Solved

I need to open up port 80 for web access on Cisco 2600 Router, from the Internet into the company.

Posted on 2003-10-30
4
1,012 Views
Last Modified: 2010-04-17
I have limited experience with Cisco routers. I have to enable port 80 to come into the router from the outside. Please provide a script that will allow this.
They want both inbound and outbound. They don't care about the ip address.
Thus would this be the situation to use "any any" or 0.0.0.0 or can you use either one and it does not matter.

Thank you,

Richard
0
Comment
Question by:rchang1967
  • 2
4 Comments
 
LVL 7

Accepted Solution

by:
NicBrey earned 50 total points
ID: 9655899
You need to configure NAT on the router to forward all trafffic that hits your outside interface (with public IP address) to your internal web server with private address

On the outside interface (S0/0)
router(config-if)#ip nat outside

On the inside interface (fastethernet0/0)
router(config-if)#ip nat inside

In global config mode
router(config)# ip nat inside sourse static tcp <ip of web server>  80  interface serial 0/0  80        

if you want SSL as well, add the line:
router(config)# ip nat inside sourse static tcp <ip of web server>  443  interface serial 0/0  443

That should do it...
0
 
LVL 3

Expert Comment

by:sheahmed
ID: 9663638
Richard, i dont think you need natting at present, your management is asking to permit port 80 only? what about the ip scheme of your LAN? is it on real ip? i mean all of your LAN PC's own real ip's? or they are behind a proxy? i still dont think you need natting ...

ask your management, which other ports you want to permit? or should necessarily remain opened ...

prepare an access list for the traffic you want to permit and implement this access list both ways ...

access list may look like ...

router(conf)#access-list 101 permit tcp any any 80
router(conf)#access-list 101 permit tcp any 80 any
!
router(conf-if)#ip access-group 101 in
router(conf-if)#ip access-group 101 out

target port is 80, if you are trying to access a webpage, so first line is enough ... add more protocols, ports in the list which you like to pass through ...

hope this will work ...

Thanks,
Sheeraz Ahmed
0
 

Author Comment

by:rchang1967
ID: 9664358
Sheeraz,

Actually I did the work on Friday afternoon at a client site in Agawam, Mass.
it worked out fine. But I did not have to do any of this stuff that you wrote.

I appreciate your time and effort, as well as your speedy reply.
And I actually do understand the code.
I earned my CCNP cert this past August.

All I wrote was :

Access-list 101 permit tcp any host 66.152.X.X eq 80

and it seemed to work fine. We did test it out.

I also did the rdp proctol for the same router a week ago and that worked fine also.

It is good to know that people actually like to help out other people over the Internet.
This is an EXCELLENT website resource and I will be using it frequently in the future.
I am just a newbie when it comes to the Cisco IOS lingo, but not new to the Technology field.

Also, I appreciate NicBrey responding to my posting. Thank you Nick !

Richard

0
 
LVL 3

Expert Comment

by:sheahmed
ID: 9665745
you are most welcome richard ...
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now