VPN: Port-forwarding OK but Nothing Talking

Similar Messages

• RV042 vpn&port forwarding problems

  Hello,
  I spent a few days trying to configure  the RV042 router but I messed up. I need this router for VPN access on my  site and Port Forwarding to an internal web server. Apparently very  simple task, isn't it?
  So:
  1. PPTP is working fine but I need more than 5 concurrent accesses.
  2.  Quickvpn does not work when the DHCP server is checked  and I can't  access any computer from my lan. I have a DHCP server in my LAN but when  I'm conected through Quickvpn I never reach it. In the log file there  are messages like:
  Connection refused - Policy violation TCP 169.254.x.x->192.168.1.2 (DHCP server from my lan)
  3.  On Setup > Forwarding I added a Port Range Forwarding for HTTP port  80 to an internal IP address (192.168.1.x). I although added a firewall  access rule to allow traffic to Port 80 from any source interface and  any source IP to 192.168.1.x.
  From the internal LAN, using the WAN IP of the router,  the Port forwarding works but not form the outside, though in the log file of the router it appears to work:
  Connection Accepted TCP 208.64.252.230:33027->192.168.1.x:80 on ixp1
  What could I have done wrong?
  The  router is configured with a static address as a gateway and it has the  latest firmware 1.3.12.19-tm. The access rules are the default ones and  the one I added.
  Any help would be much apreciated.
  Thanks.

  Can't answer as to why QVPN fails when you enable DHCP on the router, but concidering your requirements it seems to be a moot point. So, you have a DHCP server on your network which I will guess is also running your Web service. If this is a Windows server does your current configuration allow you to enable PPTP on it? If so, that would solve the five user limit. You will need to turn off the PPTP server on the router and then forward port 1723 TCP to your server and you are done. As for your http access, remove any rule that you have in reference to "allow" port 80 connectivity to your web server. Not sure why but this tends to confuse the poor little things. Once you have verified that port 80 is active on the server via the LAN (which you already have) then you are done. If you are still not successful with the connection to the server from the WAN you may want to default the router and start over (lame I know).
  *** SORRY, just noticed that you stated that you added a "port range" forwarding rule. Remove that, and configure a UPnP rule for the same server instead. Do not know why they call it that, they just do. This is the same as configuring a single port forward they just call it something different. So just port forward 80 tcp to your server on 192.168.1.x and you are done.

• How to IPsec site to site vpn port forwarding to remote site?

