?
Solved

Allowing Port 95 on a Cisco 1600

Posted on 2002-05-29
8
Medium Priority
?
248 Views
Last Modified: 2010-04-17
I would like to know which commands I have to use to allow communication on the TCPIP port 95 in the Cisco 1600.

The commands I have been using are:

* enable
* config t
* access-list 100 permit tcp any host 21.13.84.5 eq 95
* exit
* disable
* wr mem

The modification then shows on the Configuration Table, but I am still not able to access IP Address 21.13.84.5 from Port 95 out of my LAN.

What more do I need to do. Also Ports 25 and 110 are already accessed through this IP Address (21.13.84.5) as such the IP is visible from out side the LAN.

Please Help...
0
Comment
Question by:billyh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 7041559
Can you post your complete config?

Is this access-list applied inbound or outbound, and on what interface? Is this host external to you, or internal? Is port 95 the source port or destination port?
0
 
LVL 8

Expert Comment

by:scraig84
ID: 7041665
Also to add to lrmoore's suggestions, what exactly are you trying to do with port 95?  How are you testing if it works?  Also, maybe I am being picky about wording but you said "I am still not able to access IP Address 21.13.84.5 from Port 95 out of my LAN" - is port 95 the source port from your LAN or the destination out of your LAN?  Just want to clarify your intent.
0
 
LVL 1

Author Comment

by:billyh
ID: 7041748
What I want to do is to use an extension of MDaemon called World Client to be accessed from any web browser by the use of port 95.

21.13.84.5 is the static IP address given to me by our ISP. In the LAN I access World Client by using the url:

http://100.0.0.67:95

Ideally from outside the LAN, to access World client using the Static IP Address I would use the url:

http://21.13.84.5:95

Because the router only allows access on ports 25, and port 110 to IP 21.13.84.5, I cannot get World Client,

The config file is as follows:

interface Ethernet0
 description Local Network
 ip address 10.0.0.254 255.255.255.0 secondary
 ip address 21.13.84.150 255.255.255.248
 ip nat inside
 no cdp enable
!
interface Ethernet1
 ip address 21.13.80.81 255.255.255.0
 ip access-group 100 out
 shutdown
!
interface Serial0
 ip address 21.13.81.130 255.255.255.252
 ip access-group 100 in
 ip nat outside
 no fair-queue
!
ip nat pool NATPool 21.13.84.148 21.13.84.149 netmask 255.255.255.248
ip nat inside source list 1 pool NATPool overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0
no ip http server
ip pim bidir-enable
!
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 2 permit 10.0.0.2
access-list 2 permit 217.151.169.73
access-list 100 permit udp any eq domain any
access-list 100 permit tcp any eq domain any
access-list 100 permit tcp any host 21.13.84.145 eq smtp
access-list 100 permit tcp any host 21.13.84.145 eq pop3
access-list 100 permit tcp host 196.30.131.82 host 21.13.84.146 eq 5631
access-list 100 permit udp host 196.30.131.82 host 21.13.84.146 eq 5632
access-list 100 permit tcp host 217.151.169.73 host 21.13.84.150 eq telnet
access-list 100 permit tcp any any established
access-list 100 permit icmp any any
access-list 100 deny   ip any any log
access-list 100 permit tcp any host 21.13.84.145 eq 95
access-list 100 permit tcp any host 21.13.84.145 eq www
!
line con 0
line vty 0 4
 access-class 2 in
!
end


0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 8

Expert Comment

by:scraig84
ID: 7041851
You've got a multitude of issues going on here.  You have an access list that is applied in both directions, it is poorly configured in general (no offense to the creator), the lines you added were after a "deny all" statement, and you need to set up static NAT.

One of us can certainly help you, but I have two questions:

How comfortable are you with the IOS and configuring the router?

Do you know exactly what you need to allow and not allow for access?

I would recommend fully rewriting the access list and scrap the current one, which is what prompts the second question.  The first question is due to the fact that there is a decent amount of work here, so I am ensuring you have a comfort level to complete the task.
0
 
LVL 1

Author Comment

by:billyh
ID: 7041880
No offense taken, atleast you will help.

I now that the IP Addresses do not make sense. I did it intensionally not to give away my IP Addresses, the general idea is to allow incoming communications for address 21.13.84.5 on port 95.

I am comfortable with configuring the router, so please give me the steps for rewriting the access list.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 400 total points
ID: 7042031
I agree with scraig84.
The fact that you have the same access-list applied out the Ethernet interface is irrelevant because that interface is shutdown anyway.
You must assign static NAT mapping for this to work.
 use a script like this to cut/paste to change your access lists:

! remove the access-group from the interfaces
!
interface Serial0
 no ip access-group 100 in
!
interface Ethernet1
 no ip access-group 100 in
!
! delete the access-list
!
no access-list 100
!
! now re-build the access-list entirely
!
access-list 100 permit icmp any any echo-reply
access-list 100 permit icmp any any ttl-exceeded
access-list 100 permit icmp any any packet-too-big
access-list 100 permit tcp any host 21.13.84.145 eq 95
access-list 100 permit tcp any host 21.13.84.145 eq www
access-list 100 permit tcp any host 21.13.84.145 eq smtp
access-list 100 permit tcp any host 21.13.84.145 eq pop3
access-list 100 permit udp any eq domain any
access-list 100 permit tcp host 196.30.131.82 host 21.13.84.146 eq 5631
access-list 100 permit udp host 196.30.131.82 host 21.13.84.146 eq 5632
access-list 100 permit tcp host 217.151.169.73 host 21.13.84.150 eq telnet
access-list 100 permit tcp any any established
access-list 100 deny   ip any any log
!
interface Serial0
 ip access-group 100 in
!

Now you need static NAT mappings for 21.13.84.145, .146, and .150:

!
ip nat inside source static 10.0.0.145 21.13.84.145
ip nat inside source static 10.0.0.146 21.13.84.146
ip nat inside source static 10.0.0.150 21.13.84.150
!

0
 
LVL 27

Expert Comment

by:Asta Cu
ID: 7044978
Hi, your question posted in duplicate, recommend you delete the following one to get your points back.
http://www.experts-exchange.com/routerswitch/Q_20305726.html
":0) Asta
0
 
LVL 1

Author Comment

by:billyh
ID: 7050538
You have been both helpful, you suggestion worked. thanx alot.

Billy
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question