[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
7.1

cant get get Port forwarding to work on my Cisco 857

Asked by harry738 in Network Routers, Network Operations, Network Design & Methodology

Tags: Cisco, port forwarding, cisco router, router, cisco 800 series, ADSL

I've got a single static IP address on my ADSL and I want to forward port 2000 to a PC on my LAN.

Im using SDM to configure the router. I've configured the NAT using SDM but its not working.

here is my config

!This is the running config of the router: xx.xx.xx.40
!----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname PAY-EDI-CISCO
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
logging console critical
enable secret 5 $1$byrbb$TGS7mwtZHjhLIUJDaEOaF/
!
no aaa new-model
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-1082389886
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1082389886
 revocation-check none
 rsakeypair TP-self-signed-1082389886
!
!
crypto pki certificate chain TP-self-signed-1082389886
 certificate self-signed 01
 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
        quit
dot11 syslog
no ip source-route
ip dhcp excluded-address 10.10.10.1
!
!
ip cef
ip inspect name fw appfw fw
ip inspect name fw tcp
ip inspect name fw https
ip inspect name fw dns
ip inspect name fw pptp
ip inspect name fw l2tp
ip inspect name fw gtpv0
ip inspect name fw gtpv1
ip inspect name fw ddns-v3
ip inspect name fw dnsix
ip inspect name fw ldap-admin
ip inspect name fw ldap
ip inspect name fw ldaps
ip inspect name fw netbios-ns
ip inspect name fw wins
ip inspect name fw daytime
ip inspect name fw ntp
ip inspect name fw time
ip inspect name fw timed
ip inspect name fw hsrp
ip inspect name fw router
ip inspect name fw icmp
ip inspect name fw fragment maximum 256 timeout 1
ip inspect name fw snmp
ip inspect name fw snmptrap
ip inspect name fw syslog
ip inspect name fw syslog-conn
ip inspect name fw tacacs
ip inspect name fw kerberos
ip inspect name fw radius
ip inspect name fw tacacs-ds
ip inspect name fw ident
ip inspect name fw ace-svr
ip inspect name fw bootpc
ip inspect name fw bootps
ip inspect name fw dhcp-failover
ip inspect name fw discard
ip inspect name fw echo
ip inspect name fw finger
ip inspect name fw gopher
ip inspect name fw igmpv3lite
ip inspect name fw ipx
ip inspect name fw pwdgen
ip inspect name fw rsvp-encap
ip inspect name fw rsvp_tunnel
ip inspect name fw socks
ip inspect name fw vqp
ip inspect name fw udp
ip inspect name fw exec
ip inspect name fw telnet
ip inspect name fw telnets
ip inspect name fw rtelnet
ip inspect name fw login
ip inspect name fw rcmd
ip inspect name fw ssh
ip inspect name fw shell
ip inspect name fw sshell
ip inspect name fw x11
ip inspect name fw xdmcp
ip inspect name SDM_MEDIUM appfw SDM_MEDIUM
ip inspect name SDM_MEDIUM cuseeme
ip inspect name SDM_MEDIUM dns
ip inspect name SDM_MEDIUM ftp
ip inspect name SDM_MEDIUM h323
ip inspect name SDM_MEDIUM https
ip inspect name SDM_MEDIUM icmp
ip inspect name SDM_MEDIUM imap reset
ip inspect name SDM_MEDIUM pop3 reset
ip inspect name SDM_MEDIUM rcmd
ip inspect name SDM_MEDIUM realaudio
ip inspect name SDM_MEDIUM rtsp
ip inspect name SDM_MEDIUM esmtp
ip inspect name SDM_MEDIUM sqlnet
ip inspect name SDM_MEDIUM streamworks
ip inspect name SDM_MEDIUM tftp
ip inspect name SDM_MEDIUM tcp
ip inspect name SDM_MEDIUM udp
ip inspect name SDM_MEDIUM vdolive
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
no ip bootp server
ip domain name yourdomain.com
ip name-server 212.23.6.100
ip name-server 212.23.3.100
!
appfw policy-name SDM_MEDIUM
  application im aol
    service default action allow alarm
    service text-chat action allow alarm
    server permit name login.oscar.aol.com
    server permit name toc.oscar.aol.com
    server permit name oam-d09a.blue.aol.com
  application im msn
    service default action allow alarm
    service text-chat action allow alarm
    server permit name messenger.hotmail.com
    server permit name gateway.messenger.hotmail.com
    server permit name webmessenger.msn.com
  application im yahoo
    service default action allow alarm
    service text-chat action allow alarm
    server permit name scs.msg.yahoo.com
    server permit name scsa.msg.yahoo.com
    server permit name scsb.msg.yahoo.com
    server permit name scsc.msg.yahoo.com
    server permit name scsd.msg.yahoo.com
    server permit name cs16.msg.dcn.yahoo.com
    server permit name cs19.msg.dcn.yahoo.com
    server permit name cs42.msg.dcn.yahoo.com
    server permit name cs53.msg.dcn.yahoo.com
    server permit name cs54.msg.dcn.yahoo.com
    server permit name ads1.vip.scd.yahoo.com
    server permit name radio1.launch.vip.dal.yahoo.com