  Hi All,
  The scenario where a Site to Site VPN tunnel has been established between Site A and Site B. Lan on Site A can ping Lan on Site B. My problem is a Printer behind Site B needs to be accessed by using the WAN IP address of Site A. Also i could not ping the remote lan or printer from the router.
  Below are my configure on the Cisco 877 in site A. Would you please advise the solution for that?
  Building configuration...
  Current configuration : 5425 bytes
  ! Last configuration change at 15:09:21 PCTime Fri Jun 15 2012 by admin01
  version 12.4
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  no service password-encryption
  hostname Laverton
  boot-start-marker
  boot-end-marker
  logging message-counter syslog
  no logging buffered
  aaa new-model
  aaa authentication login default local
  aaa authorization exec default local
  aaa session-id common
  clock timezone PCTime 10
  crypto pki trustpoint TP-self-signed-1119949081
  enrollment selfsigned
  subject-name cn=IOS-Self-Signed-Certificate-1119949081
  revocation-check none
  rsakeypair TP-self-signed-1119949081
  crypto pki certificate chain TP-self-signed-1119949081
  certificate self-signed 01
    XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
    XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
    69666963 6174652D 31313139 39343930 3831301E 170D3132 30363135 30343032
    30385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31313939
              quit
  dot11 syslog
  ip source-route
  no ip dhcp use vrf connected
  ip dhcp excluded-address 192.168.1.1 192.168.1.50
  ip dhcp pool DHCP_LAN
     network 192.168.1.0 255.255.255.0
     default-router 192.168.1.1
     dns-server 61.9.134.49
     lease infinite
  ip cef
  no ipv6 cef
  multilink bundle-name authenticated
  object-group network VPN
  description ---Port Forward to vpn Turnnel---
  host 192.168.2.99
  username admin01 privilege 15 secret 5 $1$6pJE$ngWtGp051xpSXLAizsX6B.
  crypto isakmp policy 1
  encr 3des
  authentication pre-share
  group 2
  crypto isakmp key mypasswordkey address 0.0.0.0 0.0.0.0
  crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
  crypto dynamic-map SDM_DYNMAP_1 1
  set transform-set ESP-3DES-SHA
  match address 100
  crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
  archive
  log config
    hidekeys
  no ip ftp passive
  interface ATM0
  description ---Telstra ADSL---
  no ip address
  no atm ilmi-keepalive
  pvc 8/35
    tx-ring-limit 3
    encapsulation aal5snap
    protocol ppp dialer
    dialer pool-member 1
  dsl operating-mode auto
  interface FastEthernet0
  interface FastEthernet1
  interface FastEthernet2
  switchport access vlan 10
  shutdown
  interface FastEthernet3
  interface Vlan1
  description ---Ethernet LAN---
  ip address 192.168.1.1 255.255.255.0
  ip nat inside
  ip virtual-reassembly
  ip tcp adjust-mss 1420
  interface Vlan10
  ip dhcp relay information trusted
  ip dhcp relay information check-reply none
  no ip dhcp client request tftp-server-address
  no ip dhcp client request netbios-nameserver
  no ip dhcp client request vendor-specific
  no ip dhcp client request static-route
  ip address dhcp
  ip nat outside
  ip virtual-reassembly
  interface Dialer0
  description ---ADSL Detail---
  ip address negotiated
  ip mtu 1460
  ip nat outside
  ip virtual-reassembly
  encapsulation ppp
  ip tcp adjust-mss 1420
  dialer pool 1
  dialer-group 1
  ppp chap hostname [email protected]
  ppp chap password 0 mypassword
  crypto map SDM_CMAP_1
  ip forward-protocol nd
  ip route 0.0.0.0 0.0.0.0 Dialer0
  ip http server
  ip http authentication local
  ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip dns server
  ip nat inside source static tcp 192.168.2.99 80 interface Dialer0 8000
  ip nat inside source static tcp 192.168.2.99 9100 interface Dialer0 9100
  ip nat inside source route-map SDM_RMAP_1 interface Dialer0 overload
  ip nat inside source route-map SDM_RMAP_2 interface Dialer0 overload
  ip access-list extended NAT
  remark CCP_ACL Category=16
  remark IPSec Rule
  deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
  permit ip 192.168.1.0 0.0.0.255 any
  access-list 1 permit 192.168.1.0 0.0.0.255
  access-list 100 remark CCP_ACL Category=4
  access-list 100 remark IPSec Rule
  access-list 100 permit ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
  access-list 101 remark CCP_ACL Category=2
  access-list 101 remark IPSec Rule
  access-list 101 deny   ip 192.168.1.0 0.0.0.255 192.168.2.0 0.0.0.255
  access-list 101 permit ip 192.168.2.0 0.0.0.255 any
  route-map SDM_RMAP_1 permit 1
  match ip address NAT
  route-map SDM_RMAP_2 permit 1
  match ip address 101
  control-plane
  line con 0
  no modem enable
  line aux 0
  line vty 0 4
  transport input telnet ssh
  scheduler max-task-time 5000
  end
  Your help would be very appreciated!
  PS: I know it is easier if i config Site A as the VPN server but in out scenario, we need to access printer from internet over static WAN IP of site A.
  Thanks,
  Thai

  Is there anyone can help please?

• Port forwarding externally but not internally

  I've got an AExtremeBS at home and at work. I've been port forwarding http for a while with no problems internally or externally. I've recently configured a new web server which internally is hosted on port 80. I've enabled port forwarding from 8080 to 80 on the AEBS and it works fine externally. However, if I try to browse the site internally using the FQDN:8080 of my AEBS, it does not work.
  I can check both external and internal and the external is still working while the internal is not.
  Any ideas?
  One idea would be to move my internal listener to 8080 and just port forward 8080 to 8080 (I would just redirect 8080 to the internalIP:8080 rather than map 8080 to internal:80).
  Thanks,
  sid.

