The Win 7 Clients prints fine to the printer locally to the LPT port when not connected to the Terminal session.
Thanks for your time.Hello Mobay,
Here are the conclusion about this situation:
Symptom:
The Win7 client could not re-direct LPT port to a local printer when connecting through a terminal server/remote desktop session.
Cause:
This is an known product issue of Win7, no QFE available yet.
Resolution:
Possible workaround with Windows XP SP3, RDP 6.1 (and Hotfix 972828).
Win7/Win2k8r2
Vista/Win2k8
WinXP/Win2k3
RDC 5.2
Succeed to redirect
RDC 6.1
Fail to redirect
Succeed to redirect
RDC 7.0
Fail to redirect
Fail to redirect
Succeed to redirect
So it's by design that you can't use LPT port through RDP on Win 7 client machine.
Best Regards
Darith Iv
Core System Analyst
Microsoft Product Services and Support -
LRT214 Accessing Web Services with Port Forwarding & Port Translation
Good afternoon to all,
Purchased the LRT214 yesterday afternoon and it was a breeze to configure the internet settings and get back online. But after the initial configuration, I ran into some trouble getting the router to do port translation together with port forwarding.
The port forwarding setup is straighforward and works perfectly, the same cannot be said for the port translation which does not seem to work. I programmed the following,
1) external port 88 forwarded to internal port 80 for 192.169.1.12
2) external port 89 forwarded to internal port 80 for 192.169.1.13
Can someone point me in the correct direction to achieve the above?
Router Model : LRT214
Firmware Revision : 1.0.2.06
Working Mode : GatewayPort Address Translation => Service Management
Add two Services for the port translations and then add the translations to the list. Let us know if you get any errors.
Please remember to Kudo those that help you.
Linksys
Communities Technical Support -
RV320 Bug - Service Management Table (Port Forwarding)
I'm unable to add more than 16 entries for port forwarding.
It's a RV320 on v1.1.1.06 (newest to date) and it doesn't accept more than 16 entries in the "Service Management Table" required for port forwarding. As soon as I try to enter number 17 and hit save the window closes like it always does but you can see for a short time it says "Critical failure. Please contact support." Everything else works, except for the entry in the Service Management Table. I'm also unable to use it in the port forwarding section, it just doesn't save the entry. I'm unable to add any services to the list unless I delete others but it only works again until number 16.
Actually the "limit" is 37 because it comes with 21 services entered out of the box.
I couldn't find any bug reporting website that I could use without a contract. So I seek for help here.
Anybody else having this issue or is it just my device?10 days ago a post was made in https://supportforums.cisco.com/discussion/12353771/cannot-manage-service-list-all-waited-unacceptably-long-fix indicating there is a new firmware in beta test, I've contacted support to try to get a copy.
I'm moving off Draytek, have a 2830 with latest firmware and various weird issues that they've confirmed are bugs but cannot provide a due date for fix. DHCP randomly giving out wrong DNS server addresses, tagged VLAN support flaky and giving out DHCP details from wrong VLAN (worked around using 1 cable from switch per VLAN and using port based VLAN rather than tagged), App Enforcement for IM blocking causing SMTP and Live.com login issues. And that's just what cropped up last week with the unit at work here. Still using it for our live router as we can't put the RV320 in place until we can configure all the required ACLs which needs more than 16 service entries. -
Terminal Services licensing firewall ports
I have been searching the internet for an informative network\firewall drawing for the Terminal Services Licensing traffic when it comes to firewall ports requirements etc
Does someone have a detailed description or a (visio) drawing showing the ports required for WTS Licensing?
We have the following Citrix based Terminal Server environment:
- Windows 2008 R2 running XenApp6
- Clients come from internal (LAN) and external connections (Citrix Access Gateway)
- There is a firewall between the Citrix XenApp WTS farm and the MS Terminal Services Licensing server (Win 2008 R2)
Can someone explain how the TSCAL\RDCAL "traffic" flows and the ports required from A-Z ?
/Tord BergsetI believe the correct random ports used for for Windows Server 2008 are 49152-65535, not 1024-65535
I am looking for a visio or something showing this...
