I need to open up port 80 for web access on Cisco 2600 Router, from the Internet into the company.

I have limited experience with Cisco routers. I have to enable port 80 to come into the router from the outside. Please provide a script that will allow this.
They want both inbound and outbound. They don't care about the ip address.
Thus would this be the situation to use "any any" or or can you use either one and it does not matter.

Thank you,

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You need to configure NAT on the router to forward all trafffic that hits your outside interface (with public IP address) to your internal web server with private address

On the outside interface (S0/0)
router(config-if)#ip nat outside

On the inside interface (fastethernet0/0)
router(config-if)#ip nat inside

In global config mode
router(config)# ip nat inside sourse static tcp <ip of web server>  80  interface serial 0/0  80        

if you want SSL as well, add the line:
router(config)# ip nat inside sourse static tcp <ip of web server>  443  interface serial 0/0  443

That should do it...

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Richard, i dont think you need natting at present, your management is asking to permit port 80 only? what about the ip scheme of your LAN? is it on real ip? i mean all of your LAN PC's own real ip's? or they are behind a proxy? i still dont think you need natting ...

ask your management, which other ports you want to permit? or should necessarily remain opened ...

prepare an access list for the traffic you want to permit and implement this access list both ways ...

access list may look like ...

router(conf)#access-list 101 permit tcp any any 80
router(conf)#access-list 101 permit tcp any 80 any
router(conf-if)#ip access-group 101 in
router(conf-if)#ip access-group 101 out

target port is 80, if you are trying to access a webpage, so first line is enough ... add more protocols, ports in the list which you like to pass through ...

hope this will work ...

Sheeraz Ahmed
rchang1967Author Commented:

Actually I did the work on Friday afternoon at a client site in Agawam, Mass.
it worked out fine. But I did not have to do any of this stuff that you wrote.

I appreciate your time and effort, as well as your speedy reply.
And I actually do understand the code.
I earned my CCNP cert this past August.

All I wrote was :

Access-list 101 permit tcp any host 66.152.X.X eq 80

and it seemed to work fine. We did test it out.

I also did the rdp proctol for the same router a week ago and that worked fine also.

It is good to know that people actually like to help out other people over the Internet.
This is an EXCELLENT website resource and I will be using it frequently in the future.
I am just a newbie when it comes to the Cisco IOS lingo, but not new to the Technology field.

Also, I appreciate NicBrey responding to my posting. Thank you Nick !


you are most welcome richard ...
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.