  You might be onto something....but it's probably not what you think, but then again, I just confused myself again.
  To get OD working I had to add my Leopard Server to my DNS settings. The Leopard Server required that it resolves the FQDN of the AEBS to itself (the internal IP address). However, everything else on the network resolves the FQDN to the external IP address.
  If I nslookup on my FQDN, from my mac (which has the Leopard Server as it's DNS server) I get the internal IP address of the Leopard Server. However, if I go to another machine inside my network which does not query DNS from the Leopard Server, I get my external IP and when I browse to extneral:8080 it port forwards correctly. So it wasn't the AEBS, it was my particular mac and freaking Leopard Server.
  So, it's settled, Leopard Server strikes again. I can't believe that Apple released this POS. I had a much easier time with Ubuntu 6.06 on my old 300 MHz blueberry iMac.

• WRT1900AC: Port Forwarding causes router to become unresponsive.

  Hi all,
  I'm having an issue with my WRT1900AC router when port forwarding. I've talked to tech support about it, but I want to know if people in the community are experiencing the same thing and maybe conduct a small experiment.
  Basically, the problem is that I'm trying to forward the ports for Xbox Live, and after doing so, the router becomes completely unresponsive: wired internet connection cuts off, wireless cuts off, and the router can no longer be accessed via the browser. Switching off the power off for 30 seconds, and then back on has no effect. All of the lights are on and stable, but nothing is working. The only way to get access back to the router and to make it work again is to reset using the button on the back. Support put me throught all the troubleshooting steps (firmware, reset, and the works) but it didnt have any effect.
  The thing is, this happens 100% of the time I try to forward the ports, and even after exchanging the router from the retailer it STILL becomes unresponsive after port forwarding. Even better, is that one of my friends also has the exact same issue, and he bought his around the same time as me (beginning of July)
  So I would like to know if others are experiencing this as well? The ports I'm trying to forward are below, can anyone else try them out and see if it works?
  Port 88 (UDP)
  Port 3074 (UDP and TCP)
  Port 53 (UDP and TCP)
  Port 80 (TCP)
  Port 500 (UDP)
  UDP Port 3544 (UDP)
  UDP Port 4500 (UDP)
  Thanks,
  Jitin
  Solved!
  Go to Solution.

  I turned off UPNP and tried to port forward and got the same results. Had to reset the router and setup the wifi and network all over yet again.
  I occasionally still get NAT problems with UPNP enabled, hence why I want to port forward. Appreciate you trying to help!

• Are "Back to my MAC" and "Port Forwarding" mutually exclusive?

  I have been using APExtreme and Port Forwarding successfully for several weeks now. The PF is to allow access to game players on a PC which acts as a server on the web. All Good.
  One more thing, I have a ISP provided wireless modem/router to talk to the cable and the world. It seems to work either bridged or un-bridged.
  I have disabled the wireless on the ISP's modem/router. (Actually the ISP's device doesn't hold a candle to the APE.)
  Still all good.
  So the firewall is on in the APExtreme and none on the modem router, and I have a port defined for my gamers to get access to my server in the APExtreme.
  I now want to implement Back to my MAC on my MBP and my other Apple devices. I believe these use iCloud for which I have an account and it seems to be working well with my iPhone.
  In Properties, when I select BtmM, iCloud says communications will be slow if I have port forwarding on. Also I will not be able to use the router function in my Modem/router.
  I'd really like to have the modem/router firewall up, and do the port forwarding there, but the BtmM will likely not get through.
  So what does anyone suggest?
  Can I use BtmM and port forwarding without too much degradation?
  Please advise.
  Thanks
  Barry