For Citrix solutions one have no problem finding network drawing showing firewall ports etc, but fro MS WTS licensing I jsut cannot find anything showing ports required etc
Lot of designd docs\drawings regarding RDP traffic etc, but not anything for the RDCAL\TSCAL licensing traffic
Scenario below:
Need all WTS Licensing ports listed for the solution to work for external and internal clients
External clients using 2 factor auth
Firewall
Citrix Web Interface
Server
Firewall
Citrix Licensing server
Firewall
Citrix WTS
Farm
Internal Clients
Citrix Secure Gatway
MS Terminal server Licensing server
/Tord Bergset -
Port Forwarding for Filemaker Pro on Airport Extreme
I really don't know what I'm doing - I'm trying to get my Instant Web for Filemaker to work - It was set up on my MacBook Pro and then I moved everything to this iMac and now it's not working. I do know that the port for FM Pro is 591. I have it set up in FM Pro sharing and it gives me an IP address that should work. Which, by the way, it does inside my network, but not from outside. So, I need to know how to set up the Port Forwarding on my Apple Extreme to make this work.
I don't use FM, but do port forwards on AE for my private website using DynDNS
Go to Applications >> Utilities >> AirPort Utility >> pick your AE and click Manual Setup button
Go to Advanced >> Port Mapping >> click the PLUS to add a new port fwd
Leave the Service drop down as is
Set public TCP and private TCP fields to 591
Set the private IP to the IP address of your iMac as your AE assigned it - I assume that your AE will have 10.0.1.1 and your iMac will be 10.0.1.X - not sure whether you use DHCP and let AE do the work or manually assign private IPs yourself
Give it a description in the next window. Not sure about advertising via Bonjour - I'd try both.
If you don't know what private IP your iMac has, go to applications >> utilities >> Terminal app and type this command: ifconfig
You'll see something like this. In my case, since I use Ethernet to connect my mac to AE router, the en0 is my active connection and my private IP is 10.0.1.12 as shown below. If you use WiFi, you'r main connection will be en1
Last login: Sun Mar 13 20:52:12 on console
Mac-mini:~ jiri$ ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
inet6 fd75:7419:92a9:cab8:226:4aff:fe15:f970 prefixlen 128
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0 mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 00:26:4a:15:f9:70
inet6 fe80::226:4aff:fe15:f970%en0 prefixlen 64 scopeid 0x4
*inet 10.0.1.12* netmask 0xffffff00 broadcast 10.0.1.255
media: autoselect (1000baseT <full-duplex,flow-control>)
status: active
en1: flags=8823<UP,BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
ether 00:26:08:ec:4f:fa
media: autoselect (<unknown type>)
status: inactive
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr 00:26:4a:ff:fe:15:f9:70
media: autoselect <full-duplex>
status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
inet6 fe80::226:4aff:fe15:f970%utun0 prefixlen 64 scopeid 0x7
inet6 fd00:6587:52d7:85:226:4aff:fe15:f970 prefixlen 64
Mac-mini:~ jiri$
Let me know, if it works... -
Port Forward in Cisco series 800
Dear Support
below the configuration of Cisco Series 800 Router that Has VDSL port of internet , the configuration as below :
i add three command
what is required in order to make port forward
ip nat inside source static tcp 8000 10.10.10.10 8000 dilar 0
ip nat inside source static tcp 554 10.10.10.10 554 dilar 0
ip access list extended 100
permit ip any any
what is required to make port forward to the local ip address 10.10.10.10 from outside interface that is VDSL port ?
! Last configuration change at 10:47:44 KSA Wed Apr 22 2015 by aamalsup
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime
service password-encryption
hostname AamalNet
boot-start-marker
boot-end-marker
logging buffered 51200 warnings
enable secret level 2 5 $1$Y4PF$K6TQ5wf0gcHiO5IxvLZba0
enable secret level 5 5 $1$WZeO$BzTCl0C0e1078CWxExJK0/
enable secret 5 $1$plq6$P5HVL/tR81cs0GFDrD.0V/
aaa new-model
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
aaa session-id common
clock timezone KSA 3 0
crypto pki trustpoint TP-self-signed-1682106276
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1682106276
revocation-check none
rsakeypair TP-self-signed-1682106276
crypto pki certificate chain TP-self-signed-1682106276
certificate self-signed 02
30820250 308201B9 A0030201 02020102 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31363832 31303632 3736301E 170D3032 30333031 30303038
35315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36383231
30363237 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C2F3 49897460 71FEB259 7794B7C6 D398958A 2D338F0F C69F0E75 1137B16C
C261A275 8416DAF6 FC19AA6E 50024019 66CE4DB8 3AFAB6FE CE892B42 86A93490