    server permit name in1.msg.vip.re2.yahoo.com
    server permit name data1.my.vip.sc5.yahoo.com
    server permit name address1.pim.vip.mud.yahoo.com
    server permit name edit.messenger.yahoo.com
    server permit name messenger.yahoo.com
    server permit name http.pager.yahoo.com
    server permit name privacy.yahoo.com
    server permit name csa.yahoo.com
    server permit name csb.yahoo.com
    server permit name csc.yahoo.com
!
appfw policy-name fw
  application im aol
    service default action reset
    service text-chat action reset
    server deny name login.oscar.aol.com
    server deny name toc.oscar.aol.com
    server deny name oam-d09a.blue.aol.com
  application im msn
    service default action reset
    service text-chat action reset
    server deny name messenger.hotmail.com
    server deny name gateway.messenger.hotmail.com
    server deny name webmessenger.msn.com
  application im yahoo
    service default action reset
    service text-chat action reset
    server deny name scs.msg.yahoo.com
    server deny name scsa.msg.yahoo.com
    server deny name scsb.msg.yahoo.com
    server deny name scsc.msg.yahoo.com
    server deny name scsd.msg.yahoo.com
    server deny name messenger.yahoo.com
    server deny name cs16.msg.dcn.yahoo.com
    server deny name cs19.msg.dcn.yahoo.com
    server deny name cs42.msg.dcn.yahoo.com
    server deny name cs53.msg.dcn.yahoo.com
    server deny name cs54.msg.dcn.yahoo.com
    server deny name ads1.vip.scd.yahoo.com
    server deny name radio1.launch.vip.dal.yahoo.com
    server deny name in1.msg.vip.re2.yahoo.com
    server deny name data1.my.vip.sc5.yahoo.com
    server deny name address1.pim.vip.mud.yahoo.com
    server deny name edit.messenger.yahoo.com
    server deny name http.pager.yahoo.com
    server deny name privacy.yahoo.com
    server deny name csa.yahoo.com
    server deny name csb.yahoo.com
    server deny name csc.yahoo.com
!
appfw policy-name SDM_LOW
!
!
!
username admin privilege 15 secret 5 $1$pbb9$1Zr2qmhZsjYVUNPpKIFn8.
!
!
archive
 log config
  hidekeys
!
!
ip tcp synwait-time 10
!
!
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip route-cache flow
 no atm ilmi-keepalive
 dsl operating-mode auto
!
interface ATM0.2 point-to-point
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 pvc 0/38
  pppoe-client dial-pool-number 1
 !
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
 ip address 192.168.100.149 255.255.255.0
 ip access-group 105 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip inspect fw out
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1412
!
interface Dialer1
 description $FW_OUTSIDE$
 ip address xx.xx.xx.40 255.255.255.0
 ip access-group 106 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip mtu 1452
 ip inspect SDM_LOW out
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname xxxxxxxxxxxxxx
 ppp chap password 7 xxxxxxxxxxxxxxx
 ppp pap sent-username xxxxxx password 7 xxxxxxxxxx
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.100.150 2000 xx.xx.xx.40 2000 extendable
!
logging trap debugging
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.100.0 0.0.0.255
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 100 remark remote Control
access-list 100 permit tcp any host 192.168.100.150 eq 2000 log
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host 212.23.6.100 eq domain any
access-list 101 permit udp host 212.23.3.100 eq domain any
access-list 101 permit ip 192.168.100.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 remark Remote Control
access-list 101 permit tcp any host 192.168.100.150 eq 2000 log
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip host 0.0.0.0 any
access-list 101 deny   ip any any log
access-list 102 remark auto generated by SDM firewall configuration
access-list 102 remark SDM_ACL Category=1
access-list 102 permit tcp any host 62.173.82.67
access-list 102 deny   ip xx.xx.xx.0 0.0.0.255 any
access-list 102 deny   ip host 255.255.255.255 any
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip any any
access-list 103 remark auto generated by SDM firewall configuration
access-list 103 remark SDM_ACL Category=1
access-list 103 remark PORT 2000 forwarding
access-list 103 permit tcp any host xx.xx.xx.40 eq 2000 log
access-list 103 remark port 2000 UDP forwading
access-list 103 permit udp any host xx.xx.xx.40 eq 2000 log
access-list 103 permit udp host 212.23.3.100 eq domain host xx.xx.xx.40
access-list 103 permit udp host 212.23.6.100 eq domain host xx.xx.xx.40
access-list 103 deny   ip 192.168.100.0 0.0.0.255 any
access-list 103 permit icmp any host xx.xx.xx.40 echo-reply
access-list 103 permit icmp any host xx.xx.xx.40 time-exceeded