  To best answer your question on whether the two are "mutually exclusive," let take a look at how Back to My Mac (BTMM) basically works.
  BTMM - General Requirements
  OS X Leopard 10.7.3+
  Active iCloud account. Each Mac & the AirPort router, that will be relying on BTMM, needs to be configured with the same account.
  A publicly reachable IP address for your router.
  A router that supports either NAT-PMP or UPnP. For AirPorts, be sure it is running 7.6.1+ firmware.
  BTMM uses TCP port 5354 and UDP ports 4500 & 5353 for communications.
  BTMM - Basic Communication Flow
  For a computer connected to the Internet via a router, BTMM "asks" the router for its configuration information. For a router, like your AirPort, that uses NAT-PMP, BTMM will ask the router to assign arbitrary public ports. In turn, the router will provide these port assignments (& the router's Public IP address) back to BTMM.
  BTMM then sends this information to the iCloud account. In background iCloud updates a special set of DNS entries to be used by BTMM. These entries are then made available to all BTMM clients using your iCloud account. When a computer, with BTMM enabled, uses your iCloud credentials, it automatically retrieves a list of all other computers/routers that are registered with the same account. All these devices should then appear under the SHARED section of the Finder.
  When attempting to connect to a remote computer (or router), BTMM creates a secure connection to that remote device using the information from the iCloud account.
  Once the connection is established, the devices can then communicate with each other.
  So potentially, unless you are using Port Mapping for any of the ports BTMM uses, they should not conflict.

• WRT160Nv3 port forwarding settings not being saved

  Hello there.
  I am using a WRT160Nv3 router and am having trouble getting port forwarding to work. 
  Specifically, my settings are not being saved properly. 
  I am trying to set up a server to run for Minecraft, and I have eliminated all issues save port forwarding.
  I open up the router's settings by going to 10.10.10.1 in my browser.  I go to "Single Port Forwarding."  I then choose a blank spot on the left and label the application (in this case, Minecraft), then I type in the ports I want to forward (minecraft uses 25565).  I check the box "Enabled."  Then I go down to the "Save Settings" button below and click it.
  This brings me to a mostly black screen with a white box in it, and big black letters saying "Settings are successful" and a button to click, labeled "continue."  I click this, and it returns me to the last page I was on (Single Port Forwarding).
  But here is the problem- that page is EXACTLY the same as when I began.  None of what I typed in or changed is actually saved on the screen o_0
  This definitely baffles me, as it seems as if I did nothing in first place.  I use the program whose port I wanted to forward and it still doesn't work, the error messages being the same as always. 
  So what is the matter here?  Why aren't my settings being saved properly?  Do I need to get a new router-this one is only a year old...
  Any ideas?
  PS- I also tried to do port range forwarding, and the same thing happens there too.

  hi there and welcome to the forums!
  try to clear your browsers' cache..and delete cookies then try again

• Bt Broadband Port Forwarding For game Fifa 11

  I need to enter ports for my game so it works perfectly but i don't know how to do it. I can get on to the port forwarding page but it confuses me when i get on the page can anyone help!

  Wii works for me as a straight connection, no need of port forwarding.
  Ray.

• RV325 dual wan port forwarding

  RV325 firmware v1.1.1.19
  Each WAN has 1 static IP
  Can I forward different ports from WAN1 to different internal IP's?  
  The manual says there should be "interface" selection but the on port forward config but all I have is "service", "IP" and "status". 
  What I am trying to do is:
  WAN1:80 --> internal 10.0.0.101:80
  WAN1:10000 --> internal 10.0.0.162:10000
  WAN2:80 --> internal 10.0.0.102:80
  WAN2:10000 --> internal 10.0.0.253:10000

  What mpyhala posted is correct. Under the access rules you are actually able to select an interface.
  Unfortunately, it won't help you in regards to the port forwarding configuration you are trying to setup.
  On this router, you open the ports using port forwarding. You can configure access rules and select the right interface but it will not open any ports.

• BT HomeHub 4 - Port Forwarding.

  I need to open up ports 80, 8068 on my Home Hub 4, I have followed the port forwarding instructions but it will still not open them.
  I have opened up ports 9000, 85, & 18004 in the same way and this has worked?
  Any advice?
  Cheers.

  Traffic will only be allowed back in on port 80 from a source if your device has already sent traffic to that source, because port 80 is used pretty much everywhere for http traffic and leaving it fully open would be just asking for trouble - it's pretty much a given that one of a limited number of browsers is sat at the end of it.  I'm assuming that 8068 is similarly restricted.