97259E47 D740B2F4 9AA2D307 7B676841 2CAAA879 D945A6FD 717B507F 77399332
1644CEDE 884BF133 ACFBBC80 9869A104 54CC3EEE 9D521378 EC762D86 C3F0ABC9
CA990203 010001A3 78307630 0F060355 1D130101 FF040530 030101FF 30230603
551D1104 1C301A82 18417761 6C416D61 6C792E61 77616C6E 65742E6E 65742E73
61301F06 03551D23 04183016 80149ADD A651C9F9 F8369354 5C904777 090FEB75
72E0301D 0603551D 0E041604 149ADDA6 51C9F9F8 3693545C 90477709 0FEB7572
E0300D06 092A8648 86F70D01 01040500 03818100 50ACCA98 1A5FCCAD FC61D703
A8589B02 AFB8CD47 BD1CC7B0 B095C97F AA0604A8 F8495053 C8A9CBB9 644F5674
318A7AA0 873250AD 1DE28CE2 BE21ED19 BF212CF7 E2A97CFB FFA62F1E 643CEDFE
90D02109 719FD4D3 98E6C40B D61CE89C D2426C1E 3CBD9FBE 397F7F7C F1DD279E
14F8BB2D ABFA784B 6E04274B EDCBFC8F A805E91D
quit
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.11.1
ip dhcp pool lan
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 212.93.192.4 212.93.192.5
lease 0 2
ip dhcp pool wireless
import all
network 10.10.11.0 255.255.255.0
default-router 10.10.11.1
dns-server 212.93.192.4 212.93.192.5
lease 0 2
no ip domain lookup
ip domain name aamal.net.sa
ip name-server 212.93.192.4
ip name-server 212.93.192.5
no ipv6 cef
cwmp agent
enable download
enable
session retry limit 10
management server password 7 094D4308151612001D05072F
management server url http://aamalservice.aamal.net.sa:9090
license udi pid C887VA-W-E-K9 sn FCZ17459018
archive
log config
hidekeys
username k privilege 15 password 7 020D
username admin privilege 15 password 7 14161606050A
controller VDSL 0
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
crypto isakmp client configuration group aamalnet
key aamalnet
dns 212.93.192.4 212.93.192.5
include-local-lan
dhcp server 10.10.10.1
max-users 10
netmask 255.255.255.0
crypto isakmp profile sdm-ike-profile-1
match identity group aamalnet
client authentication list sdm_vpn_xauth_ml_2
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-template 1
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
mode tunnel
crypto ipsec profile SDM_Profile1
set security-association idle-time 60
set transform-set ESP-3DES-SHA
set isakmp-profile sdm-ike-profile-1
bridge irb
interface ATM0
no ip address
no atm ilmi-keepalive
interface ATM0.1 point-to-point
pvc 0/35
pppoe-client dial-pool-number 1
interface Ethernet0
no ip address
shutdown
interface FastEthernet0
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface Virtual-Template1 type tunnel
ip unnumbered Dialer0
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
no ip address
interface wlan-ap0
description Embedded Service module interface to manage the embedded AP
ip unnumbered Vlan1
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
interface Vlan2
no ip address
bridge-group 2
interface Dialer0
ip address negotiated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname [email protected]
ppp chap password 7 0007145E2E5A05522E1858
no cdp enable
interface BVI2
ip address 10.10.11.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 10.10.11.0 0.0.0.255
access-list 23 permit 212.93.196.0 0.0.0.255
access-list 23 permit 212.93.192.0 0.0.0.255
access-list 23 permit 212.93.193.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.255
access-list 23 permit 10.10.11.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
snmp-server community private RW
snmp-server community public RO
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
privilege interface level 5 encapsulation
privilege interface level 5 description
privilege interface level 5 no encapsulation
privilege interface level 5 no description
privilege interface level 5 no
privilege configure level 5 ip route
privilege configure level 5 interface
privilege configure level 5 controller
privilege configure level 5 ip
privilege exec level 5 copy running-config tftp
privilege exec level 5 copy running-config
privilege exec level 5 copy
privilege exec level 5 write memory
privilege exec level 5 write
privilege exec level 5 configure terminal
privilege exec level 5 configure
privilege exec level 5 show processes cpu
privilege exec level 5 show processes
privilege exec level 2 show running-config
privilege exec level 5 show configuration
privilege exec level 2 show
privilege exec level 5 clear counters
privilege exec level 5 clear
banner exec
CC
% Password expiration warning.
Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you want to
use.
banner login
CC
********STC AamalNet Service****************************************
********Authorize Access Only. For more Support Call 909************
line con 0
privilege level 15
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line vty 0 4
access-class 23 in
privilege level 2
transport input telnet ssh
scheduler max-task-time 5000
scheduler allocate 20000 1000
endHello,
Sure.
What version are you running?
Regards, -
Port forwarding, NAT, SSH and Transmission.