access-list 103 permit icmp any host xx.xx.xx.40 unreachable
access-list 103 permit tcp any host xx.xx.xx.40 eq 443
access-list 103 permit tcp any host xx.xx.xx.40 eq 22
access-list 103 permit tcp any host xx.xx.xx.40 eq cmd
access-list 103 deny   ip 10.0.0.0 0.255.255.255 any
access-list 103 deny   ip 172.16.0.0 0.15.255.255 any
access-list 103 deny   ip 192.168.0.0 0.0.255.255 any
access-list 103 deny   ip 127.0.0.0 0.255.255.255 any
access-list 103 deny   ip host 255.255.255.255 any
access-list 103 deny   ip host 0.0.0.0 any
access-list 103 deny   ip any any log
access-list 104 remark auto generated by SDM firewall configuration
access-list 104 remark SDM_ACL Category=1
access-list 104 remark Port 2000 UDP
access-list 104 permit udp any eq 2000 host xx.xx.xx.40 eq 2000
access-list 104 permit tcp any host xx.xx.xx.40 eq www
access-list 104 permit tcp any eq 2000 host xx.xx.xx.40 eq 2000
access-list 104 permit udp host 212.23.3.100 eq domain host xx.xx.xx.40
access-list 104 permit udp host 212.23.6.100 eq domain host xx.xx.xx.40
access-list 104 deny   ip 192.168.100.0 0.0.0.255 any
access-list 104 permit icmp any host xx.xx.xx.40 echo-reply
access-list 104 permit icmp any host xx.xx.xx.40 time-exceeded
access-list 104 permit icmp any host xx.xx.xx.40 unreachable
access-list 104 permit tcp any host xx.xx.xx.40 eq 443
access-list 104 permit tcp any host xx.xx.xx.40 eq 22
access-list 104 permit tcp any host xx.xx.xx.40 eq cmd
access-list 104 deny   ip 10.0.0.0 0.255.255.255 any
access-list 104 deny   ip 172.16.0.0 0.15.255.255 any
access-list 104 deny   ip 192.168.0.0 0.0.255.255 any
access-list 104 deny   ip 127.0.0.0 0.255.255.255 any
access-list 104 deny   ip host 255.255.255.255 any
access-list 104 deny   ip host 0.0.0.0 any
access-list 104 deny   ip any any log
access-list 105 remark auto generated by SDM firewall configuration
access-list 105 remark SDM_ACL Category=1
access-list 105 deny   ip xx.xx.xx.0 0.0.0.255 any
access-list 105 deny   ip host 255.255.255.255 any
access-list 105 deny   ip 127.0.0.0 0.255.255.255 any
access-list 105 permit ip any any
access-list 106 remark auto generated by SDM firewall configuration
access-list 106 remark SDM_ACL Category=1
access-list 106 permit tcp any eq 2000 host xx.xx.xx.40 eq 2000
access-list 106 permit udp host 212.23.3.100 eq domain host xx.xx.xx.40
access-list 106 permit udp host 212.23.6.100 eq domain host xx.xx.xx.40
access-list 106 deny   ip 192.168.100.0 0.0.0.255 any
access-list 106 permit icmp any host xx.xx.xx.40 echo-reply
access-list 106 permit icmp any host xx.xx.xx.40 time-exceeded
access-list 106 permit icmp any host xx.xx.xx.40 unreachable
access-list 106 permit tcp any host xx.xx.xx.40 eq 443
access-list 106 permit tcp any host xx.xx.xx.40 eq 22
access-list 106 permit tcp any host xx.xx.xx.40 eq cmd
access-list 106 deny   ip 10.0.0.0 0.255.255.255 any
access-list 106 deny   ip 172.16.0.0 0.15.255.255 any
access-list 106 deny   ip 192.168.0.0 0.0.255.255 any
access-list 106 deny   ip 127.0.0.0 0.255.255.255 any
access-list 106 deny   ip host 255.255.255.255 any
access-list 106 deny   ip host 0.0.0.0 any
access-list 106 deny   ip any any log
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.

Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use.

For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
 login local
 no modem enable
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end





 
Related Solutions
Keywords: cant get get Port forwarding to work o…
Title
1 delete file service in /etc
 
Loading Advertisement...
 
[+][-]10/22/09 07:58 AM, ID: 25634996Accepted Solution

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

About this solution

Zones: Network Routers, Network Operations, Network Design & Methodology
Tags: Cisco, port forwarding, cisco router, router, cisco 800 series, ADSL
Sign Up Now!
Solution Provided By: jodylemoine
Participating Experts: 2
Solution Grade: A
 
[+][-]10/22/09 06:54 AM, ID: 25634182Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/22/09 07:06 AM, ID: 25634332Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/22/09 07:10 AM, ID: 25634387Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]10/22/09 07:15 AM, ID: 25634444Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/22/09 07:18 AM, ID: 25634481Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]10/22/09 07:34 AM, ID: 25634687Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]10/22/09 07:44 AM, ID: 25634815Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]10/22/09 07:56 AM, ID: 25634970Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091111-EE-VQP-92 - Hierarchy / EE_QW_3_20080625