[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
7.4

Help with Port Forwarding though Cisco 1812 router using SDM 2.4.1 - screenshots would really help!

Asked by dnorman2005 in Network Routers, Networking Hardware Firewalls, Cisco PIX Firewall

Tags: cisco, 1812, router, port, sdm

Hi, i have a Cisco 1812 router and need to forward some ports through it to a private IP on the LAN.  Specifically, ports 1100, 1105, 1106 both TCP and UDP need to be forwarded through the router to 192.168.1.30.

On a SOHO router, i'd click on Port Forwarding, type in the ports, and enter the IP to forward them to.  take about 10 seconds.  I've done plenty of searches on Google and through Experts Exchange, and man, tonnes of conflicting information and very complicated (for me) steps.

I'm looking for someone to walk me though it, ideally with screenshots of how to do it with SDM v2.4.1.

I am NOT looking to do this via the command line interface via Telnet.  I'm more of a GUI-person.

It seems the first thing everyone asks for it the running config, so here it is.....

You'll notice that there are 2 WAN connections - that is accurate.  we have 2 WAN connections, each to a different ISP.  Ideally, 192.168.1.30 - ports 1100, 1105, 1106 would be reachable through either WAN port.



Building configuration...

Current configuration : 11289 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname toronto
!
boot-start-marker
boot-end-marker
!
logging buffered 52000 debugging
enable secret 5 $1$iFbZ$A9x/uNB425mzEm3t40yuS/
enable password 7 0013110A5C0E0F51
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login userauthen local
aaa authorization network groupauthor local
!
aaa session-id common
!
resource policy
!
!
!
ip cef
!
!
no ip domain lookup
ip ddns update method sdm_ddns1
 DDNS both
!
vpdn enable
!
vpdn-group 1
! Default PPTP VPDN group
 accept-dialin
  protocol pptp
  virtual-template 1
!
!
!
crypto pki trustpoint TP-self-signed-2353578796
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2353578796
 revocation-check none
 rsakeypair TP-self-signed-2353578796
!
!
crypto pki certificate chain TP-self-signed-2353578796
 certificate self-signed 01
  3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32333533 35373837 3936301E 170D3037 30363135 31363433
  31345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 33353335
  37383739 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100DB66 58CF9BB5 B4176F89 C76C2447 B150AED1 A91B41FD C5AF5B36 53BAB9BF
  00073765 06A8F42F 0566289D 93805ECD F6FFC28A 405453FA B7AAA86C CDD09DD3
  5A01D03A 25D7CBD4 4E986461 B45D7EFE 31E2EB08 75B69CE3 0D96C445 4370B1C9
  94A36062 9F8698BB F91A33EE 6B282696 B46C98E1 FD0A24D5 4D0D3C5A 479F6C5D
  D9990203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603
  551D1104 0B300982 07746F72 6F6E746F 301F0603 551D2304 18301680 14A01FE7
  6A610C5B DD8296A3 56685ED5 E289EE28 60301D06 03551D0E 04160414 A01FE76A
  610C5BDD 8296A356 685ED5E2 89EE2860 300D0609 2A864886 F70D0101 04050003
  8181001C 1C722D56 A940F057 0010EA48 AB4CC09D E9BDF5BD 808DBD32 23819674
  A1A8512A 95114764 BF509EAC 1FE78C3F 2F2953CF CB7E77B8 45E5A5E4 460241C6
  D8A963C1 2E6DA08C 674549A3 29FDC593 D57D5A2B C25953D3 C254B8A2 F84A3548
  1E8A865B 418B3A8B B9524C7D 51C1852B B67F3D5D A0C5B911 537B3308 CA63CC32 2F6E8F
  quit
username BenF privilege 15 password 7 104C0C171716140D55
username dnorman privilege 15 password 7 121404101C041E5772
username telespace password 7 1301561C5B5E547A7C
username astrauss secret 5 $1$SJ16$K3lX05ZXeA.e306jpFuy10
username remoteaccess privilege 15 view SDM_EasyVPN_Remote secret 5 $1$0WlU$xcGshCG0Zsc4WCrLgK5QE/
!
!
!
crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
crypto isakmp key mag67nor32 address 196.211.39.6 no-xauth
crypto isakmp key mag67nor32 address 63.170.69.201 no-xauth
!
crypto isakmp client configuration group rtr-remote
 key harley
 domain magindustries.com
 pool dispatch1
!
!
crypto ipsec transform-set ESP-3DES-SHA5 esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA6 esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 1
 set transform-set ESP-3DES-SHA5
 reverse-route
!
!
crypto map SDM_CMAP_3 client authentication list userauthen
crypto map SDM_CMAP_3 isakmp authorization list groupauthor