A couple of days ago I decided to setup the Transmission daemon, along with automatization for my downloads. Recently, however, to put a layer of security around my laptop, I set up a wireless router I had lying around that is now connected with a wire to my laptop. The reason for this is that I have no idea how iptables work yet, and until then I decided this will suffice for the moment. One of the problems though (yes, problems seems to come in twenty-fold where my luck is concerned), is that when I rewire my laptop directly to the internet, without the router, NetworkManager or Archlinux doesn't reset the ip address, which for some reason jumps to 192.168.1.122, which it never uses otherwise. I haven't yet tried reinstalling networkmanager, but when I did turn it off, dhcpdcd assigned the same address... The problem here being that it shouldn't assign a LAN-address, I'm directly connected to the internet. Sidenote here though; my internet connection is just a plug in the wall, the operators here (I live on a kind of campus), probably only use a network-switch to relay the traffic to the socket.
That's that, my wired network doesn't work directly, only via the wireless router, wired or wireless. Because of this, I have to use port-forwarding for SSH (to test if the port forwarding works), and the Transmission daemon with an rcmp port of 9091., which was my intention in the first place. I have no idea if logging into my.ip.address.here:9091 in a browser would work, I just used localhost:9091.
Now for the results:
$ nmap -sT xx.xxx.xx.xx
Starting Nmap 5.21 ( http://nmap.org ) at 2010-06-14 19:42 CEST
Nmap scan report for xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Host is up (0.038s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp filtered ssh
53/tcp open domain
80/tcp open http
9091/tcp filtered unknown
Here it shows that the ports are actually not closed, but they're not exactly opened either, from what I gathered from the internet.
SSH shows the true problem:
$ ssh neal@xxxxxxxx
ssh: connect to host xxxxxxxx port 22: Connection timed out
SSH-ing to 192.168.0.102 (my internal ip) works, as does to localhost, same for Transmission webGUI. Before I used port-forwarding ssh would correctly say that it couldn't get traffic from the router.
My router is a cheap solution to another problem I had, but it should work like any router. It's a Sitecom WL-607. I disabled login authentication for the moment. Also, there is no filtering going on in the firewall. Like I said earlier, I don't get iptables, so that's not being used. The hosts file allows all and denies nothing.
TLDR version; I'm using port-forwarding on my Sitecom WL-607, but all ports except http and the 53 port are being blocked.
Is there something I'm missing here?
Thanks in advance,
Neal van Veen.by default, all routers assign there clients an ip address from there internal pool of addresses, your wireless router is assigning you that address and then NAT's the connection with the WAN side, but even after directly plugging in to the wall socket you still dont get a new ip address, use dhcpcd <mydev> in terminal to reresh dhcp lease. if not then your campus/location/etc may also be using NAT on there own side.
as for the ports, iptables doesnt block any traffic by default, it allows everything. if there is filtering, it is from your wireless router.
on the above ssh and nmap scans, did u use your lan ip, or your public ip. -
Buenos dias:
Tenemos un problema a la hora de redireccionar puertos. en concreto con el puerto de termial 3389
Hemos creado 2 reglas o custon SERVICE
1. TERMINAL Type TCP Start port 3389 finifsh port 3389
2. Terminal 2 Type TCP SP 4444 FP 4444
En Port Forwarding permitimos ( allow always ) Service TERMINAL source Any Destination 192.168.20,30 ( ip del equipo ) Frowarding from port same y F to Pot same
Esto funciona
En la segunda entrada Terminal 2 ( allow always ) Service Terminal2 source Any Destination 192.168.20,10 ( ip del equipo ) Frowarding from port same y F to Pot 3389
ESTO NO FUNCIONA
Current Firmware Version:
1.0.3.5
LAguien sabe por que pasa??
GraciasBuenos dias Senior Sanchez,
Mi nombre es David Aguilar, y soy un ingeniero de soporte técnico con el Cisco Small Business Support Center.
Para reenviar los puertos de la RV220W, debe utilizar un servicio personalizado y una Lista de Control de Acceso. Haga lo siguiente:
1. En primer lugar, eliminar las reglas de reenvío de puertos que ya ha creado. Usted no necesita los mismos.
2. Ve a hacer Firewall> Avanzado> Servicios personalizados. Crear dos servicios de los clientes. Ver:
3. Ir a reglas de acceso y haga clic en Agregar regla. Crear la regla como la siguiente y luego haga clic en Guardar.
Esto enviará el puerto. Ver:
Si usted tiene preguntas adicionales, por favor llamar al soporte. Aquí están los números de teléfono de asistencia: http://www.cisco.com/en/US/support/tsd_cisco_small_business_support_center_contacts.html
Gracias. -
WEBVPN and Windows Terminal Services
Does anyone have a copy of a config to set up WEBVPN with Windows Terminal Services? I have opened port 3389, but something does not seem to be working correctly.