• Does Verizon Wireless support Port forwarding.

  The 4510L has port forwarding. But the IP address ports are all stealth. I know VW has to take security measures for spam and hackers but this is just a little over kill here. The IP addresses they use are from wdspco.org. At lest in my area. Come on VW where is a tech support that are not sale reps. This feature should be part of the ISP service. It should not be an issue to allow simple port forwarding for the NOC. I know the public IP address is not routable. Its not going to cost more to route.

      We would love to support you with your Env3, jeffrey8066!
  What can we do to help?
  TamaraH_VZW
  Follow us on Twitter @VZWSupport

• RV082 Port Forwarding or DMZ Configuration Assistance

  Greetings Community,
  I have an RV082 V2 with 2.0.2.01-tm and I am having trouble with getting my Sprint Airvana to connect properly to the mobile service.  Many suggestions I've read on the Sprint forums indicate putting the Airvana in the DMZ generally allows the device to work properly; however, none have the RV series routers for tips on how to do this appropriately.  This device used to work fine behind the RV082, but I reset it one day and it no longer works.
  The Airvana is a femtocell/router device with a WAN port and 3 LAN ports.  If I connect the Airvana directly to my cable modem, I get the appropriate connection and can then make calls through the device instead of through the Sprint connection; I live in a basement unit and get crappy signal without the device.  This proves the device works and that my ISP is not blocking the ports.  Sprint indicates the device uses UDP 53, 67, 68, 500 and 4500.  Their support sucks and they insist I put the Airvana before my router.  I absolutely do not want to use the Airvana as the router.  There are almost no configuration options in the router interface and it needs to be rebooted somewhat regularly, which would drop internet access throughout the house for 10-15 minutes while it reboots and finally establishes an internet connection.
  As soon as put the Airvana behind the RV082, I no longer get the appropriate connection.  I can, however, plug my computer into one of the LAN ports on the Airvana and connect to the internet in general.  I have the router assign a static IP to the Airvana, and tried forwarding the required UDP ports to the IP.  This did not fix the problem.
  I can certainly troubleshoot the port forwarding issues, but I would also like to look into putting the device into the DMZ, if possible.  I've not worked much in this area, so I am unsure how to appropriately configure the router to allow this to happen.  Is it possible to have the Airvana in the router DMZ without having a public IP for the device itself?  It seems this is something that can be done, but I could be mistaken.  If so, how is that done?
  Please feel free to ask any clarifying questions and I thank you in advance for any assistance you may provide.

  I apologize in the delay in getting back to this post; however, it dropped to the bottom of my priority list for a while.  As a workaround, I used the Airvana device as my router temporarily; however, I have the time again and would like to get it setup behind the RV082 again.
  It does not appear the device supports UPnP.  I had that enabled for some other applications already.
  According to http://tinyurl.com/AirvanaPorts I need the following UDP ports open: 53, 67, 68, 500, 4500.  Another suggestion from a Sprint rep was to also open/forward TCP 5060 and 5061.  I have the ports forwarded to the device as shown below and have confirmed the device has the correct IP address.  The device gets a valid internet connection (verified by plugging a computer into one of the LAN ports on the Airvana device; however, it still does not connect to the Sprint service like it should.  I am guessing there is another port and/or the Sprint article has incorrect information.
  To check this, I'm thinking I need to set the device up in the DMZ, but I'm not sure exactly what I need to do for proper configuration.  Is it as easy as enabling the DMZ port and plugging the device in, or are there other settings needed?  Is there anything else I may be missing for the Port Forwarding?

