Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

I need to open up port 80 for web access on Cisco 2600 Router, from the Internet into the company.

Posted on 2003-10-30
Last Modified: 2010-04-17
I have limited experience with Cisco routers. I have to enable port 80 to come into the router from the outside. Please provide a script that will allow this.
They want both inbound and outbound. They don't care about the ip address.
Thus would this be the situation to use "any any" or or can you use either one and it does not matter.

Thank you,

Question by:rchang1967
  • 2

Accepted Solution

NicBrey earned 50 total points
ID: 9655899
You need to configure NAT on the router to forward all trafffic that hits your outside interface (with public IP address) to your internal web server with private address

On the outside interface (S0/0)
router(config-if)#ip nat outside

On the inside interface (fastethernet0/0)
router(config-if)#ip nat inside

In global config mode
router(config)# ip nat inside sourse static tcp <ip of web server>  80  interface serial 0/0  80        

if you want SSL as well, add the line:
router(config)# ip nat inside sourse static tcp <ip of web server>  443  interface serial 0/0  443

That should do it...

Expert Comment

ID: 9663638
Richard, i dont think you need natting at present, your management is asking to permit port 80 only? what about the ip scheme of your LAN? is it on real ip? i mean all of your LAN PC's own real ip's? or they are behind a proxy? i still dont think you need natting ...

ask your management, which other ports you want to permit? or should necessarily remain opened ...

prepare an access list for the traffic you want to permit and implement this access list both ways ...

access list may look like ...

router(conf)#access-list 101 permit tcp any any 80
router(conf)#access-list 101 permit tcp any 80 any
router(conf-if)#ip access-group 101 in
router(conf-if)#ip access-group 101 out

target port is 80, if you are trying to access a webpage, so first line is enough ... add more protocols, ports in the list which you like to pass through ...

hope this will work ...

Sheeraz Ahmed

Author Comment

ID: 9664358

Actually I did the work on Friday afternoon at a client site in Agawam, Mass.
it worked out fine. But I did not have to do any of this stuff that you wrote.

I appreciate your time and effort, as well as your speedy reply.
And I actually do understand the code.
I earned my CCNP cert this past August.

All I wrote was :

Access-list 101 permit tcp any host 66.152.X.X eq 80

and it seemed to work fine. We did test it out.

I also did the rdp proctol for the same router a week ago and that worked fine also.

It is good to know that people actually like to help out other people over the Internet.
This is an EXCELLENT website resource and I will be using it frequently in the future.
I am just a newbie when it comes to the Cisco IOS lingo, but not new to the Technology field.

Also, I appreciate NicBrey responding to my posting. Thank you Nick !



Expert Comment

ID: 9665745
you are most welcome richard ...

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Stack Switches in IOU  web V22 6 116
ESXI home lab network setup (KISS) 12 181
Problem to router 7 71
Hit router interface limit 7 38
New Server  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question