Hi Paul,
you don´t say exactly what is not working but anyhow here is example config:
Under Configuration | Tunneling and Security | WebVPN | Port Forwarding you put the following into the fields:
Name: Terminal Server
Local TCP Port: 2000
Remote Server: 10.172.24.100
Remote TCP Port: 3389
Now after the user has logged into the WebVPN and click-ed on Application Access he will see a window. In the window there are 6 columns. In the Local column you will see something like 127.0.0.1:2000 and in the Remote column 10.172.24.100:3389. The user will type 127.0.0.1:2000 in the computer field in the Remote Desktop Connection window
Hope this helps,
Vidir -
Port-forwarding or UPnP on VERIZON FIOS modem/router
I'm trying to help someone access his home network remotely from another location. he just got the new Verizon FIOS network.
i'm new to the world of port-forwarding and UPnP forwarding, but have learned a lot in a short period of time.
I can easily setup port-forwarding and UPnP forwarding (necessary to setup the afp file sharing, screen sharing, etc) on Linksys routers that have those capabilities.
My friend just got the new Verizon FIOS network installed. It is smoking fast both up and down. We figured out that the box Verizon provided him (it's a fairly huge thing) is an internet modem, a router, and a wireless router all in one.
And once we accessed its control panel, I definitely saw places where we could configure port-forwarding........
but it's not quite as straightforward as it is on a Linksys router in that, on a Linksys, if I want to open a specific port, like 5900, for screen sharing, I can easily type in the numbers 5900 and type the IP address of the computer on my LAN that I wish to forward port 5900 traffic to.......or I can do this with UPnP forwarding....either way it is simply and fully controllable.
But on this Verizon box, it seems to have most standard ports and protocols stored in presets that you must choose from. For example, if I wanted to setup port forwarding for FTP traffic, I would choose FTP from the dropdown menu and then the router would automatically know to forward port 21 to the computer of my choice.
but we specifically want to turn on AFP for apple file sharing, which is port 548. On the Linksys, i could simply type port 548. But this Verizon router does not show a service called AFP. It has a nice LONG menu of many different pre-set options, but AFP is not one of them. Would it be called something else on a device like this that is obviously not specifically designed to know Apple's file sharing protocol?
So would anyone know what kind of service I should look for that opens port 548 for file sharing?
Anyone have experience with these new Verizon routers/modems yet? I'd really love to find a way to type everything in manually, but I dunno if that's possible on this unit.
i know there's a lot here. thank you to anyone who knows about this and can shed some lightThat doesn't work because applications that initiate outbound connections are given randomly assigned 5-digit port numbers (e.g., 49144) through which the CLIENT communicates. The "well known" port numbers like 548 for afp, 22 for ssh, 80 for web servers, etc., are for the SERVER function to which the server daemon listens. Example: you don't send the request to download your email from your pop 110 (or 995 when using SSL), or from your imap 143 (or 993 when using SSL); that's the port number at the DESTINATION server to where your traffic is delivered, i.e., the port to which that SERVER is listening for incoming traffic. Same for when you send mail, you send from some randomly assigned five-digit port number TO the smtp server's port 25. You can see this by launching Terminal.app from an admin-privileged account and typing sudo tcpdump -i en1 (use en1 for airport, en0 for wired ethernet) and looking at the packet transmissions' headers.
-
WEBVPN and Terminal Services Web Connection
Does ASA WEBVPN support MS Terminal Services Web Connection?? I can reach the first login page but can not go further. I click the "connect" button no any response?!! All other web service running well through webvpn, only MS Terminal Services Web Connection.
I noticed when I use my local PC to connect web ternimal server, it first use port 80 and then use port 3389. I tried portforwading
port-forward TSSERVER www 10.1.1.1 3389
port-forward TSSERVER 3389 10.1.1.1 3389
still not works, please advise.
my ASA version:
Cisco Adaptive Security Appliance Software Version 7.2(1)
Device Manager Version 5.2(1)
Thanks.This is the kind of thing that you need a sniffer trace on both sides of the CSS to determine what the problem is.
-
Time Capsule Does Not Port Forward FTP Ports
Hey there,
I recently purchased a Time Capsule, and I found out that while it fixes the NAT-PMP bug found in my previous AirPort Extreme Base Station (Gigabit-N), it introduces a new problem which makes it refuse to forward port 21 properly.
It seems to me that the Time Capsule has some sort of FTP server built in, and is either enabled but closes connection on client connection, or disabled but still listens for client connection.
