Solved

Help with ACL list

Posted on 2003-12-09
3
448 Views
Last Modified: 2010-04-17
I need to make a config change on a CISCO 1721 router.  I really am stumbling around trying to get this done.  I need to open up port 8080 for one ip address to see my computer.  I am trying to do streaming media.  Listed below is the config

NLCCC_DEMARC_ROUTER>en

Password:

NLCCC_DEMARC_ROUTER#show run

Building configuration...

 

Current configuration:

!

version 11.2

service password-encryption

no service udp-small-servers

no service tcp-small-servers

!

hostname NLCCC_DEMARC_ROUTER

!

enable password 7 14031B1F0401

!

ip subnet-zero

ip nat translation max-entries 483647

ip nat pool newlightpool 206.222.186.3 206.222.186.129 netmask 255.255.255.0

ip nat inside source list 24 pool newlightpool overload

ip domain-name nlccc

ip name-server 206.222.186.1

ip dhcp-server 206.222.186.1

ip dhcp-server 192.168.0.0

!

interface Ethernet0/0

 ip address 206.222.186.129 255.255.255.224 secondary

 ip address 192.168.1.1 255.255.255.0 secondary

 ip address 206.222.186.3 255.255.255.128

 ip helper-address 206.222.186.161

 ip helper-address 206.222.186.193

 ip helper-address 206.222.186.209

 ip nat inside

 logging event subif-link-status

!

interface Serial0/0

 description <<Link to Telco Circuit ID 28HCGK001074>>

 no ip address

 encapsulation frame-relay

 logging event subif-link-status

 logging event dlci-status-change

 frame-relay lmi-type ansi

!

interface Serial0/0.1 point-to-point

 description <<Link to 14415 Fondren Rd. Remote circuit 28HXGK001076>>

 ip address 206.222.186.225 255.255.255.252

 frame-relay interface-dlci 18

!

interface Serial0/0.2 point-to-point

 description <<< Link to Life Change >>>

 ip address 206.222.186.229 255.255.255.252

 frame-relay interface-dlci 19

!

interface Serial0/0.3 point-to-point

 description <<MINISTER RETREAT CTR>>

 ip address 206.222.186.233 255.255.255.252

 frame-relay interface-dlci 20

!

interface Serial0/1

 description <<< Link to INSYNC >>>

 ip address 206.222.186.238 255.255.255.252

 ip access-group gatekeeper in

 ip nat outside

 logging event subif-link-status

!

router eigrp 1

 redistribute static

 network 192.168.0.0

 network 206.222.186.0

 no auto-summary

!

ip local pool setup_pool 206.222.186.1 206.222.186.254

ip local pool local 192.168.0.0

ip classless

ip route 0.0.0.0 0.0.0.0 206.222.186.237

ip route 206.222.186.160 255.255.255.224 206.222.186.226

ip route 206.222.186.192 255.255.255.240 206.222.186.230

ip route 206.222.186.208 255.255.255.240 206.222.186.234

!

ip access-list extended gatekeeper

 permit tcp any any established

 permit udp any eq domain any

 permit icmp any any echo-reply

 permit icmp any any packet-too-big

 permit tcp any host 206.222.186.97 eq smtp

 permit tcp any host 206.222.186.34 eq smtp

 permit tcp any host 206.222.186.97 eq pop3

 permit tcp any host 206.222.186.34 eq pop3

no logging buffered

access-list 24 permit 192.168.0.0 0.0.255.255

access-list 24 permit 192.168.0.0 0.0.255.25
!

line con 0

line aux 0

 password 7 071B2858460C

 login

 modem InOut

 flowcontrol hardware

line vty 0 4

 password 7 071B2858460C

 login

!

end


Can someone help me with the commands to do this?  Thanks


Thanks !!
0
Comment
Question by:desmur
  • 2
3 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 200 total points
ID: 9906197
ip access-list extended gatekeeper
permit tcp host x.x.x.x host y.y.y.y eq 8080

x.x.x.x = source IP address (the one computer that is allowed access)

y.y.y.y = destination IP address (your computer)
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 9906242
Also I would recommend using an enable secret password as opposed to just the enable password or at a minimum change your enable password, AUX password and VTY password as decryption tools can be used to decrypt your posted level 7 passwords.  Be sure to erase your passwords from your post next time you post a config.
0
 
LVL 12

Assisted Solution

by:Scotty_cisco
Scotty_cisco earned 50 total points
ID: 9906362
It actually looks more like a combonation of problems what is the inside IP address of your workstation?  I don't see a static nat translation .... are you doing streaming outbound from your local PC or inbound? Or does your PC have a public IP address?

If it has a public ip address you can go into your access list and do

permit tcp any host x.x.x.x eq 8080

if not you need to do a nat translation like this

Ip nat inside source static tcp x.x.x.x 8080 y.y.y.y 8080

Then add the access list again.

where x.x.x.x is the inside address or address of your local pc and y.y.y.y is the public IP address you want to associate your PC with.

Thanks
Scott
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now