Solved

I need to open up port 80 for web access on Cisco 2600 Router, from the Internet into the company.

Posted on 2003-10-30
4
1,046 Views
Last Modified: 2010-04-17
I have limited experience with Cisco routers. I have to enable port 80 to come into the router from the outside. Please provide a script that will allow this.
They want both inbound and outbound. They don't care about the ip address.
Thus would this be the situation to use "any any" or 0.0.0.0 or can you use either one and it does not matter.

Thank you,

Richard
0
Comment
Question by:rchang1967
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 7

Accepted Solution

by:
NicBrey earned 50 total points
ID: 9655899
You need to configure NAT on the router to forward all trafffic that hits your outside interface (with public IP address) to your internal web server with private address

On the outside interface (S0/0)
router(config-if)#ip nat outside

On the inside interface (fastethernet0/0)
router(config-if)#ip nat inside

In global config mode
router(config)# ip nat inside sourse static tcp <ip of web server>  80  interface serial 0/0  80        

if you want SSL as well, add the line:
router(config)# ip nat inside sourse static tcp <ip of web server>  443  interface serial 0/0  443

That should do it...
0
 
LVL 3

Expert Comment

by:sheahmed
ID: 9663638
Richard, i dont think you need natting at present, your management is asking to permit port 80 only? what about the ip scheme of your LAN? is it on real ip? i mean all of your LAN PC's own real ip's? or they are behind a proxy? i still dont think you need natting ...

ask your management, which other ports you want to permit? or should necessarily remain opened ...

prepare an access list for the traffic you want to permit and implement this access list both ways ...

access list may look like ...

router(conf)#access-list 101 permit tcp any any 80
router(conf)#access-list 101 permit tcp any 80 any
!
router(conf-if)#ip access-group 101 in
router(conf-if)#ip access-group 101 out

target port is 80, if you are trying to access a webpage, so first line is enough ... add more protocols, ports in the list which you like to pass through ...

hope this will work ...

Thanks,
Sheeraz Ahmed
0
 

Author Comment

by:rchang1967
ID: 9664358
Sheeraz,

Actually I did the work on Friday afternoon at a client site in Agawam, Mass.
it worked out fine. But I did not have to do any of this stuff that you wrote.

I appreciate your time and effort, as well as your speedy reply.
And I actually do understand the code.
I earned my CCNP cert this past August.

All I wrote was :

Access-list 101 permit tcp any host 66.152.X.X eq 80

and it seemed to work fine. We did test it out.

I also did the rdp proctol for the same router a week ago and that worked fine also.

It is good to know that people actually like to help out other people over the Internet.
This is an EXCELLENT website resource and I will be using it frequently in the future.
I am just a newbie when it comes to the Cisco IOS lingo, but not new to the Technology field.

Also, I appreciate NicBrey responding to my posting. Thank you Nick !

Richard

0
 
LVL 3

Expert Comment

by:sheahmed
ID: 9665745
you are most welcome richard ...
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question