crypto map SDM_CMAP_3 client configuration address respond
crypto map SDM_CMAP_3 1 ipsec-isakmp
 description Tunnel to Johanesburg
 set peer 196.211.39.6
 set transform-set ESP-3DES-SHA5
 match address 107
crypto map SDM_CMAP_3 2 ipsec-isakmp
 description Tunnel to Barbados
 set peer 63.170.69.201
 set transform-set ESP-3DES-SHA6
 match address 108
crypto map SDM_CMAP_3 10 ipsec-isakmp dynamic dynmap
!
!
!
!
interface FastEthernet0
 ip address 208.97.126.74 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 ip tcp adjust-mss 1452
 duplex auto
 speed auto
 no cdp enable
 crypto map SDM_CMAP_3
 crypto ipsec df-bit clear
!
interface FastEthernet1
 description $ETH-WAN$
 ip address 69.77.169.58 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 no ip route-cache cef
 no ip route-cache
 ip tcp adjust-mss 1452
 duplex auto
 speed auto
 no cdp enable
 crypto map SDM_CMAP_3
 crypto ipsec df-bit clear
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
!
interface FastEthernet2
 switchport trunk allowed vlan 1-4,1002-1005
 no cdp enable
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Virtual-Template1
 ip unnumbered Vlan1
 peer default ip address pool dispatch1
 no keepalive
 ppp encrypt mppe auto required
 ppp authentication pap chap ms-chap
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$
 ip address 192.168.1.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1300
 ip policy route-map clear-df
!
interface Dialer0
 ip ddns update hostname toronto.magindustries.com
 ip ddns update sdm_ddns1
 ip address 70.52.203.75 255.255.255.0
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip tcp adjust-mss 1400
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname mcwdemo@mcw.net
 ppp chap password 7 104008170B0E15040D10
 ppp pap sent-username mcwdemo@mcw.net password 7 151C0A020A332C2B2927
!
router rip
 version 2
 redistribute connected
 network 69.0.0.0
 network 70.0.0.0
 network 192.168.1.0
 network 207.164.233.0
 network 208.97.126.0
 neighbor 192.168.1.99
 no auto-summary
!
ip local pool dispatch1 10.30.30.1 10.30.30.21
ip route 0.0.0.0 0.0.0.0 69.77.169.57
ip route 0.0.0.0 0.0.0.0 208.97.126.73 200
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0 overload
ip nat inside source route-map SDM_RMAP_2 interface FastEthernet1 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit 192.168.254.0 0.0.0.255
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.1.30
access-list 3 remark SDM_ACL Category=1
access-list 3 permit 192.168.1.30
access-list 102 remark SDM_ACL Category=2
access-list 102 remark IPSec Rule
access-list 102 deny   ip 192.168.1.0 0.0.0.255 10.30.30.0 0.0.0.255
access-list 102 deny   ip 192.168.1.0 0.0.0.255 10.20.1.0 0.0.0.255
access-list 102 deny   ip 192.168.1.0 0.0.0.255 10.60.1.0 0.0.0.255
access-list 102 deny   ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 102 deny   ip 192.168.1.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 102 deny   ip 10.30.30.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 102 deny   ip 10.30.30.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 102 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 permit ip 192.168.3.0 0.0.0.255 any
access-list 102 permit ip 192.168.254.0 0.0.0.255 any
access-list 107 remark SDM_ACL Category=4
access-list 107 remark IPSec Rule
access-list 107 permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 107 permit ip 10.30.30.0 0.0.0.255 192.168.3.0 0.0.0.255
access-list 107 permit ip 192.168.1.0 0.0.0.255 10.60.1.0 0.0.0.255
access-list 108 permit ip 192.168.1.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 108 remark SDM_ACL Category=4
access-list 108 remark IPSec Rule
access-list 108 permit ip 192.168.1.0 0.0.0.255 10.20.1.0 0.0.0.255
access-list 108 permit ip 10.30.30.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 123 permit icmp any any
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
no cdp run
!
!
!
route-map clear-df permit 10
 set ip df 0
!
route-map SDM_RMAP_1 permit 1
 match ip address 102
 match interface FastEthernet0
!
route-map SDM_RMAP_2 permit 1
 match ip address 102
 match interface FastEthernet1
!
route-map nonat permit 10
 match ip address 102
!
!
!
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco".

Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use.

For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
line aux 0
line vty 0 4
 privilege level 15
 transport input telnet ssh
line vty 5 14
 privilege level 15
 transport input telnet ssh
line vty 15
 privilege level 15
 transport input telnet ssh
parser view SDM_EasyVPN_Remote
 secret 5 $1$eOS.$oFbiN4uy4Tys3HuLXHgfA1
 commands interface include all crypto
 commands interface include all no crypto
 commands interface include no
 commands configure include end
 commands configure include all radius-server
 commands configure include all access-list
 commands configure include ip radius source-interface
 commands configure include ip radius
 commands configure include all interface
 commands configure include all dot1x
 commands configure include all identity policy
 commands configure include identity profile
 commands configure include identity
 commands configure include all crypto
 commands configure include ip
 commands configure include all aaa
 commands configure include no end
 commands configure include all no radius-server
 commands configure include all no access-list
 commands configure include no ip radius source-interface
 commands configure include no ip radius
 commands configure include all no interface
 commands configure include all no dot1x
 commands configure include all no identity policy
 commands configure include no identity profile
 commands configure include no identity
 commands configure include all no crypto
 commands configure include no ip
 commands configure include all no aaa
 commands configure include no
 commands exec include dir all-filesystems
 commands exec include dir
 commands exec include crypto ipsec client ezvpn connect
 commands exec include crypto ipsec client ezvpn xauth
 commands exec include crypto ipsec client ezvpn
 commands exec include crypto ipsec client
 commands exec include crypto ipsec
 commands exec include crypto
 commands exec include write memory
 commands exec include write
 commands exec include all ping ip
 commands exec include ping
 commands exec include configure terminal
 commands exec include configure
 commands exec include all show
 commands exec include no
 commands exec include all debug appfw
 commands exec include all debug ip inspect
 commands exec include debug ip
 commands exec include debug
 commands exec include all clear
!
!
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end


 
Related Solutions
Keywords: Help with Port Forwarding though Cisc…
Title
1 Cisco VOIP  teleworker IP Phone behin…
2 How can i access a service using PAT…
3 EZvpn routing between subnets is one…
4 VPN network access
 
Loading Advertisement...
 
[+][-]11/09/07 04:39 PM, ID: 20254158Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]11/09/07 05:23 PM, ID: 20254272Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]11/09/07 05:29 PM, ID: 20254292Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]11/09/07 05:32 PM, ID: 20254301Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]11/09/07 05:34 PM, ID: 20254309Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]11/11/07 11:24 AM, ID: 20260200Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]11/11/07 12:40 PM, ID: 20260480Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]11/11/07 01:17 PM, ID: 20260602Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]11/11/07 01:18 PM, ID: 20260605Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]11/11/07 02:46 PM, ID: 20260982Accepted Solution

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

About this solution

Zones: Network Routers, Networking Hardware Firewalls, Cisco PIX Firewall
Tags: cisco, 1812, router, port, sdm
Sign Up Now!
Solution Provided By: wingatesl
Participating Experts: 1
Solution Grade: A
 
[+][-]11/11/07 02:56 PM, ID: 20261040Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]11/14/07 06:26 AM, ID: 20280092Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]11/14/07 06:39 AM, ID: 20280186Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091111-EE-VQP-89 / EE_QW_2_20070628