This message is what I get when I connect to my IP via FTP from the WAN side (FTP port forwarded to a local machine with an IP 10.0.0.8):
421 Service not available, remote server has closed connection.
When it is accessed from the LAN of course, I can connect to 10.0.0.8 with no problem. However, what is interesting is if I connect to the Time Capsule via FTP I get this as well:
421 Service not available, remote server has closed connection.
Thus, I am 100% certain that the FTP message I see when I connect from WAN is from the Time Capsule instead of the machine I port forwarded to.
Apple needs to fix this annoying problem and at the same time fixes some VPN issues I'm having with my Nortel VPN client (4.68). It was all working when I had the AirPort Extreme Base Station.I am having a problem establishing an FTP session that is started with my FTP Client (CuteFTP) on my local network and attempting to connect to an FTP Server with one of my hosting providers. My first few attempts used FTPS (Secure FTP) as that is what I typically use when transferring FTP packets over the net. Well, this didn't work so I thought maybe the Time Capsule had a problem inspecting the encrypted packets so I switched to standard clear-text FTP just to see if the Time Capsule handles FTP session management functions correctly. This didn't work either. I'm using PASV FTP and have never had a problem before with my CISCO Router or with another consumer-based NAT router. I don't believe that the Server on the Internet gets the initial request on port 21 as I believe the Time Capsule is not allowing the packet to pass and my FTP Client spits back an error message : "Couldn't access FTP service " "Connection Failed". I have also used "Terminal" and initiated the ftp utility and attempted to connect to the same server and receive the following error message : "421 Service not available, remote server has closed connection.". I have attempted to put my computer in the DMZ by using the Default Host feature on the Time Capsule but that resulted in the same errors. I believe that I have tried most of the settings available on the Time Capsule to attempt to get this to work but no luck yet. If the packet is getting through to the server and the response back on the current ephemeral port is not getting through the Time Capsule I'm really hoping the solution is not having to port map all ephemeral ports as this is in the tens of thousands. Has anyone successfully established an FTP Session (Secure or Not) from your local client through the Time Capsule to a Server on the Internet. If so, could you help by providing any Time Capsule settings that were required for this to function properly....Thanks in Advance.
Note: I have attempted to ftp to several different public ftp servers on the Internet and get the same error results. I have no problems ftping to local serverson my local network. -
SSGD vs. Windows Terminal Services
I'm using one Windows Terminal Services server with 20 clients in my office. My question is, what advantages (ands disasvatages such as serial port forwarding) can I expect from using SSGD?
Thanks in advance.
Regards!I'm using one Windows Terminal Services server with
20 clients in my office. My question is, what
advantages (ands disasvatages such as serial port
forwarding) can I expect from using SSGD?
SSGD will also use the Terminal Services. The advantage you get is, that you can deposit the access also from the outside (= Internet) and not only to the inside.
Markus -
Port Forwarding for RDP 3389 is not working
Hi,
I am having trouble getting rdp (port 3389) to forward to my server (10.20.30.20). I have made sure it is not an issue with the servers firewall, its just the cisco. I highlighted in red to what i thought I need in my config to get this to work. I have removed the last 2 octets of the public IP info for security .Here is the configuration below:
TAMSATR1#show run
Building configuration...
Current configuration : 11082 bytes
version 15.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
hostname TAMSATR1
boot-start-marker
boot system flash:/c880data-universalk9-mz.152-1.T.bin
boot-end-marker
logging count
logging buffered 16384
enable secret
aaa new-model
aaa authentication login default local
aaa authentication login ipsec-vpn local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization console
aaa authorization exec default local
aaa authorization network groupauthor local
aaa session-id common
memory-size iomem 10
clock timezone CST -6 0
clock summer-time CDT recurring
crypto pki token default removal timeout 0
crypto pki trustpoint TP-self-signed-1879941380
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1879941380
revocation-check none
rsakeypair TP-self-signed-1879941380
crypto pki certificate chain TP-self-signed-1879941380
certificate self-signed 01
3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383739 39343133 3830301E 170D3131 30393136 31393035
32305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38373939
34313338 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BD7E 754A0A89 33AFD729 7035E8E1 C29A6806 04A31923 5AE2D53E 9181F76C