• Port forwarding with airport & external router

  Hi,
  I'm happy with port forwarding normally, but I've just made my network entirely wireless and can't figure out the answer to this problem. I have a non wired netgear router as my internet access point, an airport express is connected to this getting its address via DHCP, another airport is joined to this network, and 2 macs are connected to the airports again getting addresses via DHCP. How do I port forward to the macs using this setup? I can't figure it out. Obviously I'll need to configure manually, but if I open the port on my router and open the same port on the AX will they go throught to the mac ok. Do I map the router to forward to the AX manual IP then map the AX to a specific mac IP? Any tips appreciated before I go ahead and break my network
  Emma

  Emma,
  Ok, here are my thoughts. Have you tried assigning static IPs via DHCP, not manual config, based on client MAC addresses? Meaning when the router sees an ethernet MAC address it always assigns the same IP to that machine. This should enable the handing out of IPs while retaining port forwarding to the same machine each time and still preserve the routing that DHCP seems to enable more betterer . I'm not familiar with the netgear setup and I couldn't get my AX performing satisfactorily for my needs either so I have returned it however this is a 'somewhat' common option when setting up DHCP on different routers and I have found it works better when daisy chaining through routers.
  HTH,
  Steve

• ActionTec MI424WR / Port Forwarding

  I consider myself pretty tech savvy.  I've configured plenty of Cisco PIX routers so I have some experience.  But for the life of me, I can't get ANY port forwarding working.  I have an ActionTec MI424-WR Rev D router with firmware 4.0.16.1.56.0.10.11.6.  I've read the manual, I've configured port forwarding.  But no matter what port I choose, it never shows as open.  I've called ActionTec twice and they walked me through the steps, which were identical to what I did, and no matter what, the ports are not forwarding.  They appear to be blocked somewhere. 
  I do not have a second router.  The FIOS comes into the ActionTec router and then two of my computers are connected as part of a network.  I am trying to set up a SSH tunnel to one of my home computers.  I've tried the standard port 22, and a bunch of non-standard ports.  I've even tried to get RDP working on 3389 and no joy.  The port forwarding is setup, I've tried medium and low security on the firewall.  From other computers on the network, I can telnet to port 22 using both ip address and dns name and I get my OpenSSH screen.  But it's not availble from outside.  I have tried it with Windows firewall (XP) both on with exceptions and off.  Still no joy.
  I have read that people all over are doing this, but it isn't working for me.  Does anyone have any suggestions on what could be wrong or how to diagnose the problem?  Shields Up says my ports are stealthed.  CanyouSeeMe.org sometimes says connection denied and sometimes says connection timeout.  I don't know what else to try.
  Anyone?

  Okay, problem is partially solved.  I installed CopSSH on my other computer, edited the port forwarding to point to the other computer, and it works.  I never suspected my own computer was the problem.  The question is why?  The only firewall on my computer is Windows firewall (XP), which I've created exceptions for and even tried disabling.  I still wasn't able to access the port.  So something on my machine is blocking ports but I have no idea what.  Does anyone have any ideas where to look?  I turned off Windows Defender and Symantec AV but that didn't help (and then turned them back on).
  TIA for any help

• Defeat Port Forwarding Via A Server Passing a Connection

  Is the following possible?
  There are 2 Users. User A and B.
  Both are behind a router and therefore need to enable
  port forwarding first before they can make a direct connection.
  Both connect to a Server that passes data from A->B, B->A
  Is there a way to establish a direct connection somehow?
  Like somehow having the server "pass" its connection with B to A?

  Do you in fact have an address that can beconnected to?
  Yes. Both users know the IP of the router they are
  trying to connect to.
  For a direct connection I thought the only way to do
  this was port
  forwarding. But if they connected to a server first I
  was hoping there
  would some way around port forwarding.
  Still not sure what you mean. A connection, all connections, even when port forwarding is involved, still requires connecting two computers together. One is the client (connects to) and one is the server (connected to.)
  Essentially, you know how if someone behind a router
  connects
  to you, once you have that connection established you
  can send
  them data without them having port forwarding. Once
  they connect
  to you, you have that 2 way communication.
  That isn't what happens.
  What happens is that the connection is to the router. And that connection is the only one that exists for the client. What happens is that the router then sends messages to the server (behind the router) and responses from the server are then gathered by the router, repackaged, and sent to the client.
  Now if both people are behind a router neither can
  connect to the other without at least one having
  forwarded a port. But if they both connect to a
  server first..... can they establish a direct
  connection somehow?No to the second part.
  Keep in mind that the first part suggests the possibility of some implicit assumptions that would be incorrect. A connection request by the client is managed by the router. The router actually repackages the client request, and it is the router that is actually doing the connection.