Port Forwarding with Cisco 871??

Port Forwarding with Cisco 871??
NewsGroups | Search | Tools
User Password
Register Now! Lost Password?
 comp.dcom.sys.cisco  Post an article  get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content  add this group's latest topics to your Google content  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
Port Forwarding with Cisco 871?? mhaase-at-springmind.com 09-25-2005
Posted by mhaase-at-springmind.com on September 25, 2005, 9:58 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I hope somebody has some ideas on this, cause it's making me crazy.
It's probably something dirt simple I'm overlooking.

We have a Netopia DSL "modem", which provides us with four static
IP's.

We take one of those IPs, and run it to a CISCO 871 (which provides a
VPN that I don't think is pertinent to the problem.). The CISCO is
also doing DHCP, and NATing to a 192.168.0.x LAN.

All seems to be working fine, until I try to "Port forward" Ports 25,
80, and 110 from the outside WAN through to a server on the LAN.

The Netopia seems to be doing it's part -- I've configured what
Netopia calls "pinholes", and if I hang a server directly off of it, I
can access the required ports from the outside.

The CISCO has been configured by a CISCO tech, via Telnet from their
support center. He basically put in "permit any to 192.168.0.2 eq 80"
(I'm not sure of the exact syntax) on the inbound, and "permit
192.168.0.2 to any eq 80" on the outbound. ((He also put in "permit"
statements for the other ports).

Problem is, it's not working. I get no response from anything on the
LAN when I try to access it from outside. I've checked the CISCO's
logs, and can't even find a record of the attempts at access, although
I may not have all the logging I should enabled (I'm not
super-familiar with CISCO stuff).

I get the same results no matter which port I try.

Any thoughts? Suggestions for troubleshooting methods? Is there some
basic routing/networking reason why this won't work? Seems I've done
this dozens of times before with Linksys, Dlink and the like without
problems.


Thanks!


Network Magic 20% Off NMEASY coupon code spring banner 468x60
Posted by Erik Tamminga on September 26, 2005, 9:10 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi,

The problem you describe can be solved with NAT. You need to add a static
translation for ports 25, 80 and 110 of one of the public IP's to the
designated internal private IP.

ip nat inside source static tcp 192.168.0.2 25 a.b.c.d 25
ip nat inside source static tcp 192.168.0.2 80 a.b.c.d 80
ip nat inside source static tcp 192.168.0.2 110 a.b.c.d 110

(replace a.b.c.d with the public IP of the outside interface (or any of the
other public ip's).

Erik

>I hope somebody has some ideas on this, cause it's making me crazy.
> It's probably something dirt simple I'm overlooking.
>
> We have a Netopia DSL "modem", which provides us with four static
> IP's.
>
> We take one of those IPs, and run it to a CISCO 871 (which provides a
> VPN that I don't think is pertinent to the problem.). The CISCO is
> also doing DHCP, and NATing to a 192.168.0.x LAN.
>
> All seems to be working fine, until I try to "Port forward" Ports 25,
> 80, and 110 from the outside WAN through to a server on the LAN.
>
> The Netopia seems to be doing it's part -- I've configured what
> Netopia calls "pinholes", and if I hang a server directly off of it, I
> can access the required ports from the outside.
>
> The CISCO has been configured by a CISCO tech, via Telnet from their
> support center. He basically put in "permit any to 192.168.0.2 eq 80"
> (I'm not sure of the exact syntax) on the inbound, and "permit
> 192.168.0.2 to any eq 80" on the outbound. ((He also put in "permit"
> statements for the other ports).
>
> Problem is, it's not working. I get no response from anything on the
> LAN when I try to access it from outside. I've checked the CISCO's
> logs, and can't even find a record of the attempts at access, although
> I may not have all the logging I should enabled (I'm not
> super-familiar with CISCO stuff).
>
> I get the same results no matter which port I try.
>
> Any thoughts? Suggestions for troubleshooting methods? Is there some
> basic routing/networking reason why this won't work? Seems I've done
> this dozens of times before with Linksys, Dlink and the like without
> problems.
>
>
> Thanks!




Posted by mhaase-at-springmind.com on September 27, 2005, 4:04 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
On Mon, 26 Sep 2005 21:10:40 +0200, "Erik Tamminga"

>Hi,
>
>The problem you describe can be solved with NAT. You need to add a static
>translation for ports 25, 80 and 110 of one of the public IP's to the
>designated internal private IP.
>
>ip nat inside source static tcp 192.168.0.2 25 a.b.c.d 25
>ip nat inside source static tcp 192.168.0.2 80 a.b.c.d 80
>ip nat inside source static tcp 192.168.0.2 110 a.b.c.d 110
>
>(replace a.b.c.d with the public IP of the outside interface (or any of the
>other public ip's).
>
>Erik


Thanks Eric! I'll be able to give it a try tomorrow.




>>I hope somebody has some ideas on this, cause it's making me crazy.
>> It's probably something dirt simple I'm overlooking.
>>
>> We have a Netopia DSL "modem", which provides us with four static
>> IP's.
>>
>> We take one of those IPs, and run it to a CISCO 871 (which provides a
>> VPN that I don't think is pertinent to the problem.). The CISCO is
>> also doing DHCP, and NATing to a 192.168.0.x LAN.
>>
>> All seems to be working fine, until I try to "Port forward" Ports 25,
>> 80, and 110 from the outside WAN through to a server on the LAN.
>>
>> The Netopia seems to be doing it's part -- I've configured what
>> Netopia calls "pinholes", and if I hang a server directly off of it, I
>> can access the required ports from the outside.
>>
>> The CISCO has been configured by a CISCO tech, via Telnet from their
>> support center. He basically put in "permit any to 192.168.0.2 eq 80"
>> (I'm not sure of the exact syntax) on the inbound, and "permit
>> 192.168.0.2 to any eq 80" on the outbound. ((He also put in "permit"
>> statements for the other ports).
>>
>> Problem is, it's not working. I get no response from anything on the
>> LAN when I try to access it from outside. I've checked the CISCO's
>> logs, and can't even find a record of the attempts at access, although
>> I may not have all the logging I should enabled (I'm not
>> super-familiar with CISCO stuff).
>>
>> I get the same results no matter which port I try.
>>
>> Any thoughts? Suggestions for troubleshooting methods? Is there some
>> basic routing/networking reason why this won't work? Seems I've done
>> this dozens of times before with Linksys, Dlink and the like without
>> problems.
>>
>>
>> Thanks!
>



Similar ThreadsPosted
Port forwarding with Cisco 837 January 4, 2005, 8:44 am
Cisco 837 VPN, NAT and Port Forwarding February 27, 2005, 7:11 pm
cisco pix 515 port forwarding - NOT possible? hard to believe.. July 27, 2005, 12:23 am
Cisco 871 router port forwarding July 12, 2006, 8:41 pm
Cisco PIX 501 port forwarding trouble September 24, 2006, 10:32 am
port mapping or forwarding on Cisco Pix 506E August 5, 2005, 1:30 pm
Port forwarding from cisco 2600 to ASA-5510 July 20, 2006, 10:23 am
HELP With Cisco PIX 506E routing/port forwarding with SMTP????? July 23, 2004, 11:16 am
Cisco 2600 + DSL + Cable -> Failover and port forwarding July 2, 2008, 12:47 am
Port forwarding February 2, 2006, 3:05 pm

other useful resources:
The Federal Communications Commission (FCC)
Telecommunications Industry Association
Electronic and Software Security Products and Services
International Telecommunication Union

Custom CGI Perl and PHP programming by 1-Script.com

Contact Us | Privacy Policy
The site map in XML format XML site map