ED17D130 FC9B5767 6FD1F58B 87B3A96D FA74E919 8A87376A FF38A712 BD88DB31
88042B9C CCA8F3A6 39DC2448 CD749FC7 08805AF6 D3CDFFCB 1FE8B9A5 5466B2A4
E5DFA69E 636B83E4 3A2C02F9 D806A277 E6379EB8 76186B69 EA94D657 70E25B03
542D0203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603
ip dhcp excluded-address 10.20.30.1 10.20.30.99
ip dhcp excluded-address 10.20.30.201 10.20.30.254
ip dhcp excluded-address 10.20.30.250
ip dhcp pool tamDHCPpool
import all
network 10.20.30.0 255.255.255.0
default-router 10.20.30.1
domain-name domain.com
dns-server 10.20.30.20 8.8.8.8
ip domain name domain.com
ip name-server 10.20.30.20
ip cef
no ipv6 cef
license udi pid CISCO881W-GN-A-K9 sn
crypto vpn anyconnect flash:/webvpn/anyconnect-dart-win-2.5.3054-k9.pkg sequence 1
ip tftp source-interface Vlan1
class-map type inspect match-all CCP_SSLVPN
match access-group name CCP_IP
policy-map type inspect ccp-sslvpn-pol
class type inspect CCP_SSLVPN
pass
zone security sslvpn-zone
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
crypto isakmp policy 20
encr aes 192
authentication pre-share
group 2
crypto isakmp key password
crypto isakmp client configuration group ipsec-ra
key password
dns 10.20.30.20
domain tamgmt.com
pool sat-ipsec-vpn-pool
netmask 255.255.255.0
crypto ipsec transform-set ipsec-ra esp-aes esp-sha-hmac
crypto ipsec transform-set TSET esp-aes esp-sha-hmac
crypto ipsec profile VTI
set security-association replay window-size 512
set transform-set TSET
crypto dynamic-map dynmap 10
set transform-set ipsec-ra
reverse-route
crypto map clientmap client authentication list ipsec-vpn
crypto map clientmap isakmp authorization list groupauthor
crypto map clientmap client configuration address respond
crypto map clientmap 10 ipsec-isakmp dynamic dynmap
interface Loopback0
ip address 10.20.250.1 255.255.255.252
ip nat inside
ip virtual-reassembly in
interface Tunnel0
description To AUS
ip address 192.168.10.1 255.255.255.252
load-interval 30
tunnel source
tunnel mode ipsec ipv4
tunnel destination
tunnel protection ipsec profile VTI
interface FastEthernet0
no ip address
interface FastEthernet1
no ip address
interface FastEthernet2
no ip address
interface FastEthernet3
no ip address
interface FastEthernet4
ip address 1.2.3.4
ip access-group INTERNET_IN in
ip access-group INTERNET_OUT out
ip nat outside
ip virtual-reassembly in
no ip route-cache cef
ip route-cache policy
ip policy route-map IPSEC-RA-ROUTE-MAP
duplex auto
speed auto
crypto map clientmap
interface Virtual-Template1
ip unnumbered Vlan1
zone-member security sslvpn-zone
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan1
arp timeout 0
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport mode trunk
no ip address
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.20.30.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
ip local pool sat-ipsec-vpn-pool 10.20.30.209 10.20.30.239
ip default-gateway 71.41.20.129
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip dns server
ip nat inside source list ACL-POLICY-NAT interface FastEthernet4 overload
ip nat inside source static tcp 10.20.30.20 3389 interface FastEthernet4 3389
ip nat inside source static 10.20.30.20 (public ip)
ip route 0.0.0.0 0.0.0.0 public ip
ip route 10.20.40.0 255.255.255.0 192.168.10.2 name AUS_LAN
ip access-list extended ACL-POLICY-NAT
deny ip 10.0.0.0 0.255.255.255 10.20.30.208 0.0.0.15
deny ip 172.16.0.0 0.15.255.255 10.20.30.208 0.0.0.15
deny ip 192.168.0.0 0.0.255.255 10.20.30.208 0.0.0.15
permit ip 10.20.30.0 0.0.0.255 any
permit ip 10.20.31.208 0.0.0.15 any
ip access-list extended CCP_IP
remark CCP_ACL Category=128
permit ip any any
ip access-list extended INTERNET_IN
permit icmp any any echo
permit icmp any any echo-reply
permit icmp any any unreachable
permit icmp any any time-exceeded
permit esp host 24.153. host 66.196
permit udp host 24.153 host 71.41.eq isakmp
permit tcp host 70.123. host 71.41 eq 22
permit tcp host 72.177. host 71.41 eq 22
permit tcp host 70.123. host 71.41. eq 22
permit tcp any host 71..134 eq 443
permit tcp host 70.123. host 71.41 eq 443
permit tcp host 72.177. host 71.41. eq 443
permit udp host 198.82. host 71.41 eq ntp
permit udp any host 71.41. eq isakmp
permit udp any host 71.41eq non500-isakmp
permit tcp host 192.223. host 71.41. eq 4022
permit tcp host 155.199. host 71.41 eq 4022
permit tcp host 155.199. host 71.41. eq 4022
permit udp host 192.223. host 71.41. eq 4022
permit udp host 155.199. host 71.41. eq 4022
permit udp host 155.199. host 71.41. eq 4022
permit tcp any host 10.20.30.20 eq 3389
evaluate INTERNET_REFLECTED
deny ip any any
ip access-list extended INTERNET_OUT
permit ip any any reflect INTERNET_REFLECTED timeout 300
ip access-list extended IPSEC-RA-ROUTE-MAP
deny ip 10.20.30.208 0.0.0.15 10.0.0.0 0.255.255.255
deny ip 10.20.30.224 0.0.0.15 10.0.0.0 0.255.255.255
deny ip 10.20.30.208 0.0.0.15 172.16.0.0 0.15.255.255
deny ip 10.20.30.224 0.0.0.15 172.16.0.0 0.15.255.255
deny ip 10.20.30.208 0.0.0.15 192.168.0.0 0.0.255.255
deny ip 10.20.30.224 0.0.0.15 192.168.0.0 0.0.255.255
permit ip 10.20.30.208 0.0.0.15 any
deny ip any any
access-list 23 permit 70.123.
access-list 23 permit 10.20.30.0 0.0.0.255
access-list 24 permit 72.177.
no cdp run
route-map IPSEC-RA-ROUTE-MAP permit 10
match ip address IPSEC-RA-ROUTE-MAP
set ip next-hop 10.20.250.2
banner motd ^C
UNAUTHORIZED ACCESS TO THIS NETWORK DEVICE IS PROHIBITED.
You must have explicit permission to access or configure this device. All activities performed on this device are logged and violations of this policy may result in disciplinary and/or legal action.
^C
line con 0
logging synchronous
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0
access-class 23 in
privilege level 15
logging synchronous
transport input telnet ssh
line vty 1 4
access-class 23 in
exec-timeout 5 0
privilege level 15
logging synchronous
transport input telnet ssh
scheduler max-task-time 5000
ntp server 198.82.1.201
webvpn gateway gateway_1
ip address 71.41. port 443
http-redirect port 80
ssl encryption rc4-md5
ssl trustpoint TP-self-signed-1879941380
inservice
webvpn context TAM-SSL-VPN
title "title"
logo file titleist_logo.jpg
secondary-color white
title-color #CCCC66
text-color black
login-message "RESTRICTED ACCESS"
policy group policy_1
functions svc-enabled
svc address-pool "sat-ipsec-vpn-pool"
svc default-domain "domain.com"
svc keep-client-installed
svc split dns "domain.com"
svc split include 10.0.0.0 255.0.0.0
svc split include 192.168.0.0 255.255.0.0
svc split include 172.16.0.0 255.240.0.0
svc dns-server primary 10.20.30.20
svc dns-server secondary 66.196.216.10
default-group-policy policy_1
aaa authentication list ciscocp_vpn_xauth_ml_1
gateway gateway_1
ssl authenticate verify all
inservice
endHi,
I didnt see anything marked with red in the above? (Atleast when I was reading)
I have not really had to deal with Routers at all since we all access control and NAT with firewalls.
But to me it seems you have allowed the traffic to the actual IP address of the internal server rather than the public IP NAT IP address which in this case seems to be configured to use your FastEthernet4 interfaces public IP address.
There also seems to be a Static NAT configured for the same internal host so I am wondering why the Static PAT (Port Forward) is used?
- Jouni
Maybe you are looking for
-
Form fields in LiveCycle. I want to allow users to add URLs to a form so that they can be clicked and opened on the web by form reviewers (users). what is the best way to achieve this?
-
How do I check what version of Firefox I have?
Player Error ErrorCode: 1001 We could not load the movie player. Please visit our help page for more details. This is the problem. I downloaded I thought was the latest version of Firefox 2, so I can watch Netflix movies on line but Firefox cannot su
-
Desktop Calender not Sync with handheld
I cannot get my Desktop calender to sync with my palm. I read previous posts on this problem and found one that would help but cannot follow his instructions. My handheld is using Outlook , my information is in Desktop calender. How do I change th
-
I tunes is corrupted or is not installed correctly. Please reinstall Itunes
How is this done without losing my itunes library that I 've had for over 6 years?
-
Turorial HelloWorld AIR application in Linux. Create a package from scratch
I created a small tutorial in my blog to demonstrate how to create a small APP with Adobe AIR on Linux. This is a "hello world" tutorial and a beginning from scratch demonstration. Please visit this tutorial at http://cateof.wordpress.com/2009/09/27